Pentest Tools

Published on April 18th, 2016 📆 | 7817 Views ⚑


Gladius — From Responder To Credentials
Gladius provides an automated method for cracking credentials from various sources during an engagement. It can currently crack hashes from Responder,, and smart_hashdump. The usefulness of Gladius is that any sort of file driven event can be captured and triggered. By default, it comes prepackaged with three types of events:

  • Watching for files that match *NTLM* from Responder in Responder’s default directory on Kali:/usr/share/responder
  • Watching for files that match *hashdump* from Metasploit’s smart_hashdump module in/root/.msf*/loot
  • Watching for files that match *secretsdump* from CoreSecurity’s also in Responder’s default directory

What this means, is that once it is started, all one has to do is perform a smart_hashdump in metasploit or pipe the output from into /usr/share/responder, and the resulting hashes are automatically passed to hashcat to begin cracking.

One other feature that is useful to clients is the ability to tell them how many credentials were cracked in what span of time. Given a hashdump, this tool will happily displays the following information:

  • Total time it took to crack the given hash
  • How many total hashes have been cracked thus far
  • Total number of hashes to crack
  • Percentage of hashes cracked




How To Install Gladius

pip install watchdog
git clone
cd gladius
git clone
cp Hob0Rules/* .
rm -rf Hob0Rules/




Now start the responder session as normal

cd /usr/share/responder


Working with secretsdump

Send results of secretsdump for parsing and cracking.

for ip in $(cat ips); do DOMAIN/username:password@$ip > /usr/share/responder/secretsdump_$ip; done

[adsense size='1']


$ python -h
usage: [-h] [-v] [--responder-dir RESPONDER_DIR]
                  [--hashcat HASHCAT] [-r RULESET] [-w WORDLIST] [--no-art]

optional arguments:
  -h, --help            show this help message and exit
  -v, --verbose         Increased output verbosity
  --responder-dir RESPONDER_DIR
                        Directory to watch for Responder output
  --hashcat HASHCAT     Path to hashcat binary
  -r RULESET, --ruleset RULESET
                        Ruleset to use with hashcat
  -w WORDLIST, --wordlist WORDLIST
                        Wordlist to use with hashcat
  --no-art              Disable the sword ascii art for displaying credentials
                        and default to only text.



Source && Download

Comments are closed.