A tool to generate password usage statics in a Windows domain based on hashes dumped from a domain controller. The Domain Password Audit Tool (DPAT) is a python script that analyzes the hash information in combination with a list of cracked passwords output from a tool such as oclHashcat. The script generates an interactive HTML report containing complete details to help you understand password use in an environment and identify issues. An option to generate a sanitized version of the report is also included.
Example Summary Page of DPAT Report
Complete usage instructions and code are available on GitHub here: https://github.com/clr2of8/DPAT
Want to see a demo of this in action? Check out Carrie’s webcast demo here.