Domain Password Audit Tool

A tool to generate password usage statics in a Windows domain based on hashes dumped from a domain controller. The Domain Password Audit Tool (DPAT) is a python script that analyzes the hash information in combination with a list of cracked passwords output from a tool such as oclHashcat. The script generates an interactive HTML report containing complete details to help you understand password use in an environment and identify issues. An option to generate a sanitized version of the report is also included.

Example Summary Page of DPAT Report

Complete usage instructions and code are available on GitHub here:


Want to see a demo of this in action? Check out Carrie’s webcast demo here.

You can learn more from Carrie in her classes!

Check them out here:

Attack Emulation Tools: Atomic Red Team, CALDERA and More 

PowerShell for InfoSec

Available live/virtual and on-demand!