revealhashed is a streamlined utility to correlate ntds usernames, nt hashes, and cracked passwords in one view while cutting out time-consuming manual tasks.
from pypi:
pipx install revealhashed
from github:
pipx install git+https://github.com/crosscutsaw/revealhashed-python
revealhashed v0.1
usage: revealhashed [-h] [-r] {dump,reveal} ...
positional arguments:
{dump,reveal}
dump Dump NTDS using ntdsutil then reveal credentials with it
reveal Use your own NTDS dump then reveal credentials with it
options:
-h, --help show this help message and exit
-r, --reset Delete old files in ~/.revealhashed
just execute revealhashed -r to remove contents of ~/.revealhashed
this command executes zblurx's ntdsutil.py then does classic revealhashed operations.
-w (wordlist) switch is needed. one or more wordlists can be supplied.
-e (enabled-only) switch is not needed but suggested. it's self explanatory; only shows enabled users.
for example: revealhashed dump 'troupe.local/emreda:Aa123456'@192.168.2.11 -w wordlist1.txt wordlist2.txt -e
this command wants to get supplied with ntds file by user then does classic revealhashed operations.
-ntds switch is needed.
-w (wordlist) switch is needed. one or more wordlists can be supplied.
-e (enabled-only) switch is not needed but suggested. it's self explanatory; only shows enabled users.
for example: revealhashed reveal -ntds TROUPEDC_192.168.2.11_2025-05-12_123035.ntds -w wordlist1.txt -e
