pcap2john: Add SNMPv3 parser

[AlbertVeli]

This adds support for extracting SNMPv3 USM hashes. The parser handles both authentication-only (authNoPriv) and authentication with privacy (authPriv) modes.

Hashes are printed in $SNMPv3$ format, with authProto set to 0 to allow John to try both MD5 and SHA1. If the authProto is known the 0 can be changed to 1 (MD5) or 2 (SHA1). This is not done automatically.

[AlbertVeli]

Since I was assisted by ChatGPT-4o when writing this I asked about licensing and it responded with the following suggestion for licensing information.

This code is my original contribution, written with assistance from
ChatGPT. I am submitting it under the terms of the GPLv2+ license as
required by the John the Ripper project.

It may still need some refactoring. Does it support all formats that snmp_fmt_plug.c supports? Can the SNMP plugin crack the (optional) encryption password too? This only extracts the authentication password hash.

[solardiz]

Thank you for your contribution @AlbertVeli! I intend to take a closer look a bit later.

[solardiz]

@AlbertVeli What input files did you test this with? I notice that comments in snmp_fmt_plug.c have URLs and filenames for pcap files corresponding to the test vectors. I think we should make copies of those files in our https://github.com/openwall/john-samples repo - can you please send us a pull request with that?

@kholia How did you create those test vectors? Is there possibly already an extraction tool that @AlbertVeli has missed?

GPLv2+ license as required by the John the Ripper project.

We actually prefer our cut-down BSD license where possible, please see doc/pcap2john.readme for licenses that apply to this script. I suggest you add a similar copyright statement + license for your contribution. If you add to that documentation file, then you'll also need to revise its initial wording that currently says it's only about "prior copyright headers" (yours wouldn't be "prior", but is a new addition).

Seeing the commit history for pcap2john.py, I think @exploide should also add a copyright statement + license.

Maybe we should collect the copyright statements and list them in the script itself (one line per person) and group them by license (most are our cut-down BSD), but I see one contribution is GPLv3 (unfortunately).

[AlbertVeli]

@AlbertVeli What input files did you test this with? I notice that comments in snmp_fmt_plug.c have URLs and filenames for pcap files corresponding to the test vectors. I think we should make copies of those files in our https://github.com/openwall/john-samples repo - can you please send us a pull request with that?

I created this pull request with the samples: openwall/john-samples#39

[solardiz]

@AlbertVeli Thank you for the samples. Are you OK with us using our cut-down BSD license for your contribution?

[AlbertVeli]

@AlbertVeli Thank you for the samples. Are you OK with us using our cut-down BSD license for your contribution?

Yes, of course. I was just worried about how the ChatGPT contribution would affect the license. But I rewrote most of what it suggested anyway.

[exploide]

Seeing the commit history for pcap2john.py, I think @exploide should also add a copyright statement + license.

I think the content of doc/pcap2john.readme stems from the fact that pcap2john.py was created by merging different prior scripts which unfortunately had different licenses. My contributions have been done after the merge but to different parts of the code (which are possibly under different licenses?).

Personally, I don't care much about under what specific free software license my contribution is. I would prefer any reasonable default, depending on the code I touched. If this project is primarily using BSD, then consider my code also as BSD.
So if adding a copyright statement is required, I'm happy to do so, but I don't know what exactly to add.

[solardiz]

Thank you very much @AlbertVeli and @exploide. I've added the copyright+license statements to the script itself, as follows:

# This software is
#
# Copyright (c) 2013-2018 Dhiru Kholia <dhiru at openwall.com>
# Copyright (c) 2013 Lukas Odzioba <ukasz at openwall dot net>
# Copyright (c) 2014 Alexey Lapitsky <lex at realisticgroup.com>
# Copyright (c) 2014 m3g9tr0n (Spiros Fraganastasis) <spirosfr.1985 at gmail.com>
# Copyright (c) 2021-2024 exploide <me at exploide.net>
# Copyright (c) 2025 Albert Veli <albert.veli at gmail.com>
#
# and it is hereby released to the general public under the following terms:
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted.

# pcap_parser_s7() is under GNU GPL v3 per the below statement:

# s7tojohn.py, parse .pcap files and output JtR compatible hashes.
# Extended by Narendra Kangralkar <narendrakangralkar at gmail.com>
# and Dhiru Kholia <dhiru at openwall.com>
#
# S7 protocol, is used for communication between Engineering Stations,
# SCADA, HMI & PLC and can be protected by password.
#
# Original Authors: Alexander Timorin, Dmitry Sklyarov
#
# http://scadastrangelove.org
#
# __author__      = "Aleksandr Timorin"
# __copyright__   = "Copyright 2013, Positive Technologies"
# __license__     = "GNU GPL v3"
# __version__     = "1.2"
# __maintainer__  = "Aleksandr Timorin"
# __email__       = "[email protected]"
# __status__      = "Development"

There was also one minor commit by @magnumripper 4d4745a for Python 3 compatibility, but I felt it's too minor to necessarily add a copyright statement. Similarly, my addition of the comment above is too minor. Finally, @jfoug's work to combine the scripts into one was perhaps a more significant effort, and could be copyright worthy, but he didn't seem to think so? He also didn't suggest a license.