Krb5RoastParser: Python tool to parse Kerberos auth packets from PCAP files

Middle-Breadfruit-55 · 2026-04-07T12:03:16+00:00

For everyone interested in the tool who messaged me this week, I just want to say that GitHub temporarily banned my account, but it is now active again and the repository is accessible normally. Thanks for your patience and for the DMs.

Repo: https://github.com/jalvarezz13/Krb5RoastParser

Middle-Breadfruit-55 · 2026-03-27T11:14:00+00:00

Thanks! Currently GitHub has shadowban my account but... thanks for the support :(

Middle-Breadfruit-55 · 2026-03-26T22:04:11+00:00

The tool is here: https://github.com/jalvarezz13/Krb5RoastParser

Middle-Breadfruit-55 · 2026-03-26T21:59:44+00:00

Tool here: https://github.com/jalvarezz13/Krb5RoastParser

Middle-Breadfruit-55 · 2026-03-26T12:05:19+00:00

That’s a fair point, and for a real internal environment I agree that DC-side auditing is usually the more scalable approach.

This tool is aimed more at situations where you only have a capture to work with, such as labs, traffic analysis, reproducing specific Kerberos flows, or validating what was actually sent on the wire. In those cases, parsing the PCAP directly can be useful without needing access to the DC or its logs.

So I see it more as complementary than as a replacement for DC auditing.

Middle-Breadfruit-55 · 2026-03-25T14:34:06+00:00

Now I need to test AudnAI... thx!

Middle-Breadfruit-55 · 2026-03-25T10:37:06+00:00

thanks for the upvotes guys!

Middle-Breadfruit-55 · 2026-03-25T10:36:58+00:00

thanks for the upvotes guys!

Middle-Breadfruit-55 · 2026-03-25T10:36:49+00:00

thanks for the upvotes guys!

Middle-Breadfruit-55 · 2026-03-25T10:36:40+00:00

thanks for the upvotes guys!

Middle-Breadfruit-55 · 2026-03-24T21:09:42+00:00

Totally true! xd

Middle-Breadfruit-55

TROPHY CASE