Skip to main contentSummary
Query Nemesis for credential and authentication data that has been extracted from uploaded files during processing.
- Needs Admin: False
- Version: 2
- Author: @its_a_feature_
Arguments
No arguments required. Data is automatically filtered by the current operation/project.
Usage
MITRE ATT&CK Mapping
Detailed Summary
This command retrieves authentication data from Nemesis including:
- Username
- Authentication data (passwords, tokens, keys)
- URI/location where credentials apply
- Credential type
- Notes about the credential
- Agent ID that uploaded the source
- Source file/location
- Originating object ID
- Whether the data is stored as a file
- Timestamp and expiration
- Project ID
- Unique database ID
- Processing timestamps
Nemesis automatically extracts credentials from various sources:
- Browser password databases
- Configuration files
- Registry hives
- SSH keys
- Kerberos tickets and keytabs
- Cloud provider configuration files
- Application credential stores
- And other supported formats
All credentials are deduplicated and indexed for easy querying across the operation. 
