Mythic Documentation
Version 3.0


Agents can report back credentials they discover

Example (agent response):

"task_id": "task uuid here",
"user_output": "some user output here",
"credentials": [
"credential_type": "plaintext",
"realm": "spooky.local",
"credential": "SuperS3Cr37",
"account": "itsafeature"


The agent can report back multiple credentials in a single response. The credential_type field represents the kind of credential and must be one of the following:
  • plaintext
  • certificate
  • hash
  • key
  • ticket
  • cookie
The other fields are pretty straightforward, but they must all be provided for each credential. There is one optional field that can be specified here: comment. You can do this manually on the credentials page, but you can also add comments to every credential to provide a bit more context about it.