Exporting passwords for WLAN profiles using PowerShell and Netsh

/ Harm Veenstra

Over time, your Windows device has a lot of saved WLAN profiles, and well… Sometimes you don’t know the password you (Or someone else) entered. You use that connection, and then a colleague asks you if you know the password for the customer’s SSID… You can export it from your Windows laptop (Or desktop) using the script in this blogpost 🙂

In every Windows system, there is a netsh.exe utility (Short for Network Shell) that you can use for many things regarding network things on your system. Things like changing interfaces, DNS/DHCP settings, and the Windows Firewall from the command line. You can also use it to show you the clear-text password of your WLAN profile, and I created a script just for that.

This script below runs through all your saved WLAN profiles and exports the SSID, Authentication Type, and Password if it can retrieve it. Note: You don’t have to run it in Administrator mode.

#Set the output location for .csv file
$output = 'd:\temp\ssid_passwords.csv'
 
#Retrieve all WLAN profiles, loop through them and try to get the passsword
$wlanprofiles = (netsh wlan show profiles) | select-string ': '
if ($null -ne $wlanprofiles) {
    $passwords = foreach ($wlanprofile in $wlanprofiles | Sort-Object) {
        try {
            $profile_information = netsh wlan show profile name="$($wlanprofile.ToString().Split(':')[1].SubString(1))" key=clear
            write-host ("Retrieving password for SSID {0}" -f $wlanprofile.ToString().Split(':')[1].SubString(1)) -ForegroundColor Green
            [PSCustomObject]@{
                'SSID'                = $wlanprofile.ToString().Split(':')[1].SubString(1)
                'Authentication Type' = ($profile_information | select-string 'Authentication' | Select-Object -First 1).Tostring().Split(':')[1].Substring(1)
                'Password'            = ($profile_information | select-string 'Key Content').Tostring().Split(':')[1].Substring(1)
            }
        }
        catch {
            #If retrieving the password fails, add the reason why to $passwords in the password field
            $authenticationtype = ($profile_information | select-string 'Authentication' | Select-Object -First 1).Tostring().Split(':')[1].Substring(1)
            Write-Warning ("Could not retrieve password for SSID {0}, check {1}" -f $wlanprofile.ToString().Split(':')[1].SubString(1), $output)
            [PSCustomObject]@{
                'SSID'                = $wlanprofile.ToString().Split(':')[1].SubString(1)
                'Authentication Type' = ($profile_information | select-string 'Authentication' | Select-Object -First 1).Tostring().Split(':')[1].Substring(1)
                'Password'            = "Could not retrieve password for the SSID because it's an $($authenticationtype) network"
            }
        }
    }
     
    #Export to $output path and open Excel (Or prompt to associate the .csv file, choose Notepad/Wordpad etc. to view the contents)
    $passwords | export-csv -NoTypeInformation -Encoding UTF8 -Delimiter ';' -Path $output
    Invoke-Item $output
}
else {
    Write-Warning ("No WLAN profiles found, please check if {0} has a Wi-Fi adapter or any saved networks" -f $env:COMPUTERNAME)
}

After running the script, it will automatically open the .csv you specified in the $output variable (If the script found one or more WLAN profiles) and show you something like this (I changed the networks and passwords, of course 😉 )

The Password column contains the password if the script can retrieve it. If not, it will show you the reason for it. (You can’t retrieve passwords from an Open SSID or WPAx-Enterprise Networks)

Use this script to retrieve the passwords and save them in your password manager, don’t leave the file somewhere in a shared/non-secured folder 😀

Download the script(s) from GitHub here

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.