One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
-
Updated
Dec 23, 2024 - Python
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers.
RomBuster is a router exploitation tool that allows to disclosure network router admin password.
DPAPI looting remotely and locally in Python
LeakScraper is an efficient set of tools to process and visualize huge text files containing credentials. Theses tools are designed to help penetration testers and redteamers doing OSINT by gathering credentials belonging to their target.
Passwords Recovery Tool
Go library for credentials recovery
XposedOrNot (XoN) tool is to search an aggregated repository of xposed passwords comprising of ~850 million real time passwords. Usage of such compromised passwords is detrimental to individual account security.
Programmatically extract saved passwords from Chromium based browsers.
sshd-poison is a tool that modifies a sshd binary to capture password-based authentications and allows you to login in some accounts using a magic-pass.
Fully automated windows credentials dumper, for SAM (classic passwords) and WINHELLO (pins). Requires to be run from a linux machine with a mounted windows drive.
A C# implementation of dumping credentials from Windows Credential Manager
Jira Secret Hunter - Helps you find credentials and sensitive contents in Jira tickets
convert secret patterns to gf compatible.
Invoke-KleptoKitty - Deploys Payloads and collects credentials
Leaky simplifies the management and visualization of database leak files containing credentials, enhancing efficiency in data analysis and redteam operations.
Captive Portal. A Hotspot or Evil twin which redirects the clients to login page to enter credentials. Simple and easy to use with less bugs.
Man in the browser attack is all about stealing credentials from sites running in internet-explorer by forcing user to logout and then again logIn.
Hard-to-detect facebook clone webpage that stores victim credentials in either a file or a database
Add a description, image, and links to the credentials-gathering topic page so that developers can more easily learn about it.
To associate your repository with the credentials-gathering topic, visit your repo's landing page and select "manage topics."