CredPhish
Password extractor
A PowerShell script designed to collect user passwords and exfiltrate them via DNS
CredPhish is a PowerShell script designed to invoke legitimate credential prompts and exfiltrate passwords over DNS.
287 stars
5 watching
45 forks
Language: PowerShell
last commit: over 3 years ago amsiantivirus-evasionbackdoorbypass-antivirusc2dnsdns-serverexfiltrationinformation-securitykalikali-linuxkali-scriptsoffensive-securitypenetration-testingreverse-shellshellsocial-engineering
Related projects:
| Repository | Description | Stars |
|---|---|---|
 f3eev/sharkexec | A C# toolkit designed to extract credentials and browsing history from Windows systems. | 295 |
 lgandx/pcredz | A tool that extracts various types of credentials and information from network captures or live interfaces. | 2,033 |
| tokyoneon/chimera | PowerShell obfuscation script designed to bypass antivirus detection by modifying the behavior of existing PowerShell scripts | 1,447 |
 ustayready/credsniper | A phishing framework that captures 2FA tokens and provides secure access to credentials | 1,335 |
 uknowsec/sharpdecryptpwd | A tool for extracting passwords from various Windows applications | 1,181 |
 ryhanson/phishery | Phishery is an HTTP server designed to harvest Basic Auth credentials and inject URLs into Word documents. | 980 |
 moyix/creddump | Extracts various credentials and secrets from Windows registry hives. | 245 |
 djhohnstein/sharpweb | A .NET project that extracts saved browser credentials from Google Chrome, Firefox, and Internet Explorer/Edge. | 514 |
| ustayready/credking | A tool that automates password spraying using AWS Lambda across multiple regions and IP addresses. | 579 |
 b4rtik/sharpkatz | A porting of mimikatz commands for Windows credential extraction and manipulation | 983 |
 optiv/microsoft365_devicephish | A tool designed to demonstrate a vulnerability in Microsoft's OAuth Authorization Flow for phishing attacks | 94 |
 eladshamir/whisker | A tool for manipulating Active Directory user and computer accounts by adding shadow credentials. | 824 |
 lazytitan33/dns-exfilnspector | Automatically decodes DNS Exfiltration queries to convert Blind RCE into proper RCE via Burp Collaborator | 8 |
 1n3/brutex | Automates the process of trying all possible combinations of service credentials on a target system to gain unauthorized access. | 1,990 |
 hayasec/360safebrowsergetpass | Automated tool to extract and decrypt browser passwords from 360 Safe Browser | 611 |