CredPhish
Password extractor
A PowerShell script designed to collect user passwords and exfiltrate them via DNS
CredPhish is a PowerShell script designed to invoke legitimate credential prompts and exfiltrate passwords over DNS.
285 stars
5 watching
45 forks
Language: PowerShell
last commit: over 3 years ago amsiantivirus-evasionbackdoorbypass-antivirusc2dnsdns-serverexfiltrationinformation-securitykalikali-linuxkali-scriptsoffensive-securitypenetration-testingreverse-shellshellsocial-engineering
Related projects:
| Repository | Description | Stars |
|---|---|---|
 f3eev/sharkexec | A C# toolkit designed to extract credentials and browsing history from Windows systems. | 295 |
 lgandx/pcredz | A tool that extracts various types of credentials and information from network captures or live interfaces. | 2,013 |
| tokyoneon/chimera | PowerShell obfuscation script designed to bypass antivirus detection by modifying the behavior of existing PowerShell scripts | 1,424 |
 ustayready/credsniper | A phishing framework that captures 2FA tokens and provides secure access to credentials | 1,332 |
 uknowsec/sharpdecryptpwd | A tool for extracting passwords from various Windows applications | 1,167 |
 ryhanson/phishery | Phishery is an HTTP server designed to harvest Basic Auth credentials and inject URLs into Word documents. | 977 |
 moyix/creddump | Extracts credentials and secrets from Windows registry hives in a platform-independent way. | 243 |
 djhohnstein/sharpweb | A .NET project that extracts saved browser credentials from Google Chrome, Firefox, and Internet Explorer/Edge. | 510 |
| ustayready/credking | A tool that automates password spraying using AWS Lambda across multiple regions and IP addresses. | 578 |
 b4rtik/sharpkatz | A porting of mimikatz commands for Windows credential extraction and manipulation | 974 |
 optiv/microsoft365_devicephish | A tool designed to demonstrate a vulnerability in Microsoft's OAuth Authorization Flow for phishing attacks | 92 |
 eladshamir/whisker | A tool for manipulating Active Directory user and computer accounts by adding shadow credentials. | 813 |
 lazytitan33/dns-exfilnspector | Automatically decodes DNS Exfiltration queries to convert Blind RCE into proper RCE via Burp Collaborator | 8 |
 1n3/brutex | Automates the process of trying all possible combinations of service credentials on a target system to gain unauthorized access. | 1,972 |
 hayasec/360safebrowsergetpass | Automated tool to extract and decrypt browser passwords from 360 Safe Browser | 609 |