There are 7 repositories under credentials-gathering topic.
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
LeakScraper is an efficient set of tools to process and visualize huge text files containing credentials. Theses tools are designed to help penetration testers and redteamers doing OSINT by gathering credentials belonging to their target.
XposedOrNot (XoN) tool is to search an aggregated repository of xposed passwords comprising of ~850 million real time passwords. Usage of such compromised passwords is detrimental to individual account security.
Programmatically extract saved passwords from Chromium based browsers.
sshd-poison is a tool that modifies a sshd binary to capture password-based authentications and allows you to login in some accounts using a magic-pass.
A C# implementation of dumping credentials from Windows Credential Manager
convert secret patterns to gf compatible.
Invoke-KleptoKitty - Deploys Payloads and collects credentials
Captive Portal. A Hotspot or Evil twin which redirects the clients to login page to enter credentials. Simple and easy to use with less bugs.
Leaky simplifies the management and visualization of database leak files containing credentials, enhancing efficiency in data analysis and redteam operations.
Man in the browser attack is all about stealing credentials from sites running in internet-explorer by forcing user to logout and then again logIn.
Hard-to-detect facebook clone webpage that stores victim credentials in either a file or a database
Tool to search secrets in network shares, support SMB FTP or SFTP.
💨 SUPER SONIC WORDPRESS CHECKER
GitHub Secret Hunter - Helps you find credentials and sensitive contents in public GitHub repositories