30 open-source projects similar to ghostpack/sharpdpapi, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best SharpDPAPI alternative.
credential dump using forshaw technique using SeTrustedCredmanAccessPrivilege
LaZagne is a cross-platform credential recovery tool designed to extract passwords and secrets from operating systems, browsers, and applications. It functions as a security utility for retrieving stored credentials from compromised systems during penetration testing. The tool provides capabilities for decrypting domain credentials and extracting sensitive data from system storage, including memory dumps, credential managers, keychains, and password hashes. It recovers stored passwords from common software by accessing plaintext files, APIs, and local databases. The project supports digital
If you like this project, consider purchasing licenses of OctoPwn, our full pentesting suite that runs in your browser! For notifications on new builds/releases and other info, hop on to our Discord
Extracting Clear Text Passwords from mstsc.exe using API Hooking.
SafetyKatz is a combination of slightly modified version of @gentilkiwi's Mimikatz project and @subtee's .NET PE Loader.
Dumping DPAPI credz remotely
Internal Monologue Attack: Retrieving NTLM Hashes without Touching LSASS
Rubeus is a comprehensive Kerberos attack toolkit for Active Directory environments, written in C#. It provides a full suite of operations for manipulating Kerberos tickets, exploiting delegation configurations, and performing credential attacks against Windows domains. The toolkit enables ticket extraction from logon sessions and memory, with real-time monitoring via Event Tracing for Windows. It supports forging golden and silver tickets with arbitrary privileges, as well as the creation of forged delegation contexts. Delegation attacks include abuse of constrained and unconstrained delegat
Tool to bypass LSA Protection (aka Protected Process Light)
Mimikatz is a security research suite designed for auditing Windows authentication and managing system security configurations. It provides a comprehensive framework for extracting sensitive credentials, manipulating process privileges, and managing digital identity assets directly from system memory or offline memory dumps. The project distinguishes itself through advanced system-level exploitation techniques, including runtime process injection, API hooking, and the ability to bypass cryptographic export restrictions. It features a specialized toolkit for Kerberos protocol operations, allow
Gitleaks is a static analysis security tool and secret detection engine designed to find hardcoded passwords, API keys, and authentication tokens. It functions as a Git secret scanner that analyzes both local file systems and Git commit history to prevent credential leaks. The tool distinguishes itself through a decoding pipeline that transforms base64 and hex strings into plaintext to find obfuscated secrets. It further reduces false positives using proximity-based validation and fingerprint-based suppression to filter out known or baseline findings. The system covers a broad range of detec
Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can…
SharpCloud is a simple C# utility for checking for the existence of credential files related to Amazon Web Services, Microsoft Azure, and Google Compute.
SharpChromium is a .NET 4.0+ CLR project to retrieve data from Google Chrome, Microsoft Edge, and Microsoft Edge Beta. Currently, it can extract:
TruffleHog is a secret scanning tool designed to identify leaked credentials and API keys across version control systems, cloud storage, and filesystems. It functions as a git secret detector that enumerates hidden commits and a cloud storage security auditor for inspecting container images and storage buckets. The project is distinguished by a credential verification engine that tests discovered secrets against service APIs to confirm they are active, which eliminates false positive alerts. It further analyzes these verified credentials to determine the specific access levels and resources t
This project is a curated collection of frameworks, libraries, and toolsets designed for social engineering and public data gathering. It aggregates specialized software and educational materials used to perform human-centric attacks during professional security engagements. The directory provides resources for gathering and visualizing open source intelligence to identify sensitive information leaks. It also includes a collection of methods and software for executing phishing campaigns to harvest credentials and session cookies. The repository further covers educational materials focused on
This project is an offensive security toolkit and development framework for creating memory-safe malware, network scanners, and payload generators. It provides a structured approach to developing exploits, shellcode, and remote access tools. The framework distinguishes itself through the use of no-standard-library environments to generate minimal standalone machine code and shellcode. It also supports the compilation of high-performance logic into WebAssembly for the creation of deceptive web interfaces used in social engineering. Capability areas cover automated vulnerability discovery via
Mimikatz is a Windows post-exploitation framework designed for extracting plaintext passwords, hashes, PIN codes, and security tokens from system memory and the registry. It functions as a credential extraction tool that targets the Local Security Authority Subsystem Service to retrieve cached credentials and sensitive account data. The project provides specialized capabilities for Active Directory penetration testing, including the simulation of domain controllers to replicate directory secrets. It features a Kerberos ticket manipulator capable of exporting, injecting, and forging authentica
Commando VM is a Windows-based penetration testing distribution and offensive security virtual machine. It serves as a toolset manager for deploying and maintaining a curated collection of security tools, scripts, and configurations designed for security auditing, red teaming, and adversary simulation. The project automates the provisioning of a specialized workstation by using PowerShell scripts and a modular repository to orchestrate the installation of offensive security software. It utilizes a community-driven package manager to handle dependency resolution and binary installations, ensur
LOLBAS is a curated database and knowledge base of signed Windows binaries that can be misused to bypass security restrictions and execute unauthorized code. It serves as a technical registry that maps trusted system files to their functional capabilities and the offensive tactics they enable. The project distinguishes itself by providing a capability-driven indexing system and a tactics registry that relates legitimate binary functionality to known security evasion techniques. It includes an association layer that links specific system binaries to attack patterns and tactical objectives, pro
GHunt is a Google account investigator and open-source intelligence framework designed to retrieve publicly available information and metadata associated with Google accounts. It functions as an OSINT data extractor and offensive security framework used to identify user identities and uncover hidden metadata. The tool extracts public profile data from various Google services and exports the findings into structured JSON formats. This allows for the collection and analysis of digital footprints to support security research and reconnaissance.
Nishang is a PowerShell-based offensive security framework designed for red teaming and penetration testing on Windows targets. It functions as a post-exploitation toolkit and payload generator to automate attacks and manage remote targets. The project provides specialized capabilities for bypassing security controls, such as disabling the Antimalware Scan Interface and employing in-memory execution to avoid disk-based detection. It includes a variety of stealthy command and control mechanisms, utilizing non-standard channels like DNS TXT records, ICMP traffic, and webmail for communication a
1Remote is a portable remote desktop client that manages and launches remote sessions across multiple protocols from a single unified interface. It organizes servers using a flexible tagging system and stores all configuration in structured JSON files for easy backup and transfer between machines. The application supports launching RDP, SSH, VNC, Telnet, and other remote connections, and allows users to replace default protocol handlers with custom external programs that accept command-line arguments. It includes a bulk server editor for applying uniform changes to addresses, credentials, or