Directory Services Internals (DSInternals) PowerShell Module and Framework
Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them.
DPAPI looting remotely and locally in Python
A C# tool to output crackable DPAPI hashes from user MasterKeys
Windows DPAPI JNA Wrapper
A DataProtect wrapper that uses DPAPI in Windows and AspNetCore.DataProtection in other platforms.
Python application to scan user's installed browsers for secrets such as stored passwords and cookies.
Base class for saving, encrypting, and loading application settings in a Json file
Console utility to view saved passwords in Chrome and export to .csv file (Windows)
Bruteforce DPAPI encrypted MasterKey File from Windows Credentials Manager
Information stored in applications is decrypted using DPAPI. In this way, attacker passwords may be captured. For use in attack scenarios, two applications written in Python language have been developed that steal the information stored in internet browsers: 1-Browser Stealer, 2-Browser Stealer Report
Extract stored password(s) and important file(s) from various browser (i.e. Chrome, Brave, Edge, Opera)
A .Net Core Data Protection provider to persist keys to Sql Server
Cross-platform PowerShell module that makes encrypting and decrypting strings (using standard cryptographic algorithms) and managing certificates easy.
PrySec - Privacy & Security framework for your .NET applications
Add a description, image, and links to the dpapi topic page so that developers can more easily learn about it.
To associate your repository with the dpapi topic, visit your repo's landing page and select "manage topics."