2023-04-23 16:07:51 -07:00
|
|
|
|
# Pillager
|
2023-04-24 20:06:41 -07:00
|
|
|
|
|
2023-11-08 02:53:06 -08:00
|
|
|
|
[](LICENSE)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
[](https://github.com/qwqdanchun/Pillager/releases)
|
|
|
|
|
|
|
|
|
|
|
|
|
2023-04-24 20:13:02 -07:00
|
|
|
|
<img src=".\Pillager.png"/>
|
2023-04-24 20:06:41 -07:00
|
|
|
|
|
|
|
|
|
|
## 介绍
|
|
|
|
|
|
|
2023-11-01 06:16:23 -07:00
|
|
|
|
Pillager是一个适用于后渗透期间的信息收集工具,可以收集目标机器上敏感信息,方便下一步渗透工作的进行。
|
2023-04-24 20:06:41 -07:00
|
|
|
|
|
2023-11-01 06:16:23 -07:00
|
|
|
|
## 支持
|
2023-04-24 20:06:41 -07:00
|
|
|
|
|
2023-10-14 12:31:05 -07:00
|
|
|
|
| Browser | BookMarks | Cookies | Passwords | Historys | Local Storage | Extension Settings |
|
2023-10-26 00:37:40 -07:00
|
|
|
|
| :------------ | :-------: | :-----: | :-------: | :------: | :-----------: | :----------------: |
|
|
|
|
|
|
| IE | ✅ | ❌ | ✅ | ✅ | ❌ | ❌ |
|
|
|
|
|
|
| Edge | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
|
|
|
|
|
|
| Chrome | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
|
|
|
|
|
|
| Chrome Beta | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
|
2023-11-01 06:16:23 -07:00
|
|
|
|
| Chrome SxS | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
|
2023-10-26 00:37:40 -07:00
|
|
|
|
| Chromium | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
|
2023-11-01 06:16:23 -07:00
|
|
|
|
| Brave-Browser | ✅ | ✅ | ✅ | ✅ | 🚧 | 🚧 |
|
2023-11-06 06:47:55 -08:00
|
|
|
|
| QQBrowser | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
|
2023-11-01 06:16:23 -07:00
|
|
|
|
| SogouExplorer | ✅ | ✅ | ✅ | ✅ | 🚧 | 🚧 |
|
2023-11-18 22:21:22 -08:00
|
|
|
|
| 360Chrome | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ |
|
2023-11-03 09:53:51 -07:00
|
|
|
|
| 360ChromeX | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ |
|
2023-11-01 06:16:23 -07:00
|
|
|
|
| Vivaldi | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 |
|
|
|
|
|
|
| CocCoc | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 |
|
|
|
|
|
|
| Torch | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 |
|
|
|
|
|
|
| Kometa | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 |
|
|
|
|
|
|
| Orbitum | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 |
|
|
|
|
|
|
| CentBrowser | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 |
|
|
|
|
|
|
| 7Star | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 |
|
|
|
|
|
|
| Sputnik | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 |
|
|
|
|
|
|
| Epic Privacy | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 |
|
|
|
|
|
|
| Uran | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 |
|
|
|
|
|
|
| Yandex | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 |
|
2023-11-06 06:47:55 -08:00
|
|
|
|
| FireFox | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ |
|
2023-10-07 04:09:27 -07:00
|
|
|
|
|
2023-11-01 06:16:23 -07:00
|
|
|
|
注:✅表示经过测试,🚧表示理论上支持但未经测试,❌表示无此功能或不支持
|
|
|
|
|
|
|
2023-11-09 09:41:43 -08:00
|
|
|
|
| IM | Support |
|
2023-11-19 05:01:21 -08:00
|
|
|
|
| :------: | :---------------: |
|
|
|
|
|
|
| QQ | ClientKey(Mail) |
|
2023-11-09 09:41:43 -08:00
|
|
|
|
| Telegram | tdata |
|
|
|
|
|
|
| Skype | Token |
|
|
|
|
|
|
| Enigma | DeviceID/Datebase |
|
2023-10-07 04:09:27 -07:00
|
|
|
|
|
2023-11-19 04:40:32 -08:00
|
|
|
|
| Tool | Support |
|
|
|
|
|
|
| :--------: | :------: |
|
|
|
|
|
|
| MobaXterm | Password |
|
|
|
|
|
|
| Xmanager | Password |
|
|
|
|
|
|
| RDCMan | Password |
|
|
|
|
|
|
| FinalShell | Password |
|
|
|
|
|
|
| Navicat | Password |
|
2023-10-26 00:37:40 -07:00
|
|
|
|
|
2023-11-13 01:25:17 -08:00
|
|
|
|
| Mail | Support |
|
|
|
|
|
|
| :--------: | :------: |
|
|
|
|
|
|
| MailMaster | DataFile |
|
2023-11-13 10:43:32 -08:00
|
|
|
|
| Foxmail | Storage |
|
2023-11-13 01:25:17 -08:00
|
|
|
|
|
2023-12-14 04:40:57 -08:00
|
|
|
|
| FTP | Support |
|
|
|
|
|
|
| :-------: | :------: |
|
|
|
|
|
|
| FileZilla | Config |
|
|
|
|
|
|
| WinSCP | Password |
|
|
|
|
|
|
|
2023-11-09 09:41:43 -08:00
|
|
|
|
| Others | Support |
|
2023-11-06 08:28:58 -08:00
|
|
|
|
| :----: | :------: |
|
2023-11-09 09:41:43 -08:00
|
|
|
|
| Wifi | Password |
|
2023-11-01 06:16:23 -07:00
|
|
|
|
|
2023-10-07 04:09:27 -07:00
|
|
|
|
后续将会陆续添加支持的软件
|
2023-04-24 20:06:41 -07:00
|
|
|
|
|
2023-11-01 06:16:23 -07:00
|
|
|
|
## 使用方法
|
2023-04-24 20:06:41 -07:00
|
|
|
|
|
2023-11-01 06:16:23 -07:00
|
|
|
|
此项目使用Github Action自动编译打包,并上传至[Release](https://github.com/qwqdanchun/Pillager/releases),其中
|
2023-04-24 20:06:41 -07:00
|
|
|
|
|
2023-11-01 06:16:23 -07:00
|
|
|
|
* [Pillager.exe](https://github.com/qwqdanchun/Pillager/releases/download/AutoBuild/Pillager.exe) 为.Net Framework v3.5编译生成的exe
|
|
|
|
|
|
* [Pillager.bin](https://github.com/qwqdanchun/Pillager/releases/download/AutoBuild/Pillager.bin) Donut打包的raw格式的shellcode
|
|
|
|
|
|
* [cs-plugin.zip](https://github.com/qwqdanchun/Pillager/releases/download/AutoBuild/cs-plugin.zip) 为适用于CobaltStrike使用的插件
|
2023-04-24 20:06:41 -07:00
|
|
|
|
|
2023-11-01 06:16:23 -07:00
|
|
|
|
使用CobaltStrike可以直接下载插件包,其他人推荐将shellcode集成至自己的加载器或工具中运行,不建议直接使用Pillager.exe
|
|
|
|
|
|
|
2023-11-10 11:56:46 -08:00
|
|
|
|
执行后会将文件打包至 `%Temp%\Pillager.tar.gz`,需要自行前往目录下载文件或修改代码将文件上传至他处
|
2023-11-01 06:16:23 -07:00
|
|
|
|
|
|
|
|
|
|
## 优点
|
2023-06-28 17:37:26 -07:00
|
|
|
|
|
2023-11-01 06:16:23 -07:00
|
|
|
|
* 体积在100kb左右,为同类工具体积的几分之一甚至几十分之一
|
|
|
|
|
|
* 支持大部分常见浏览器,常见聊天软件的信息提取,将陆续添加其他常用工具的信息收集
|
|
|
|
|
|
* 长期维护,有问题可以及时的反馈处理
|
|
|
|
|
|
* 使用魔改版本的Donut,缩小shellcode体积,使shellcode兼容.Net Framework v3.5/v4.x,并去除AV/EDR对Donut提取的特征
|
2023-11-06 04:43:40 -08:00
|
|
|
|
|
2023-11-13 01:25:17 -08:00
|
|
|
|
## Contributors
|
|
|
|
|
|
|
|
|
|
|
|
<a href="https://github.com/qwqdanchun/Pillager/graphs/contributors">
|
|
|
|
|
|
<img src="https://contrib.rocks/image?repo=qwqdanchun/Pillager" />
|
|
|
|
|
|
</a>
|
|
|
|
|
|
|
2023-11-06 04:43:40 -08:00
|
|
|
|
## 404星链计划
|
2023-11-06 06:47:55 -08:00
|
|
|
|
|
2023-11-06 04:43:40 -08:00
|
|
|
|
|
|
|
|
|
|
|
2023-11-06 08:28:58 -08:00
|
|
|
|
Pillager 现已加入 [404星链计划](https://github.com/knownsec/404StarLink)
|
