Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[addtool] KeePwn #1081

Closed
12 of 22 tasks
piyush-security opened this issue Apr 29, 2023 · 1 comment
Closed
12 of 22 tasks

[addtool] KeePwn #1081

piyush-security opened this issue Apr 29, 2023 · 1 comment
Labels
accepted enhancement New feature or request question Further information is requested

Comments

@piyush-security
Copy link

piyush-security commented Apr 29, 2023
edited
Loading

[homepage]
https://github.com/Orange-Cyberdefense/KeePwn
[/homepage]

[tags]
keepwn, python, secret
[/tags]

[short_descr]
A python script to help red teamers discover KeePass instances and extract secrets.
[/short_descr]

[long_descr]

Features & Roadmap

KeePwn is still in early development and not fully tested yet : please use it with caution and always try it in a lab before (legally) attacking real-life targets!

  • KeePass Discovery
    • Accept multiple target sources (IP, range, hostname, file)
    • Automatically look for KeePass global installation files via SMB C$ share.
    • Automatically look for KeePass portable + Windows store installation files via SMB C$ share.
    • Automatically check for running KeePass process through Impacket-based command execution.
    • Multi-thread implementation to avoid bottleneck hosts.
    • Automatically check for KeePass binary's metadata (version, last access time).
  • KeePass Trigger Abuse
    • Add and remove triggers from KeePass configuration file via SMB C$ share.
    • Automatically poll for cleartext exports on the remote host.
    • Customize triggers with command line arguments.
  • KeePass Cracking
    • Convert KDBX to John and Hashcat compatible formats (including KDBX 4).
  • KeePass Plugin Abuse
    • Automatically upload a plugin (DLL or PFX format) to extract passwords, see KeeFarce Reborn.
    • Automatically poll for cleartext exports on the remote host.
  • Authentication
    • Support LM/NT hash authentication.
    • Support Kerberos Authentication.
  • Miscellaneous
    • Write unit tests.
    • Make the project available on PyPI

Installation

git clone https://github.com/Orange-Cyberdefense/KeePwn
cd KeePwn
sudo python3 setup.py install
KeePwn --help

Or if you don't want to install but just run :

git clone https://github.com/Orange-Cyberdefense/KeePwn
cd KeePwn
python3 -m pip install -r requirements.txt
python3 KeePwn.py --help

For more details : https://github.com/Orange-Cyberdefense/KeePwn#usage
[/long_descr]

[image]
image
image

[/image]
@gwen001
Copy link
Owner

gwen001 commented Apr 29, 2023

Problem occured with the following fields:

  • homepage should be a link

Check the guidelines or use the template created for that purpose.

@gwen001 gwen001 added the question Further information is requested label Apr 29, 2023
@gwen001 gwen001 added enhancement New feature or request accepted labels Dec 7, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
accepted enhancement New feature or request question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gwen001 @piyush-security