One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
RomBuster is a router exploitation tool that allows to disclosure network router admin password.
DPAPI looting remotely and locally in Python
LeakScraper is an efficient set of tools to process and visualize huge text files containing credentials. Theses tools are designed to help penetration testers and redteamers doing OSINT by gathering credentials belonging to their target.
XposedOrNot (XoN) tool is to search an aggregated repository of xposed passwords comprising of ~850 million real time passwords. Usage of such compromised passwords is detrimental to individual account security.
Fully automated windows credentials dumper, for SAM (classic passwords) and WINHELLO (pins). Requires to be run from a linux machine with a mounted windows drive.
Jira Secret Hunter - Helps you find credentials and sensitive contents in Jira tickets
convert secret patterns to gf compatible.
Man in the browser attack is all about stealing credentials from sites running in internet-explorer by forcing user to logout and then again logIn.
💨 SUPER SONIC WORDPRESS CHECKER
Tool to search secrets in network shares, support SMB FTP or SFTP.
GitHub Secret Hunter - Helps you find credentials and sensitive contents in public GitHub repositories
Add a description, image, and links to the credentials-gathering topic page so that developers can more easily learn about it.
To associate your repository with the credentials-gathering topic, visit your repo's landing page and select "manage topics."