{"id":22412388,"url":"https://github.com/tokyoneon/credphish","last_synced_at":"2025-04-09T22:19:39.740Z","repository":{"id":41283600,"uuid":"389844020","full_name":"tokyoneon/CredPhish","owner":"tokyoneon","description":"CredPhish is a PowerShell script designed to invoke legitimate credential prompts and exfiltrate passwords over DNS.","archived":false,"fork":false,"pushed_at":"2021-07-27T14:26:00.000Z","size":307,"stargazers_count":293,"open_issues_count":2,"forks_count":45,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-04-02T16:50:03.369Z","etag":null,"topics":["amsi","antivirus-evasion","backdoor","bypass-antivirus","c2","dns","dns-server","exfiltration","information-security","kali","kali-linux","kali-scripts","offensive-security","penetration-testing","reverse-shell","shell","social-engineering"],"latest_commit_sha":null,"homepage":"https://www.blackhillsinfosec.com/how-to-phish-for-user-passwords-with-powershell/","language":"PowerShell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tokyoneon.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-07-27T04:07:54.000Z","updated_at":"2025-03-30T21:34:21.000Z","dependencies_parsed_at":"2022-07-07T01:02:16.778Z","dependency_job_id":null,"html_url":"https://github.com/tokyoneon/CredPhish","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tokyoneon%2FCredPhish","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tokyoneon%2FCredPhish/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tokyoneon%2FCredPhish/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tokyoneon%2FCredPhish/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tokyoneon","download_url":"https://codeload.github.com/tokyoneon/CredPhish/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248119577,"owners_count":21050794,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["amsi","antivirus-evasion","backdoor","bypass-antivirus","c2","dns","dns-server","exfiltration","information-security","kali","kali-linux","kali-scripts","offensive-security","penetration-testing","reverse-shell","shell","social-engineering"],"created_at":"2024-12-05T14:08:35.671Z","updated_at":"2025-04-09T22:19:39.720Z","avatar_url":"https://github.com/tokyoneon.png","language":"PowerShell","funding_links":[],"categories":["Operating Systems"],"sub_categories":["Windows"],"readme":"![](images/credphish.gif)\n\nCredPhish is a PowerShell script designed to invoke credential prompts and exfiltrate passwords. It relies on [CredentialPicker](https://docs.microsoft.com/en-us/uwp/api/windows.security.credentials.ui.credentialpicker?view=winrt-19041) to collect user passwords, [Resolve-DnsName](https://docs.microsoft.com/en-us/powershell/module/dnsclient/resolve-dnsname) for DNS exfiltration, and Windows Defender's [ConfigSecurityPolicy.exe](https://lolbas-project.github.io/lolbas/Binaries/ConfigSecurityPolicy/) to perform arbitrary GET requests.\n\nFor a walkthrough, see the [Black Hills Infosec publication](https://www.blackhillsinfosec.com/how-to-phish-for-user-passwords-with-powershell/).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftokyoneon%2Fcredphish","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftokyoneon%2Fcredphish","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftokyoneon%2Fcredphish/lists"}