Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/IlanKalendarov/PyHook
PyHook is an offensive API hooking tool written in python designed to catch various credentials within the API call.
https://github.com/IlanKalendarov/PyHook
Last synced: 23 days ago
JSON representation
PyHook is an offensive API hooking tool written in python designed to catch various credentials within the API call.
- Host: GitHub
- URL: https://github.com/IlanKalendarov/PyHook
- Owner: IlanKalendarov
- License: bsd-3-clause
- Created: 2021-08-23T12:49:25.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2024-08-13T09:28:51.000Z (4 months ago)
- Last Synced: 2024-08-13T11:12:29.252Z (4 months ago)
- Language: Python
- Size: 1.28 MB
- Stars: 178
- Watchers: 4
- Forks: 17
- Open Issues: 6
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-hacking-lists - IlanKalendarov/PyHook - PyHook is an offensive API hooking tool written in python designed to catch various credentials within the API call. (Python)
README
# PyHook
PyHook is the python implementation of my [SharpHook](https://github.com/IlanKalendarov/SharpHook) project, It uses various API hooks in order to give us the desired credentials.
PyHook Uses frida to inject it's dependencies into the target process
# Supported Processes
| Process | API Call | Description | Progress |
| --------------------- | --------------------------------- | ------------------------------------------------------------ | -------- |
| mstsc | `CredUnPackAuthenticationBufferW` | Hooks `CredUnPackAuthenticationBufferW` from mstsc and outputs username and password | DONE |
| runas | `CreateProcessWithLogonW` | Hooks `CreateProcessWithLogonW` from runas and outputs username, password and a domain name. | DONE |
| PowerShell | `CreateProcessWithLogonW` | Hooks `CreateProcessWithLogonW` from PowerShell and outputs username, password and a domain name (e.g - `Start-Process cmd -Credential X`). | DONE |
| cmd | `RtlInitUnicodeStringEx` | Hooks `RtlInitUnicodeStringEx` from cmd and outputs data from specific filters (e.g - "-p", "password" etc). | DONE |
| MobaXterm | `CharUpperBuffA` | Hooks `CharUpperBuffA` from MobaXterm and outputs credentials for RDP and SSH logins. | DONE |
| explorer (UAC Prompt) | `CredUnPackAuthenticationBufferW` | Hooks `CredUnPackAuthenticationBufferW` from explorer and outputs username, password and a domain name. | DONE |# Demo
![](https://github.com/IlanKalendarov/PyHook/blob/main/Demo/Demo.gif)
Link to my blog post covering this topic: https://ilankalendarov.github.io/posts/offensive-hooking