Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/ahhh/GoRedLoot

A tool to collect secrets (keys and passwords) and stage (compress and encrypt) them for exfiltration.
https://github.com/ahhh/GoRedLoot

Last synced: 2 months ago
JSON representation

A tool to collect secrets (keys and passwords) and stage (compress and encrypt) them for exfiltration.

Awesome Lists containing this project

README 

        
# GoRedLoot



A tool to collect secrets (keys and passwords) and stage (compress and encrypt) them for exfiltration.

More details: https://lockboxx.blogspot.com/2018/06/goredloot.html



# Usage



- The tool takes two command line arguments when invoked, the directory to recursively search and the output file to create. 



  -- Example: ./GoRedLoot [directory to recursivly search] [out file]



- The tool has five primary, hardcoded, internal configuration options. 



  -- The first, and one you defiantly want to change, is the encryption password. 



  -- The next four are essentially your search criteria, and they are ignoreFiles, includeFiles, ignoreContents, and includeContents, and are processed in that order. 



- Its also important to understand the double zipping process that occurs on the output file: 



  -- The first zip wrapper retains all of the collected files meta-information, such as the file names and file properties. 



  -- The second zip wrapper strips all of this information and encrypts the zip archive with the hard coded password.