https://github.com/cyclone-github/metamask_pwn
Tools to recover, extract and decrypt metamask wallets
https://github.com/cyclone-github/metamask_pwn
brave chrome crack crypto cyclone hashcat metamask password pwn recover recovery vault wallet
Last synced: 6 months ago
JSON representation
Tools to recover, extract and decrypt metamask wallets
- Host: GitHub
- URL: https://github.com/cyclone-github/metamask_pwn
- Owner: cyclone-github
- License: gpl-2.0
- Created: 2024-11-03T22:10:03.000Z (11 months ago)
- Default Branch: main
- Last Pushed: 2025-04-07T15:38:59.000Z (6 months ago)
- Last Synced: 2025-04-07T16:42:48.235Z (6 months ago)
- Topics: brave, chrome, crack, crypto, cyclone, hashcat, metamask, password, pwn, recover, recovery, vault, wallet
- Language: Go
- Homepage: https://forum.hashpwn.net/post/74
- Size: 29.3 KB
- Stars: 17
- Watchers: 1
- Forks: 4
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
[](https://github.com/cyclone-github/metamask_pwn/)
[](https://github.com/cyclone-github/metamask_pwn/issues)
[](LICENSE)
[](https://github.com/cyclone-github/metamask_pwn/releases)
# metamask_pwn
Toolset to extract and decrypt metamask vaults (wallets)
- Contact me at https://forum.hashpwn.net/user/cyclone if you need help recovering your Metamask wallet password or seed phrase
# Metamask Vault Hash Extractor
Tool to extract metamask vaults to JSON and hashcat compatible formats
### Info:
- Metamask JSON vaults can be decrypted with https://github.com/cyclone-github/metamask_pwn
- Previous Metamask hashes can be cracked using hashcat -m 26600
- New Metamask hashes can be cracked with hashcat using my custom -m 26620 kernel below
- https://github.com/cyclone-github/hashcat_26620_kernel
- Note: metamask_extractor supports hashcat mode 26620 for convenience, but this is a third-party module written by cyclone that is not affiliated with or included in the official hashcat beta or release builds at https://github.com/hashcat/hashcat
### Metamask Vault location for Chrome extensions:
- Linux: `/home/$USER/.config/google-chrome/Default/Local\ Extension\ Settings/nkbihfbeogaeaoehlefnkodbefgpgknn/`
- Mac: `Library>Application Support>Google>Chrome>Default>Local Extension Settings>nkbihfbeogaeaoehlefnkodbefgpgknn`
- Windows `C:\Users\$USER\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn`
### Usage:
- Linux: `./metamask_extractor.bin {metamask_vault_dir}`
- Windows: `metamask_extractor.exe {metamask_vault_dir}`
### Compile from source:
- If you want the latest features, compiling from source is the best option since the release version may run several revisions behind the source code.
- This assumes you have Go and Git installed
- `git clone https://github.com/cyclone-github/metamask_pwn.git` # clone repo
- `cd metamask_pwn/metamask_extractor` # enter project directory
- `go mod init metamask_extractor` # initialize Go module (skips if go.mod exists)
- `go mod tidy` # download dependencies
- `go build -ldflags="-s -w" .` # compile binary in current directory
- `go install -ldflags="-s -w" .` # compile binary and install to $GOPATH
- Compile from source code how-to:
- https://github.com/cyclone-github/scripts/blob/main/intro_to_go.txt
# Metamask Vault Decryptor
### POC tool to decrypt metamask vault wallets
_**This tool is proudly the first publicly released Metamask Vault decryptor / cracker to support the new Metamask wallet vaults which have a dynamic iteration.**_
```
./metamask_decryptor_amd64.bin -h metamask_json.txt -w wordlist.txt
------------------------------------
| Cyclone's Metamask Vault Decryptor |
------------------------------------
Vault file: metamask_json.txt
Valid Vaults: 1
CPU Threads: 16
Wordlist: wordlist.txt
Working...
Decrypted: 0/1 5430.89 h/s 00h:01m:00s
```
### Info:
- Supports previous Metamask vaults as well as new vaults with "KeyMetadata" which have dynamic iterations
- If you need help extracting Metamask vaults, use `Metamask Extractor` https://github.com/cyclone-github/metamask_pwn
- _`Metamask Vault Decryptor` is superseded by hashcat, however, `Metamask Vault Decryptor` also displays the seed phrase alongside the vault password, which hashcat does not currently support_
### Example vaults supported:
- Old vault format: `{"data": "","iv": "","salt": ""}`
- New vault format: `{"data": "","iv": "","keyMetadata": {"algorithm": "PBKDF2","params": {"iterations": }},"salt": ""}`
### Usage example:
- `./metamask_decryptor.bin -h {wallet_json} -w {wordlist}`
### Output example:
If the tool successfully decrypts the vault, tool will print the vault json, seed phrase and vault password
```
Decrypted Vault: '{}'
Seed Phrase: ''
Vault Password: ''
```
### Compile from source:
- If you want the latest features, compiling from source is the best option since the release version may run several revisions behind the source code.
- This assumes you have Go and Git installed
- `git clone https://github.com/cyclone-github/metamask_pwn.git` # clone repo
- `cd metamask_pwn/metamask_decryptor` # enter project directory
- `go mod init metamask_decryptor` # initialize Go module (skips if go.mod exists)
- `go mod tidy` # download dependencies
- `go build -ldflags="-s -w" .` # compile binary in current directory
- `go install -ldflags="-s -w" .` # compile binary and install to $GOPATH
- Compile from source code how-to:
- https://github.com/cyclone-github/scripts/blob/main/intro_to_go.txt