Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/kerbyj/goLazagne

Go library for credentials recovery
https://github.com/kerbyj/goLazagne

chrome credential-manager credentials-gathering firefox golang golang-library hack password-manager password-recovery password-retrieval password-safety penetration-testing pentest-tool pentesting-windows security summer-of-hack

Last synced: 22 days ago
JSON representation

Go library for credentials recovery

Host: GitHub
URL: https://github.com/kerbyj/goLazagne
Owner: kerbyj
License: mit
Created: 2018-12-12T22:47:25.000Z (about 6 years ago)
Default Branch: master
Last Pushed: 2022-09-07T13:00:28.000Z (over 2 years ago)
Last Synced: 2024-09-25T09:05:29.706Z (3 months ago)
Topics: chrome, credential-manager, credentials-gathering, firefox, golang, golang-library, hack, password-manager, password-recovery, password-retrieval, password-safety, penetration-testing, pentest-tool, pentesting-windows, security, summer-of-hack
Language: Go
Homepage:
Size: 224 KB
Stars: 214
Watchers: 4
Forks: 40
Open Issues: 4
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-hacking-lists - kerbyj/goLazagne - Go library for credentials recovery (Go)

README

        # goLazagne



  



---

## ⚠ Disclaimer

1. All information provided in this project is for educational purposes only and can not be used for law violation or personal gain.

2. The authors of this project are not responsible for any possible harm caused by the materials of this project.

3. All information in this repository is intended for development of audit tools and help preventing the hack attacks.

4. We believe only in ethical hacking.

---

## Description

The **goLazagne** is an open source library for golang used to retrieve passwords stored on local computer.

Inspired by AlessandroZ [LaZagne](https://github.com/AlessandroZ/LaZagne) project.

## Install

```bash

go get github.com/kerbyj/goLazagne

```

### Example

```go

package main

import (

    "github.com/kerbyj/goLazagne"

)

func main() {

    var credentials, _ = goLazagne.ExtractAllData()

    

    println("Browser creds:", len(credentials.BrowserData))

    println("Credman creds:", len(credentials.CredmanData))

    println("Wifi creds:", len(credentials.WifiData))

    

    println("\nEnumerating filesystem. Please wait")

    

    var interestingFiles = []string{

    			"ovpn",

    			"ssh",

    		}

    

    var files = goLazagne.ExtractInterestingFiles(interestingFiles)

    for fileN := range files {

        println(files[fileN])

    }

}

```

If you want to compile this project on Linux system:

```shell script

apt install gcc-multilib

apt install gcc-mingw-w64

CGO_ENABLED=1 CC=x86_64-w64-mingw32-gcc CXX=x86_64-w64-mingw32-g++ GOOS=windows GOARCH=amd64 go build -buildmode=exe

```

## Supported features

* Browsers

	* Chromium-based

	* Mozilla Firefox

	* Internet Explorer and Edge

* Mail

    * Thunderbird

    * [TBD] Outlook 

* Windows

    * Credential Manager

    

* SysAdmin tools (pre alpha, need more tests)

    * Mobaxterm - user, host:port and associated key

    * Putty - user, host:port and associated key

    * Filezilla - user, host:port and password (encrypted if master password isset)

    * Openssh

* WiFi passwords

	

## ToDo (sorted by priority level)

- [ ] Rewrite Mozilla extractor

- [ ] WPA2 Enterprise. The main difficulty is that we need an privilege escalation. Read more in zc00l [research](https://0x00-0x00.github.io/research/2018/11/06/Recovering-Plaintext-Domain-Credentials-From-WPA2-Enterprise-on-a-compromised-host.html).

- [ ] Windows vault

- [ ] Full outlook support

- [ ] Git 

    

## Special thanks

* [Nikolay Edigaryev](https://github.com/edigaryev) for [credman](https://github.com/kerbyj/goLazagne/blob/master/windows/credman.go) module