https://github.com/qwqdanchun/Pillager
Pillager是一个适用于后渗透期间的信息收集工具
https://github.com/qwqdanchun/Pillager
recovery redteam shellcode
Last synced: 3 months ago
JSON representation
Pillager是一个适用于后渗透期间的信息收集工具
- Host: GitHub
- URL: https://github.com/qwqdanchun/Pillager
- Owner: qwqdanchun
- License: mit
- Created: 2023-04-23T23:07:50.000Z (about 2 years ago)
- Default Branch: main
- Last Pushed: 2024-09-07T15:37:56.000Z (9 months ago)
- Last Synced: 2025-03-30T18:07:40.017Z (3 months ago)
- Topics: recovery, redteam, shellcode
- Language: C#
- Homepage:
- Size: 302 KB
- Stars: 1,075
- Watchers: 9
- Forks: 110
- Open Issues: 4
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-hacking-lists - qwqdanchun/Pillager - Pillager是一个适用于后渗透期间的信息收集工具 (C# #)
- StarryDivineSky - qwqdanchun/Pillager
README
# Pillager
[](LICENSE)
[](https://github.com/qwqdanchun/Pillager/releases)
[中文说明](./README_ZH.md)
## Introduction
Pillager is a tool for exporting and decrypting useful data from target computer.
## Support
#### Browser
| Browser Name | BookMarks | Cookies | Passwords | Historys | Local Storage | Extension Settings |
| :------------ | :-------: | :-----: | :-------: | :------: | :-----------: | :----------------: |
| IE | ✅ | ❌ | ✅ | ✅ | ❌ | ❌ |
| Edge | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Chrome | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Chrome Beta | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Chrome SxS | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Chromium | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Brave-Browser | ✅ | ✅ | ✅ | ✅ | 🚧 | 🚧 |
| QQBrowser | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| SogouExplorer | ✅ | ✅ | ✅ | ✅ | 🚧 | 🚧 |
| 360Chrome | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ |
| 360ChromeX | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ |
| Vivaldi | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 |
| CocCoc | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 |
| Torch | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 |
| Kometa | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 |
| Orbitum | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 |
| CentBrowser | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 |
| 7Star | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 |
| Sputnik | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 |
| Epic Privacy | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 |
| Uran | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 |
| Yandex | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 |
| Opera | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 |
| Opera GX | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 |
| FireFox | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ |
✅ Support,🚧 Haven't Tested,❌ Not Support
#### Software
* Acount Takeover
* Telegram
* Skype
* Enigma
* DingTalk
* Line
* Discord
* MailMaster
* Foxmail
* FileZilla
* Teams
* Password Recovery
* MobaXterm
* Xmanager
* RDCMan
* FinalShell
* Navicat
* SQLyog
* SecureCRT
* Outlook
* MailBird
* WinSCP
* DBeaver
* CoreFTP
* Snowflake
* HeidiSQL
* Personal Infomation
* QQ
* VSCode
* Netease CloudMusic
* Win10Ms_Pinyin
Will add more ......
#### System
* Wifi
* ScreenShot
* InstalledApp
* ClipBoard
* FileList
* RecentFile
* SystemInfo
* TaskList
## Usage
This project uses Github Action to auto build and upload the [Release](https://github.com/qwqdanchun/Pillager/releases)
* [Pillager.exe](https://github.com/qwqdanchun/Pillager/releases/download/AutoBuild/Pillager.exe) is exe for .Net Framework v3.5
* [Pillager.bin](https://github.com/qwqdanchun/Pillager/releases/download/AutoBuild/Pillager.bin) is shellcode built with Donut
* [cs-plugin.zip](https://github.com/qwqdanchun/Pillager/releases/download/AutoBuild/cs-plugin.zip) is plugin for CobaltStrike
Pillager.exe is just for testing. It will be detect as malware by most Anti-Virus softwares.
Run the shellcode in your way, and find the result at `%Temp%\Pillager.zip`.
## Feature
* Shellcode file size is less than 100kb
* Using self version of Donut,shellcode is suitable for both .Net Framework v3.5/v4.x
## Contributors
## 404 StarLink Project
Pillager has joined [404星链计划](https://github.com/knownsec/404StarLink)