Directory Services Internals (DSInternals) PowerShell Module and Framework

Dumping DPAPI credz remotely

Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them.

DPAPI looting remotely and locally in Python

A C# tool to output crackable DPAPI hashes from user MasterKeys

A sort of a toolkit to decrypt Dropbox Windows DBX files

GO Wrapper for Windows DPAPI

Windows DPAPI JNA Wrapper

A DataProtect wrapper that uses DPAPI in Windows and AspNetCore.DataProtection in other platforms.

Python application to scan user's installed browsers for secrets such as stored passwords and cookies.

Base class for saving, encrypting, and loading application settings in a Json file

Console utility to view saved passwords in Chrome and export to .csv file (Windows)

Prebuilt native module (Node.JS) to encrypt data on Windows with DPAPI.

Information stored in applications is decrypted using DPAPI. In this way, attacker passwords may be captured. For use in attack scenarios, two applications written in Python language have been developed that steal the information stored in internet browsers: 1-Browser Stealer, 2-Browser Stealer Report

A .Net Core Data Protection provider to persist keys to Sql Server

Cross-platform PowerShell module that makes encrypting and decrypting strings (using standard cryptographic algorithms) and managing certificates easy.

PrySec - Privacy & Security framework for your .NET applications

MongoDb storage for .net core DataProtection keys.