KeeFarce Logo

KeeFarce

0
Free
Visit Website

KeeFarce allows for the extraction of KeePass 2.x password database information from memory. The cleartext information, including usernames, passwords, notes and url's are dumped into a CSV file in %AppData%. KeeFarce uses DLL injection to execute code within the context of a running KeePass process. C# code execution is achieved by first injecting an architecture-appropriate bootstrap DLL. This spawns an instance of the dot net runtime within the appropriate app domain, subsequently executing KeeFarceDLL.dll (the main C# payload). The KeeFarceDLL uses CLRMD to find the necessary object in the KeePass processes heap, locates the pointers to some required sub-objects (using offsets), and uses reflection to call an export method. An appropriate build of KeeFarce needs to be used depending on the KeePass target's architecture (32 bit or 64 bit). Archives and their shasums can be found under the 'prebuilt' directory. In order to execute on the target host, the following files need to be in the same folder: BootstrapDLL.dll, KeeFarce.exe, KeeFarceDLL.dll, Microsoft.Diagnostic.Runtime.dll. Copy these files across to the target and execute Kee.

FEATURES

ALTERNATIVES

DumpsterDiver is a tool for analyzing big volumes of data to find hardcoded secrets like keys and passwords.

Free

BeyondTrust Privileged Access Management (PAM) provides comprehensive security controls for privileged accounts and users.

Free

A simple drop-in library for managing users, permissions, and groups in your application.

Free

Airlock Secure Access Hub is an integrated security platform that combines identity and access management with web application and API protection to secure digital applications while maintaining user experience.

Commercial

Tool for visualizing and analyzing control paths in Active Directory to determine access privileges and permissions.

Free

OpenIAM offers a unified identity governance platform featuring CIAM, MFA, and PAM integration.

Free

Find leaked credentials by scanning repositories for high entropy strings.

Free

A tool for searching through public EBS snapshots for secrets, organized as an Elastic Beanstalk application.

Free

PINNED

InfoSecHired Logo

InfoSecHired

An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.

Commercial
Resources
Mandos Brief Newsletter Logo

Mandos Brief Newsletter

A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.

Free
Resources
Kriptos Logo

Kriptos

An AI-driven data classification and governance platform that automatically discovers, analyzes, and labels sensitive information while providing risk management and compliance capabilities.

Commercial
Data Protection
System Two Security Logo

System Two Security

An AI-powered platform that automates threat hunting and analysis by processing cyber threat intelligence and generating customized hunt packages for SOC teams.

Commercial
Security Operations
Aikido Security Logo

Aikido Security

Aikido is an all-in-one security platform that combines multiple security scanning and management functions for cloud-native applications and infrastructure.

Commercial
Application Security
Permiso Logo

Permiso

Permiso is an Identity Threat Detection and Response platform that provides comprehensive visibility and protection for identities across multiple cloud environments.

Commercial
IAM
Wiz Logo

Wiz

Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.

Commercial
Cloud Security
Adversa AI Logo

Adversa AI

Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.

Commercial
AI Security