KeeFarce
KeeFarce allows for the extraction of KeePass 2.x password database information from memory. The cleartext information, including usernames, passwords, notes and url's are dumped into a CSV file in %AppData%. KeeFarce uses DLL injection to execute code within the context of a running KeePass process. C# code execution is achieved by first injecting an architecture-appropriate bootstrap DLL. This spawns an instance of the dot net runtime within the appropriate app domain, subsequently executing KeeFarceDLL.dll (the main C# payload). The KeeFarceDLL uses CLRMD to find the necessary object in the KeePass processes heap, locates the pointers to some required sub-objects (using offsets), and uses reflection to call an export method. An appropriate build of KeeFarce needs to be used depending on the KeePass target's architecture (32 bit or 64 bit). Archives and their shasums can be found under the 'prebuilt' directory. In order to execute on the target host, the following files need to be in the same folder: BootstrapDLL.dll, KeeFarce.exe, KeeFarceDLL.dll, Microsoft.Diagnostic.Runtime.dll. Copy these files across to the target and execute Kee.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
Jamf Connect is an identity and access management solution that provides cloud-based authentication, password synchronization, and Zero Trust Network Access for Mac and mobile devices.
An attacker can create a new IAM policy version and set it as the default version without requiring the iam:SetDefaultPolicyVersion permission.
A list of disposable email domains to detect or block disposable accounts
A cloud-based identity and access management solution that provides access governance, compliance monitoring, and risk management for hybrid environments.
Akamai Account Protector is a cybersecurity tool that prevents account abuse by detecting and mitigating fraudulent activities through user behavior analysis and real-time risk scoring.
The Ping Identity Platform is an enterprise identity and access management solution that provides authentication, authorization, and identity governance capabilities with flexible deployment options for securing customer, workforce, and partner identities.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.