Directory Services Internals (DSInternals) PowerShell Module and Framework

Dumping DPAPI credz remotely

Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them.

A C# tool to output crackable DPAPI hashes from user MasterKeys

A sort of a toolkit to decrypt Dropbox Windows DBX files

Windows DPAPI JNA Wrapper

GO Wrapper for Windows DPAPI

A DataProtect wrapper that uses DPAPI in Windows and AspNetCore.DataProtection in other platforms.

Base class for saving, encrypting, and loading application settings in a Json file

Console utility to view saved passwords in Chrome and export to .csv file (Windows)

Python application to scan user's installed browsers for secrets such as stored passwords and cookies.

Information stored in applications is decrypted using DPAPI. In this way, attacker passwords may be captured. For use in attack scenarios, two applications written in Python language have been developed that steal the information stored in internet browsers: 1-Browser Stealer, 2-Browser Stealer Report

Cross-platform PowerShell module that makes encrypting and decrypting strings (using standard cryptographic algorithms) and managing certificates easy.

A .Net Core Data Protection provider to persist keys to Sql Server

Prebuilt native module (Node.JS) to encrypt data on Windows with DPAPI.

MongoDb storage for .net core DataProtection keys.

Keytar in VS Code extension experiment

This is a mail client that allows you to work in multiple mailboxes at the same time and encrypts all messages to protect them.