Skip to main content

Extract WinSCP Credentials from any Windows System or winscp config file

Project description

WinSCP Password Extractor

WinSCP stores ssh session passwords in an encoded format in either the registry or a config file called WinSCP.ini.

This python script searches in the WinSCP default locations to extract stored credentials for the current user, when executed locally on the target. If a WinSCP.ini config file is already present the script can decode stored credentials as seen below. To gather WinSCP credentials from a remote target or a range of targets there is a module present for the pentesting Tool CrackMapExec called "winscp_dump".

These default locations are:

  • registry
  • %APPDATA%\WinSCP.ini
  • %USER%\Documents\WinSCP.ini

Installation

WinSCPPasswdExtractor is available on pypi.org. Therefore it is recommended to install this tool with pipx:

pipx install WinSCPPasswdExtractor

Alternatively you could install it with pip or simply download the file and run it.

Usage

You can either specify a file path if you know the exact path to an existing WinSCP.ini file or you let the tool itself look if any credentials are stored in the default locations.

With pipx:

WinSCPPasswdExtractor
WinSCPPasswdExtractor <path-to-winscp-file>

Manually downloaded:

python WinSCPPasswdExtractor.py
python WinSCPPasswdExtractor.py <path-to-winscp-file>

About

This Tool is based on the work of winscppasswd, the ruby winscp parser from Metasploit-Framework and the awesome work from winscppassword.

They did the hard stuff

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

winscppasswdextractor-1.1.0.tar.gz (3.8 kB view details)

Uploaded Source

Built Distribution

winscppasswdextractor-1.1.0-py3-none-any.whl (4.6 kB view details)

Uploaded Python 3

File details

Details for the file winscppasswdextractor-1.1.0.tar.gz.

File metadata

  • Download URL: winscppasswdextractor-1.1.0.tar.gz
  • Upload date:
  • Size: 3.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/1.4.2 CPython/3.9.2 Linux/5.15.103-1.qubes.fc32.x86_64

File hashes

Hashes for winscppasswdextractor-1.1.0.tar.gz
Algorithm Hash digest
SHA256 d1544d21ad4ad741accac135c4db27a02d3a79008ffb801deca97019411c8e55
MD5 8d0e3dbb82c56b239f076ca871508d70
BLAKE2b-256 e61312b8a2c1082bd23962260364a575168bd7fcf16d873588c5264050be36a4

See more details on using hashes here.

Provenance

File details

Details for the file winscppasswdextractor-1.1.0-py3-none-any.whl.

File metadata

File hashes

Hashes for winscppasswdextractor-1.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 6076a83122e0ef97904078021080a99100b759bb72b5ffaa2674db585c63fef4
MD5 8d83a988172b02ee12400f23c95843b9
BLAKE2b-256 ff7e25bffc882b99b5a42caaa839dc9755e4c2d5e009d1869343a42e866d9d9a

See more details on using hashes here.

Provenance

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page