goLazagne

package module

v1.1.0 Latest Latest Go to latest Published: Jan 16, 2020 License: MIT Imports: 8 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kerbyj/goLazagne

Links

Open Source Insights

README ¶

goLazagne

⚠️ Disclaimer

All information provided in this project is for educational purposes only and can not be used for law violation or personal gain.
The authors of this project are not responsible for any possible harm caused by the materials of this project.
All information in this repository is intended for development of audit tools and help preventing the hack attacks.
We believe only in ethical hacking.

Description

The goLazagne is an open source library for golang used to retrieve passwords stored on local computer.

Inspired by AlessandroZ LaZagne project.

Supported features

Browsers
- Chromium-based
- Mozilla Firefox
- Internet Explorer and Edge
Mail
- Thunderbird
- [TBD] Outlook
Windows
- Credential Manager
SysAdmin tools (pre alpha, need more tests)
- Mobaxterm - user, host:port and associated key
- Putty - user, host:port and associated key
- Filezilla - user, host:port and password (encrypted if master password isset)
- Openssh
WiFi passwords

ToDo (sorted by priority level)

WPA2 Enterprise. The main difficulty is that we need an privilege escalation. Read more in zc00l research.
Windows vault
Full outlook support
Git

Special thanks

Nikolay Edigaryev for credman module

Example

package main

import (
    "github.com/kerbyj/goLazagne"
)

func main() {

    var credentials, _ = goLazagne.ExtractAllData()
    
    println("Browser creds:", len(credentials.BrowserData))
    println("Credman creds:", len(credentials.CredmanData))
    println("Wifi creds:", len(credentials.WifiData))
    
    println("\nEnumerating filesystem. Please wait")
    
    var interestingFiles = []string{
    			"ovpn",
    			"ssh",
    		}
    
    var files = goLazagne.ExtractInterestingFiles(interestingFiles)
    for fileN := range files {
        println(files[fileN])
    }

}

Documentation ¶

Index ¶

func ExtractBrowserCredentials() ([]common.UrlNamePass, int)
func ExtractChromiumCredentials() common.ExtractCredentialsResult
func ExtractCredmanData() ([]common.UrlNamePass, int)
func ExtractFirefoxCredentials() common.ExtractCredentialsResult
func ExtractIECredentials() common.ExtractCredentialsResult
func ExtractInterestingFiles(suffixes []string) []string
func ExtractMailData() ([]common.UrlNamePass, int)
func ExtractOutlookData() ([]outlook.ExtractedData, error)
func ExtractWifiData() ([]common.NamePass, int)
type AllDataStruct
- func ExtractAllData() (AllDataStruct, int)
type SysadminData
- func ExtractSysadminData() SysadminData

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func ExtractBrowserCredentials ¶

func ExtractBrowserCredentials() ([]common.UrlNamePass, int)

* Common function for work with browsers. Just call and function return all saved passwords in chromium browsers and firefox

func ExtractChromiumCredentials ¶

func ExtractChromiumCredentials() common.ExtractCredentialsResult

Function that check saved credentials in chromium based browsers

func ExtractCredmanData ¶

func ExtractCredmanData() ([]common.UrlNamePass, int)

Function for extracting saved BLOBs in windows credential storage

func ExtractFirefoxCredentials ¶

func ExtractFirefoxCredentials() common.ExtractCredentialsResult

* Function that check saved credentials in firefox browser

func ExtractIECredentials ¶

func ExtractIECredentials() common.ExtractCredentialsResult

Function that check saved credentials in internet explorer and edge

func ExtractInterestingFiles ¶

func ExtractInterestingFiles(suffixes []string) []string

Function to search for files on the file system with specific suffixes.

func ExtractMailData ¶

func ExtractMailData() ([]common.UrlNamePass, int)

Function that extract saved credentials from mail software. Currently support only thunderbird

func ExtractOutlookData ¶ added in v1.1.0

func ExtractOutlookData() ([]outlook.ExtractedData, error)

Temp binding for outlook data retrieval

func ExtractWifiData ¶

func ExtractWifiData() ([]common.NamePass, int)

Function for extracting WPA2 PSK stored profiles

Types ¶

type AllDataStruct ¶

type AllDataStruct struct {
	WifiData     []common.NamePass    `json:"wifi"`
	BrowserData  []common.UrlNamePass `json:"browser"`
	CredmanData  []common.UrlNamePass `json:"credman"`
	SysadminData SysadminData         `json:"sysadmin_data"`
	Mail         []common.UrlNamePass `json:"mail"`
}

func ExtractAllData ¶

func ExtractAllData() (AllDataStruct, int)

Function in "give me all" style. The function will return everything that the program can extract from OS.

type SysadminData ¶

type SysadminData struct {
	MobaXTerm []types.MobaData      `json:"moba_x_term"`
	OpenSsh   types.OpensshData     `json:"open_ssh"`
	Putty     []types.PuttyData     `json:"putty"`
	Filezilla []types.FileZillaData `json:"filezilla"`
	Count     int                   `json:"count"`
}

func ExtractSysadminData ¶

func ExtractSysadminData() SysadminData

Source Files ¶

View all Source files

golazagne.go

Directories ¶

Path	Synopsis
browsers
common
filesystem
mail
sysadmin
types
wifi
windows

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL