Directory Services Internals (DSInternals) PowerShell Module and Framework

Dumping DPAPI credz remotely

Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them.

A C# tool to output crackable DPAPI hashes from user MasterKeys

A sort of a toolkit to decrypt Dropbox Windows DBX files

Windows DPAPI JNA Wrapper

GO Wrapper for Windows DPAPI

A DataProtect wrapper that uses DPAPI in Windows and AspNetCore.DataProtection in other platforms.

Base class for saving, encrypting, and loading application settings in a Json file

Python application to scan user's installed browsers for secrets such as stored passwords and cookies.

Console utility to view saved passwords in Chrome and export to .csv file (Windows)

Information stored in applications is decrypted using DPAPI. In this way, attacker passwords may be captured. For use in attack scenarios, two applications written in Python language have been developed that steal the information stored in internet browsers: 1-Browser Stealer, 2-Browser Stealer Report

A .Net Core Data Protection provider to persist keys to Sql Server

Prebuilt native module (Node.JS) to encrypt data on Windows with DPAPI.

Cross-platform PowerShell module that makes encrypting and decrypting strings (using standard cryptographic algorithms) and managing certificates easy.

example of dpapi in ruby.. CryptUnprotectData / CryptProtectData

Keytar in VS Code extension experiment

MongoDb storage for .net core DataProtection keys.