Clipboard Harvesting
Read Clipboard (PowerShell)
Continuous Monitoring
Meterpreter
Browser Saved Passwords
Chrome
Database Location
SharpChromium
SharpWeb
Mimikatz
SharpDPAPI
Firefox
Profile Location
Key Files
firefox_decrypt
LaZagne
Edge (Chromium)
Same structure as Chrome:Browser History
Chrome History
Firefox History
Bookmarks
Chrome
All-in-One Tools
LaZagne
Extracts credentials from all browsers + many applications.SessionGopher (PowerShell)
Extracts saved sessions from PuTTY, WinSCP, FileZilla, RDP.Quick Reference
| Target | Tool |
|---|---|
| Clipboard | Get-Clipboard / Meterpreter extapi |
| Chrome/Edge passwords | SharpChromium / Mimikatz DPAPI |
| Firefox passwords | firefox_decrypt / LaZagne |
| All browsers | LaZagne / SharpWeb |
| PuTTY/WinSCP/RDP sessions | SessionGopher |
| Browser history | sqlite3 on History/places.sqlite |