Skip to content

C# tool to discover low hanging fruits

Notifications You must be signed in to change notification settings

EncodeGroup/Gopher

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Gopher

If a credential is there... Gopher will find it!

Will search for low hanging fruits and useful information for escalation on a compromised workstation.

Plays nice with execute-assembly.

Digs the following holes:

  • McAfee repository list files
  • Cached GPP files
  • Unattended installation files
  • PowerShell history files
  • AWS credential files
  • Azure credential files
  • Google Cloud credential files
  • RDP sessions
  • PuTTY sessions
  • SuperPuTTY sessions
  • WinSCP sessions
  • FileZilla sessions
  • VNC settings
  • TeamViewer settings
  • PulseSecure saved passwords

Detection

Consider placing SACLs to specific registry keys with the use of Set-AuditRule

Author

@eksperience