KeePwn 0.5 introduces a full rework of the search module, including options to check if KeePass.exe is currently running on the remote host, multi-threaded parallelization and results export to CSV.
Features & Roadmap
- KeePass Discovery
- Look for KeePass installation files through SMB C$ share (global installation only).
- Accept multiple target sources (IP, CIDR, hostname, file).
- Check for KeePass metadata (version, last access time).
- Check for running KeePass process through Impacket-based RPC. 🆕
- Multi-threaded implementation to avoid bottleneck hosts. 🆕
- Export search results to CSV. 🆕
- Find KDBX databases.
- KeePass Plugin Abuse
- Add and remove KeePass plugins (see KeeFarce Reborn) through SMB C$ share.
- Retrieve cleartext exports on the remote host.
- KeePass Trigger Abuse
- Add and remove triggers (see: KeeThief from KeePass configuration file through SMB C$ share.
- Retrieve cleartext exports on the remote host.
- Customize triggers with command line arguments.
- KeePass Dump Parsing
- Parse memory dumps to find master password candidates (CVE-2023-32784).
- Parse memory dumps to find encryption key.
- KeePass Database Cracking
- Convert KDBX to John and Hashcat compatible formats.
- Add support for KDBX 4.x format.
- Authentication
- Support LM/NT hash authentication.
- Support Kerberos Authentication.
- Miscellaneous
- Write unit tests.
- Make the project available on PyPI .