Releases: NeCr00/Credential-Hunting
Releases · NeCr00/Credential-Hunting
Release list
v2.4.0 — output redesign, full-secret output, coverage
Read-only credential discovery for authorized post-exploitation. Two behavior-parity engines: credshunter.sh (Linux, bash 4+) and credshunter.ps1 (Windows, PowerShell 5.1+). Each is a single self-contained script — no install, no network, no dependencies.
Highlights
- No secret is ever truncated. The 140-char preview cap is gone from the grouped Findings section and the
-o/-OutputFilelog — the complete matched line is always shown and logged. Only the live per-stage feed keeps a 2 KB safety cap (with a…(+N more)marker) so a pathological multi-KB minified/base64 line can't flood the terminal; the full value is always preserved in Findings/log. - Unified, refreshed output. Both engines render an identical layout — rounded banner, single-rule stage headers carrying
N found in Ts, inline previews under every finding,▸-bulleted Findings groups, and a dotted-leader Summary. Glyphs are Unicode on UTF-8 terminals with automatic ASCII fallback (legacy code pages / C locale), so nothing renders as mojibake. The bash live feed now shows the matched value under each finding (parity with PowerShell). - PuTTY / KiTTY coverage (Stage 1). Saved sessions are now read from every loaded user hive (
HKEY_USERS\<SID>), not justHKCU— so sessions belonging to other logged-on users (common when running as SYSTEM/admin) are no longer missed. - Stage 5. Added the
.scriptextension to the content-scan set (terminal / logon automation scripts that sometimes embed credentials).
Assets
credshunter.sh— Linux / bash enginecredshunter.ps1— Windows / PowerShell engine
Authorized security testing only · read-only · no warranty.