Skip to content

Releases: NeCr00/Credential-Hunting

v2.4.0 — output redesign, full-secret output, coverage

Choose a tag to compare

@NeCr00 NeCr00 released this 01 Jul 13:22

Read-only credential discovery for authorized post-exploitation. Two behavior-parity engines: credshunter.sh (Linux, bash 4+) and credshunter.ps1 (Windows, PowerShell 5.1+). Each is a single self-contained script — no install, no network, no dependencies.

Highlights

  • No secret is ever truncated. The 140-char preview cap is gone from the grouped Findings section and the -o / -OutputFile log — the complete matched line is always shown and logged. Only the live per-stage feed keeps a 2 KB safety cap (with a …(+N more) marker) so a pathological multi-KB minified/base64 line can't flood the terminal; the full value is always preserved in Findings/log.
  • Unified, refreshed output. Both engines render an identical layout — rounded banner, single-rule stage headers carrying N found in Ts, inline previews under every finding, -bulleted Findings groups, and a dotted-leader Summary. Glyphs are Unicode on UTF-8 terminals with automatic ASCII fallback (legacy code pages / C locale), so nothing renders as mojibake. The bash live feed now shows the matched value under each finding (parity with PowerShell).
  • PuTTY / KiTTY coverage (Stage 1). Saved sessions are now read from every loaded user hive (HKEY_USERS\<SID>), not just HKCU — so sessions belonging to other logged-on users (common when running as SYSTEM/admin) are no longer missed.
  • Stage 5. Added the .script extension to the content-scan set (terminal / logon automation scripts that sometimes embed credentials).

Assets

  • credshunter.sh — Linux / bash engine
  • credshunter.ps1 — Windows / PowerShell engine

Authorized security testing only · read-only · no warranty.