{
	"id": "fa1995ae-ab89-4752-8d29-0228a67aafb6",
	"created_at": "2026-04-06T00:11:03.153802Z",
	"updated_at": "2026-04-10T13:12:09.501202Z",
	"deleted_at": null,
	"sha1_hash": "25de8ba5ea8eb2207082a797ac6542ff10e08a6a",
	"title": "GitHub - orlyjamie/mimikittenz: A post-exploitation powershell tool for extracting juicy info from memory.",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 100017,
	"plain_text": "GitHub - orlyjamie/mimikittenz: A post-exploitation powershell\r\ntool for extracting juicy info from memory.\r\nBy orlyjamie\r\nArchived: 2026-04-05 16:17:34 UTC\r\nmimikittenz is a post-exploitation powershell tool that utilizes the Windows function ReadProcessMemory() in\r\norder to extract plain-text passwords from various target processes.\r\nmimikittenz can also easily extract other kinds of juicy info from target processes using regex patterns including\r\nbut not limited to:\r\nTRACK2 (CreditCard) data from merchant/POS processes\r\nPII data\r\nEncryption Keys \u0026 All the other goodstuff\r\nnote: This tool is targeting running process memory address space, once a process is killed it's memory 'should' be\r\ncleaned up and inaccessible however there are some edge cases in which this does not happen.\r\nScreenshot(s)\r\nDescription\r\nhttps://github.com/putterpanda/mimikittenz\r\nPage 1 of 3\n\nThe aim of mimikittenz is to provide user-level (non-admin privileged) sensitive data extraction in order to\r\nmaximise post exploitation efforts and increase value of information gathered per target.\r\nCurrently mimikittenz is able to extract the following credentials from memory:\r\n#####Webmail#####\r\nGmail\r\nOffice365\r\nOutlook Web\r\n#####Accounting#####\r\nXero\r\nMYOB\r\n#####Remote Access#####\r\nJuniper SSL-VPN\r\nCitrix NetScaler\r\nRemote Desktop Web Access 2012\r\n#####Development#####\r\nJira\r\nGithub\r\nBugzilla\r\nZendesk\r\nCpanel\r\n#####IHateReverseEngineers#####\r\nMalwr\r\nVirusTotal\r\nAnubisLabs\r\n#####Misc#####\r\nDropbox\r\nMicrosoft Onedrive\r\nAWS Web Services\r\nSlack\r\nTwitter\r\nFacebook\r\nLicense\r\nhttps://github.com/putterpanda/mimikittenz\r\nPage 2 of 3\n\nhttps://creativecommons.org/licenses/by/4.0/\r\nCustomization\r\nCustom regex - The syntax for adding custom regex is as follows:\r\n[mimikittenz.MemProcInspector]::AddRegex(\"\u003cNameOfTarget\u003e\",\"\u003cregex_here\u003e\")\r\nCustom target process - Just append your target process name into the array:\r\n[mimikittenz.MemProcInspector]::InspectManyProcs(\"iexplore\",\"chrome\",\"firefox\")\r\nContributions\r\nI'd love to see the list of regex's and target processe's grow in order to build a comprehensive post-exploitaiton hit\r\nlist.\r\nSource: https://github.com/putterpanda/mimikittenz\r\nhttps://github.com/putterpanda/mimikittenz\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://github.com/putterpanda/mimikittenz"
	],
	"report_names": [
		"mimikittenz"
	],
	"threat_actors": [],
	"ts_created_at": 1775434263,
	"ts_updated_at": 1775826729,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/25de8ba5ea8eb2207082a797ac6542ff10e08a6a.pdf",
		"text": "https://archive.orkl.eu/25de8ba5ea8eb2207082a797ac6542ff10e08a6a.txt",
		"img": "https://archive.orkl.eu/25de8ba5ea8eb2207082a797ac6542ff10e08a6a.jpg"
	}
}