{ "id": "785b4e35-2cc1-4f9a-932a-9b8384323853", "created_at": "2026-04-06T00:06:30.279884Z", "updated_at": "2026-04-10T13:11:59.904098Z", "deleted_at": null, "sha1_hash": "3782e5358c3a2088610d2b6fdb6fa61cf443f8aa", "title": "GitHub - QAX-A-Team/BrowserGhost: 这是一个抓取浏览器密码的工具,后续会添加更多功能", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 155323, "plain_text": "GitHub - QAX-A-Team/BrowserGhost: 这是一个抓取浏览器密码\r\n的工具,后续会添加更多功能\r\nBy n0thing0x01\r\nArchived: 2026-04-05 16:48:02 UTC\r\nC:\\Users\\Administrator\\Desktop\u003eBrowserGhost.exe\r\n[+] Current user Administrator\r\n[*] [4764] [explorer] [Administrator]\r\n[*] Impersonate user Administrator\r\n[*] Current user Administrator\r\n===============Chrome=============\r\n[*]Get Chrome Login Data\r\n[+] Copy C:\\Users\\Administrator\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data to C:\\Users\\Ad\r\n[URL] -\u003e https://xui.ptlogin2.qq.com/cgi-bin/xlogin\r\n[USERNAME] -\u003e n0thing@gmail.com\r\n[PASSWORD] -\u003e Iloveprettygirls\r\n[+] Delete File C:\\Users\\Administrator\\AppData\\Local\\Temp\\tmp6B9F.tmp\r\n[*]Get Chrome Bookmarks\r\n{\r\n \"checksum\": \"eee70b132cc4f9644d01f989e18fdb38\",\r\n \"roots\": {\r\n \"bookmark_bar\": {\r\n \"children\": [ {\r\n \"date_added\": \"13236861887917624\",\r\n \"guid\": \"c5df2041-d745-4173-af39-b5c48f8d98a2\",\r\n \"id\": \"5\",\r\n \"name\": \"GitHub\",\r\n \"type\": \"url\",\r\n \"url\": \"https://github.com/\"\r\n } ],\r\n \"date_added\": \"13236861618031351\",\r\n \"date_modified\": \"13236861887917624\",\r\n \"guid\": \"00000000-0000-4000-a000-000000000002\",\r\n \"id\": \"1\",\r\n \"name\": \"书签栏\",\r\n \"type\": \"folder\"\r\n },\r\n \"other\": {\r\n \"children\": [ ],\r\nhttps://github.com/QAX-A-Team/BrowserGhost\r\nPage 1 of 3\n\n\"date_added\": \"13236861618031378\",\r\n \"date_modified\": \"0\",\r\n \"guid\": \"00000000-0000-4000-a000-000000000003\",\r\n \"id\": \"2\",\r\n \"name\": \"其他书签\",\r\n \"type\": \"folder\"\r\n },\r\n \"synced\": {\r\n \"children\": [ ],\r\n \"date_added\": \"13236861618031381\",\r\n \"date_modified\": \"0\",\r\n \"guid\": \"00000000-0000-4000-a000-000000000004\",\r\n \"id\": \"3\",\r\n \"name\": \"移动设备书签\",\r\n \"type\": \"folder\"\r\n }\r\n },\r\n \"version\": 1\r\n}\r\n[*]Get Chrome Cookie\r\n[+] Copy C:\\Users\\Administrator\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies to C:\\Users\\Admin\r\n[github.com] _device_id=516175fxxxxxxxxx90133c2\r\n[.github.com] _octo=GH1.1.3xxxxxxxxx5173\r\n[.google.com] NID=204=DEIRBPT8FML_IsHGv1B2xxxxxxxxxxxxxxxxxxxSRlaNRV3-nfhFV8aHAgO6Smtf4JXQqR-W63p0\r\n[+] Delete File C:\\Users\\Administrator\\AppData\\Local\\Temp\\tmp6D94.tmp\r\n[*]Get Chrome History\r\n[+] Copy C:\\Users\\Administrator\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History to C:\\Users\\Admin\r\nhttp://github.com/ The world’s leading software development platform · GitHub\r\nhttps://github.com/ GitHub\r\nhttps://github.com/login Sign in to GitHub · GitHub\r\n[+] Delete File C:\\Users\\Administrator\\AppData\\Local\\Temp\\tmp6E32.tmp\r\n===============IE=============\r\n[*]Get IE Books\r\nC:\\Users\\Administrator\\Favorites\\Sign in to GitHub · GitHub.url\r\nURL=https://github.com/session\r\n[*]Get IE Password\r\nVault Type : Web Credentials\r\nResource : https://github.com/\r\nIdentity : n0thing@gmail.com\r\nCredential : Iloveprettygirls\r\nhttps://github.com/QAX-A-Team/BrowserGhost\r\nPage 2 of 3\n\nLastModified : 2020/6/17 7:08:50\r\n[*]Get IE History\r\nhttps://github.com/login\r\nhttps://github.com/join\r\nhttps://github.com/john\r\nhttps://github.com/sign\r\nhttp://github.com/\r\nhttp://go.microsoft.com/fwlink/p/?LinkId=255141\r\n[*] Recvtoself\r\n[*] Current user Administrator\r\nSource: https://github.com/QAX-A-Team/BrowserGhost\r\nhttps://github.com/QAX-A-Team/BrowserGhost\r\nPage 3 of 3", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "https://github.com/QAX-A-Team/BrowserGhost" ], "report_names": [ "BrowserGhost" ], "threat_actors": [], "ts_created_at": 1775433990, "ts_updated_at": 1775826719, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/3782e5358c3a2088610d2b6fdb6fa61cf443f8aa.pdf", "text": "https://archive.orkl.eu/3782e5358c3a2088610d2b6fdb6fa61cf443f8aa.txt", "img": "https://archive.orkl.eu/3782e5358c3a2088610d2b6fdb6fa61cf443f8aa.jpg" } }