{ "id": "428f76f5-a907-4a90-a615-49fe33dab201", "created_at": "2026-04-06T00:18:42.209156Z", "updated_at": "2026-04-10T13:12:07.185953Z", "deleted_at": null, "sha1_hash": "a3a6f59964b0002cce9e7aa764657870b1592ebb", "title": "GitHub - moonD4rk/HackBrowserData: Extract and decrypt browser data, supporting multiple data types, runnable on various operating systems (macOS, Windows, Linux).", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 1430749, "plain_text": "GitHub - moonD4rk/HackBrowserData: Extract and decrypt\r\nbrowser data, supporting multiple data types, runnable on various\r\noperating systems (macOS, Windows, Linux).\r\nBy hackbrowserdata-bot[bot]\r\nArchived: 2026-04-05 15:07:08 UTC\r\nLint passing\r\n \r\nBuild passing\r\n Release no status \r\nTests passing\r\n \r\ncodecov 70%\r\nHackBrowserData is a command-line tool for decrypting and exporting browser data (passwords, history, cookies,\r\nbookmarks, credit cards, download history, localStorage and extensions) from the browser. It supports the most\r\npopular browsers on the market and runs on Windows, macOS and Linux.\r\nDisclaimer: This tool is only intended for security research. Users are responsible for all legal and\r\nrelated liabilities resulting from the use of this tool. The original author does not assume any legal\r\nresponsibility.\r\nRecent Updates\r\nFirefox 144+ Support\r\nHackBrowserData now supports decryption of saved passwords in Firefox 144 and later versions.\r\nStarting from Firefox 144, Mozilla migrated password encryption from 3DES to AES-256-CBC to enhance\r\nsecurity. HackBrowserData has been updated accordingly and remains fully compatible with the latest Firefox\r\nencryption scheme.\r\nFor more details:\r\nFirefox 144.0 Release Notes\r\nHow Firefox securely saves passwords\r\nSupported Browser\r\nhttps://github.com/moonD4rk/HackBrowserData\r\nPage 1 of 8\n\nWindows\r\nBrowser Password Cookie Bookmark History\r\nGoogle Chrome ✅ ✅ ✅ ✅\r\nGoogle Chrome Beta ✅ ✅ ✅ ✅\r\nChromium ✅ ✅ ✅ ✅\r\nMicrosoft Edge ✅ ✅ ✅ ✅\r\n360 Speed ✅ ✅ ✅ ✅\r\nQQ ✅ ✅ ✅ ✅\r\nBrave ✅ ✅ ✅ ✅\r\nOpera ✅ ✅ ✅ ✅\r\nOperaGX ✅ ✅ ✅ ✅\r\nVivaldi ✅ ✅ ✅ ✅\r\nYandex ✅ ✅ ✅ ✅\r\nCocCoc ✅ ✅ ✅ ✅\r\nFirefox ✅ ✅ ✅ ✅\r\nFirefox Beta ✅ ✅ ✅ ✅\r\nFirefox Dev ✅ ✅ ✅ ✅\r\nFirefox ESR ✅ ✅ ✅ ✅\r\nFirefox Nightly ✅ ✅ ✅ ✅\r\nInternet Explorer ❌ ❌ ❌ ❌\r\nMacOS\r\nBased on Apple's security policy, some browsers require a current user password to decrypt.\r\nBrowser Password Cookie Bookmark History\r\nGoogle Chrome ✅ ✅ ✅ ✅\r\nGoogle Chrome Beta ✅ ✅ ✅ ✅\r\nChromium ✅ ✅ ✅ ✅\r\nhttps://github.com/moonD4rk/HackBrowserData\r\nPage 2 of 8\n\nBrowser Password Cookie Bookmark History\r\nMicrosoft Edge ✅ ✅ ✅ ✅\r\nBrave ✅ ✅ ✅ ✅\r\nOpera ✅ ✅ ✅ ✅\r\nOperaGX ✅ ✅ ✅ ✅\r\nVivaldi ✅ ✅ ✅ ✅\r\nCocCoc ✅ ✅ ✅ ✅\r\nYandex ✅ ✅ ✅ ✅\r\nArc ✅ ✅ ✅ ✅\r\nFirefox ✅ ✅ ✅ ✅\r\nFirefox Beta ✅ ✅ ✅ ✅\r\nFirefox Dev ✅ ✅ ✅ ✅\r\nFirefox ESR ✅ ✅ ✅ ✅\r\nFirefox Nightly ✅ ✅ ✅ ✅\r\nSafari ❌ ❌ ❌ ❌\r\nLinux\r\nBrowser Password Cookie Bookmark History\r\nGoogle Chrome ✅ ✅ ✅ ✅\r\nGoogle Chrome Beta ✅ ✅ ✅ ✅\r\nChromium ✅ ✅ ✅ ✅\r\nMicrosoft Edge Dev ✅ ✅ ✅ ✅\r\nBrave ✅ ✅ ✅ ✅\r\nOpera ✅ ✅ ✅ ✅\r\nVivaldi ✅ ✅ ✅ ✅\r\nFirefox ✅ ✅ ✅ ✅\r\nFirefox Beta ✅ ✅ ✅ ✅\r\nhttps://github.com/moonD4rk/HackBrowserData\r\nPage 3 of 8\n\nBrowser Password Cookie Bookmark History\r\nFirefox Dev ✅ ✅ ✅ ✅\r\nFirefox ESR ✅ ✅ ✅ ✅\r\nFirefox Nightly ✅ ✅ ✅ ✅\r\nGetting started\r\nInstall\r\nInstallation of HackBrowserData is dead-simple, just download the release for your system and run the binary.\r\nIn some situations, this security tool will be treated as a virus by Windows Defender or other antivirus\r\nsoftware and can not be executed. The code is all open source, you can modify and compile by yourself.\r\nBuilding from source\r\nonly support go 1.20+ with go generics.\r\n$ git clone https://github.com/moonD4rk/HackBrowserData\r\n$ cd HackBrowserData/cmd/hack-browser-data\r\n$ go build\r\nCross compile\r\nHere's an example of use macOS building for Windows and Linux\r\nFor Windows\r\nGOOS=windows GOARCH=amd64 go build\r\nFor Linux\r\nGOOS=linux GOARCH=amd64 go build\r\nRun\r\nYou can double-click to run, or use command line.\r\nhttps://github.com/moonD4rk/HackBrowserData\r\nPage 4 of 8\n\nPS C:\\Users\\moond4rk\\Desktop\u003e .\\hack-browser-data.exe -h\r\nNAME:\r\n hack-browser-data - Export passwords|bookmarks|cookies|history|credit cards|download history|local\r\nUSAGE:\r\n [hack-browser-data -b chrome -f json --dir results --zip]\r\n Export all browsing data (passwords/cookies/history/bookmarks) from browser\r\n Github Link: https://github.com/moonD4rk/HackBrowserData\r\nVERSION:\r\n 0.4.6\r\nGLOBAL OPTIONS:\r\n --verbose, --vv verbose (default: false)\r\n --compress, --zip compress result to zip (default: false)\r\n --browser value, -b value available browsers: all|360|brave|chrome|chrome-beta|chromium|co\r\n --results-dir value, --dir value export dir (default: \"results\")\r\n --format value, -f value output format: csv|json (default: \"csv\")\r\n --profile-path value, -p value custom profile dir path, get with chrome://version\r\n --full-export, --full is export full browsing data (default: true)\r\n --help, -h show help\r\n --version, -v print the version\r\nFor example, the following is an automatic scan of the browser on the current computer, outputting the decryption\r\nresults in JSON format and compressing as zip .\r\nPS C:\\Users\\moond4rk\\Desktop\u003e .\\hack-browser-data.exe -b all -f json --dir results --zip\r\nPS C:\\Users\\moond4rk\\Desktop\u003e ls -l .\\results\\\r\n Directory: C:\\Users\\moond4rk\\Desktop\\results\r\n \r\nMode LastWriteTime Length Name\r\n---- ------------- ------ ----\r\n-a---- 7/15/2024 10:55 PM 44982 results.zip\r\nRun with custom browser profile folder\r\nIf you want to export data from a custom browser profile folder, you can use the -p parameter to specify the path\r\nof the browser profile folder. PS: use double quotes to wrap the path.\r\nPS C:\\Users\\moond4rk\\Desktop\u003e .\\hack-browser-data.exe -b chrome -p \"C:\\Users\\User\\AppData\\Local\\Micro\r\n[NOTICE] [browsingdata.go:59,Output] output to file results/chrome_creditcard.csv success\r\n[NOTICE] [browsingdata.go:59,Output] output to file results/chrome_bookmark.csv success\r\n[NOTICE] [browsingdata.go:59,Output] output to file results/chrome_cookie.csv success\r\n[NOTICE] [browsingdata.go:59,Output] output to file results/chrome_history.csv success\r\nhttps://github.com/moonD4rk/HackBrowserData\r\nPage 5 of 8\n\n[NOTICE] [browsingdata.go:59,Output] output to file results/chrome_download.csv success\r\n[NOTICE] [browsingdata.go:59,Output] output to file results/chrome_password.csv success\r\nContributing\r\nWe welcome and appreciate any contributions made by the community (GitHub issues/pull requests, email\r\nfeedback, etc.).\r\nPlease see the Contribution Guide before contributing.\r\nContributors\r\nRoger Aquilao Official uinfziuna8n Cyrus stevenlele Carlo Mandelli\r\nslimwang Amir. a-urth\r\nCiprian\r\nConache\r\nSantiago\r\nRamirez\r\nbeichen\r\nchleynx guoguangwu zhe6652 LC mirefly YuXJ\r\nzznQ\r\nStargazers over time\r\nhttps://github.com/moonD4rk/HackBrowserData\r\nPage 6 of 8\n\nstar-history.com\r\n2021 2022 2023 2024 2025 2026\r\n2K\r\n4K\r\n6K\r\n8K\r\n10K\r\n12K\r\nmoond4rk/hackbrowserdata\r\nStar History\r\nDate\r\nGitHub Stars\r\n404StarLink 2.0 - Galaxy\r\nHackBrowserData is a part of 404Team StarLink-Galaxy, if you have any questions about HackBrowserData or\r\nwant to find a partner to communicate with,please refer to the Starlink group.\r\nJetBrains OS licenses\r\nHackBrowserData had been being developed with GoLand IDE under the free JetBrains Open Source\r\nlicense(s) granted by JetBrains s.r.o., hence I would like to express my thanks here.\r\nhttps://github.com/moonD4rk/HackBrowserData\r\nPage 7 of 8\n\nSource: https://github.com/moonD4rk/HackBrowserData\r\nhttps://github.com/moonD4rk/HackBrowserData\r\nPage 8 of 8", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "https://github.com/moonD4rk/HackBrowserData" ], "report_names": [ "HackBrowserData" ], "threat_actors": [ { "id": "9f101d9c-05ea-48b9-b6f1-168cd6d06d12", "created_at": "2023-01-06T13:46:39.396409Z", "updated_at": "2026-04-10T02:00:03.312816Z", "deleted_at": null, "main_name": "Earth Lusca", "aliases": [ "CHROMIUM", "ControlX", "TAG-22", "BRONZE UNIVERSITY", "AQUATIC PANDA", "RedHotel", "Charcoal Typhoon", "Red Scylla", "Red Dev 10", "BountyGlad" ], "source_name": "MISPGALAXY:Earth Lusca", "tools": [ "RouterGod", "SprySOCKS", "ShadowPad", "POISONPLUG", "Barlaiy", "Spyder", "FunnySwitch" ], "source_id": "MISPGALAXY", "reports": null }, { "id": "18a7b52d-a1cd-43a3-8982-7324e3e676b7", "created_at": "2025-08-07T02:03:24.688416Z", "updated_at": "2026-04-10T02:00:03.734754Z", "deleted_at": null, "main_name": "BRONZE UNIVERSITY", "aliases": [ "Aquatic Panda", "Aquatic Panda ", "CHROMIUM", "CHROMIUM ", "Charcoal Typhoon", "Charcoal Typhoon ", "Earth Lusca", "Earth Lusca ", "FISHMONGER ", "Red Dev 10", "Red Dev 10 ", "Red Scylla", "Red Scylla ", "RedHotel", "RedHotel ", "Tag-22", "Tag-22 " ], "source_name": "Secureworks:BRONZE UNIVERSITY", "tools": [ "Cobalt Strike", "Fishmaster", "FunnySwitch", "Spyder", "njRAT" ], "source_id": "Secureworks", "reports": null }, { "id": "6abcc917-035c-4e9b-a53f-eaee636749c3", "created_at": "2022-10-25T16:07:23.565337Z", "updated_at": "2026-04-10T02:00:04.668393Z", "deleted_at": null, "main_name": "Earth Lusca", "aliases": [ "Bronze University", "Charcoal Typhoon", "Chromium", "G1006", "Red Dev 10", "Red Scylla" ], "source_name": "ETDA:Earth Lusca", "tools": [ "Agentemis", "AntSword", "BIOPASS", "BIOPASS RAT", "BadPotato", "Behinder", "BleDoor", "Cobalt Strike", "CobaltStrike", "Doraemon", "FRP", "Fast Reverse Proxy", "FunnySwitch", "HUC Port Banner Scanner", "KTLVdoor", "Mimikatz", "NBTscan", "POISONPLUG.SHADOW", "PipeMon", "RbDoor", "RibDoor", "RouterGod", "SAMRID", "ShadowPad Winnti", "SprySOCKS", "WinRAR", "Winnti", "XShellGhost", "cobeacon", "fscan", "lcx", "nbtscan" ], "source_id": "ETDA", "reports": null }, { "id": "d53593c3-2819-4af3-bf16-0c39edc64920", "created_at": "2022-10-27T08:27:13.212301Z", "updated_at": "2026-04-10T02:00:05.272802Z", "deleted_at": null, "main_name": "Earth Lusca", "aliases": [ "Earth Lusca", "TAG-22", "Charcoal Typhoon", "CHROMIUM", "ControlX" ], "source_name": "MITRE:Earth Lusca", "tools": [ "Mimikatz", "PowerSploit", "Tasklist", "certutil", "Cobalt Strike", "Winnti for Linux", "Nltest", "NBTscan", "ShadowPad" ], "source_id": "MITRE", "reports": null } ], "ts_created_at": 1775434722, "ts_updated_at": 1775826727, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/a3a6f59964b0002cce9e7aa764657870b1592ebb.pdf", "text": "https://archive.orkl.eu/a3a6f59964b0002cce9e7aa764657870b1592ebb.txt", "img": "https://archive.orkl.eu/a3a6f59964b0002cce9e7aa764657870b1592ebb.jpg" } }