Metadata-Version: 2.3
Name: WinSCPPasswdExtractor
Version: 1.2.0
Summary: Extract WinSCP Credentials from any Windows System, winscp config file or recovered user registry hive file
License: MIT
Author: Alexander Neff
Author-email: alex99.neff@gmx.de
Requires-Python: >=3.7,<4.0
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.7
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Requires-Dist: python-registry (>=1.3.1,<2.0.0)
Project-URL: Homepage, https://github.com/NeffIsBack/WinSCPPasswdExtractor
Project-URL: Repository, https://github.com/NeffIsBack/WinSCPPasswdExtractor
Description-Content-Type: text/markdown

![Supported Python versions](https://img.shields.io/badge/python-3.7+-blue.svg) [![Twitter](https://img.shields.io/twitter/follow/al3x_n3ff?label=al3x_n3ff&style=social)](https://twitter.com/intent/follow?screen_name=al3x_n3ff)
# WinSCP Password Extractor
WinSCP stores ssh session passwords in an encoded format in either the registry or a config file called WinSCP.ini.

This python script searches in the WinSCP default locations to extract stored credentials for the current user, when executed locally on the target. If a WinSCP.ini config file is already present the script can decode stored credentials as seen below. To gather WinSCP credentials from a remote target or a range of targets there is a module present for the pentesting Tool [NetExec](https://github.com/Pennyw0rth/NetExec) called "winscp".

These default locations are:
- registry
- %APPDATA%\WinSCP.ini
- %USER%\Documents\WinSCP.ini

Alternatively, a registry hive can be decrypted locally if it has been exported from the target (`NTUSER.DAT` file from the user home folder).

## Installation
WinSCPPasswdExtractor is available on pypi.org. Therefore it is recommended to install this tool with pipx:
```python3
pipx install WinSCPPasswdExtractor
```
Alternatively you could install it with pip or simply download the file and run it.

## Usage
You can either specify a file path if you know the exact path to an existing WinSCP.ini file or you let the tool itself look if any credentials are stored in the default locations. If the provided file is a recovered registry hive, pass the `-r` or `--registry` flag.

With pipx:
```python3
WinSCPPasswdExtractor
WinSCPPasswdExtractor --path <path-to-winscp-file>
WinSCPPasswdExtractor --path <path-to-ntuser-hive-file> --registry
```

Manually downloaded:
```python3
python WinSCPPasswdExtractor.py
python WinSCPPasswdExtractor.py --path <path-to-winscp-file>
python WinSCPPasswdExtractor.py --path <path-to-ntuser-hive-file> --registry

```

## About
This Tool is based on the work of [winscppasswd](https://github.com/anoopengineer/winscppasswd), the ruby winscp parser from [Metasploit-Framework](https://github.com/rapid7/metasploit-framework) and the awesome work from [winscppassword](https://github.com/dzxs/winscppassword).

They did the hard stuff

