Credential collectors

Credentials Collectors

Infection Monkey has multiple ways to steal credentials from compromised machines:


The Chrome Credentials Collector steals saved credentials from Chrome-based browsers.
On Linux, it targets Google Chrome and Chromium. On Windows, it targets Google Chrome
and Microsoft Edge.


The Mimikatz Credentials Collector uses pypykatz (a pure-Python implementation of mimikatz)
to steal credentials from Windows Credential Manager.


The SSH Credentials Collector steals SSH keys from Linux users.

For all users on the system, it locates the /home/<user>/.ssh directory and steals keypairs from it. The supported private key encryption formats are RSA, DSA, EC, and ECDSA.