Credentials Collectors

Infection Monkey has multiple ways to steal credentials from compromised machines:

Chrome

The Chrome Credentials Collector steals saved credentials from Chrome-based browsers.
On Linux, it targets Google Chrome and Chromium. On Windows, it targets Google Chrome
and Microsoft Edge.

Mimikatz

The Mimikatz Credentials Collector uses pypykatz (a pure-Python implementation of mimikatz)
to steal credentials from Windows Credential Manager.

SSH

The SSH Credentials Collector steals SSH keys from Linux users.

For all users on the system, it locates the /home/<user>/.ssh directory and steals keypairs from it. The supported private key encryption formats are RSA, DSA, EC, and ECDSA.