Reconnoitre – Open-Source Reconnaissance and Service Enumeration Tool

DumpBrowserSecrets is a post‑exploitation credential‑harvesting tool that extracts browser-stored secrets (saved logins, session cookies, OAuth refresh tokens, credit card data, autofill and history) from Chromium-based and Firefox browsers. It bypasses Chrome's App‑Bound Encryption by launching a headless Chromium process and injecting a DLL to use the IElevator COM interface, handles DPAPI and NSS decryptions for other browsers, includes evasion techniques (string obfuscation, API hashing, PPID/argument spoofing, handle duplication), and outputs structured JSON for red‑team use; the report also describes attack scenarios, detection opportunities, and mitigations.