PyHook : An Offensive API Hooking Tool Written In Python Designed To Catch Various Credentials Within The API Call


PyHook is the python implementation of my SharpHook project, It uses various API hooks in order to give us the desired credentials.

PyHook Uses frida to inject it’s dependencies into the target process

Supported Processes

ProcessAPI CallDescriptionProgress
mstscCredUnPackAuthenticationBufferWHooks CredUnPackAuthenticationBufferW from mstsc and outputs username and passwordDONE
runasCreateProcessWithLogonWHooks CreateProcessWithLogonW from runas and outputs username, password and a domain name.DONE
PowerShellCreateProcessWithLogonWHooks CreateProcessWithLogonW from PowerShell and outputs username, password and a domain name (e.g – Start-Process cmd -Credential X).DONE
cmdRtlInitUnicodeStringExHooks RtlInitUnicodeStringEx from cmd and outputs data from specific filters (e.g – “-p”, “password” etc).DONE
MobaXtermCharUpperBuffAHooks CharUpperBuffA from MobaXterm and outputs credentials for RDP and SSH logins.DONE
explorer (UAC Prompt)CredUnPackAuthenticationBufferWHooks CredUnPackAuthenticationBufferW from explorer and outputs username, password and a domain name.DONE



Please enter your comment!
Please enter your name here