Analysis updated 2026-05-18
Study this repository as a documented example of a browser credential theft technique for detection purposes.
Recognize the clickfix social engineering pattern it describes when building phishing or endpoint defenses.
| harrison-wells-cyber/edgedump-stealer | blackvenom5iix/winget-toctou-poc | gfsaaser24/x-algo | |
|---|---|---|---|
| Stars | 0 | 0 | 0 |
| Language | PowerShell | PowerShell | PowerShell |
| Setup difficulty | moderate | moderate | easy |
| Complexity | 2/5 | 3/5 | 1/5 |
| Audience | ops devops | researcher | vibe coder |
Figures from each repo's GitHub metadata at analysis time.
README provides no installation or usage instructions beyond a one-line description.
EdgeDump-Stealer is a small PowerShell script that the author describes as being built to take advantage of the Microsoft Edge browser storing unencrypted, cleartext passwords in system memory. According to the README, running it extracts those credentials and sends the captured data to a separate Python listener, meaning a small server that waits to receive whatever the script sends it. The README states that the PowerShell portion mainly wraps existing C sharp code from a project referred to as L1v1ng0ffTh3L4N, rather than implementing the credential extraction from scratch. The author labels the intended use as a clickfix style smash and grab attack, a term for a social engineering approach where a victim is tricked into running a malicious command themselves, often through a fake error message or prompt. The README is very short and includes a disclaimer that the project was made for fun and should not be used for actual crime. It does not include installation steps, usage instructions, or further explanation of how the script is meant to be deployed. There is no stated license for this repository. Because the README frames this tool around stealing saved browser passwords without the user's knowledge or consent, it describes offensive malware rather than a defensive or educational security utility. Readers should treat this repository as a description of a known credential theft technique rather than as software to run.
A PowerShell script described by its author as a tool for stealing cleartext passwords from Microsoft Edge browser memory.
Mainly PowerShell. The stack also includes PowerShell, C#, Python.
Setup difficulty is rated moderate, with roughly 30min to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
Verify against the repo before relying on details.