login-securite / DonPAPI

Dumping DPAPI credz remotely
GNU General Public License v3.0
983 stars 113 forks source link

[Discussion] About the recent files exclusion list #83

Open Dfte opened 1 week ago

Dfte commented 1 week ago

Heyo!

While PR'ing on DonPAPI I realized that the recent files collector only looks for the following files:

image

While I understand it is to not download too much files, I believe there shouldn't be any type of mask. Right now, if I ever do a lsass dump as a regular administrator (who knows ?) DonPAPI will miss it. It will also misses powershell files, .env files and so many mores.

For that reason I'd like to know if it's possible to remove this whitelist.

Seeya :)