git404hub

what is edgedump-stealer fr?

harrison-wells-cyber/edgedump-stealer — explained in plain English

Analysis updated 2026-05-18

0PowerShellAudience · ops devopsComplexity · 2/5Setup · moderate

tl;dr

A PowerShell script described by its author as a tool for stealing cleartext passwords from Microsoft Edge browser memory.

vibe map

mindmap
  root((EdgeDump-Stealer))
    What it does
      Targets Edge memory
      Extracts cleartext passwords
      Sends data to listener
    Tech stack
      PowerShell wrapper
      C sharp component
      Python listener
    Concerns
      Credential theft
      Clickfix technique
      No stated license
    Audience
      Security researchers
      Defenders

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

what do people make with this?

VIBE 1

Study this repository as a documented example of a browser credential theft technique for detection purposes.

VIBE 2

Recognize the clickfix social engineering pattern it describes when building phishing or endpoint defenses.

what's the stack?

PowerShellC#Python

how it stacks up fr

harrison-wells-cyber/edgedump-stealerblackvenom5iix/winget-toctou-poceman134/eman-openagent
Stars000
LanguagePowerShellPowerShellPowerShell
Setup difficultymoderatemoderateeasy
Complexity2/53/52/5
Audienceops devopsresearcherdeveloper

Figures from each repo's GitHub metadata at analysis time.

how do i run it?

Difficulty · moderate time til it works · 30min

README provides no installation or usage instructions beyond a one-line description.

in plain english

EdgeDump-Stealer is a small PowerShell script that the author describes as being built to take advantage of the Microsoft Edge browser storing unencrypted, cleartext passwords in system memory. According to the README, running it extracts those credentials and sends the captured data to a separate Python listener, meaning a small server that waits to receive whatever the script sends it. The README states that the PowerShell portion mainly wraps existing C sharp code from a project referred to as L1v1ng0ffTh3L4N, rather than implementing the credential extraction from scratch. The author labels the intended use as a clickfix style smash and grab attack, a term for a social engineering approach where a victim is tricked into running a malicious command themselves, often through a fake error message or prompt. The README is very short and includes a disclaimer that the project was made for fun and should not be used for actual crime. It does not include installation steps, usage instructions, or further explanation of how the script is meant to be deployed. There is no stated license for this repository. Because the README frames this tool around stealing saved browser passwords without the user's knowledge or consent, it describes offensive malware rather than a defensive or educational security utility. Readers should treat this repository as a description of a known credential theft technique rather than as software to run.

prompts (copy fr)

prompt 1
Explain in general terms how attackers exploit browsers storing cleartext credentials in memory, for defensive awareness.
prompt 2
What is a clickfix style social engineering attack and how can security teams detect or block it?
prompt 3
What endpoint monitoring or browser hardening steps help defend against credential dumping tools like this one?

Frequently asked questions

what is edgedump-stealer fr?

A PowerShell script described by its author as a tool for stealing cleartext passwords from Microsoft Edge browser memory.

What language is edgedump-stealer written in?

Mainly PowerShell. The stack also includes PowerShell, C#, Python.

How hard is edgedump-stealer to set up?

Setup difficulty is rated moderate, with roughly 30min to a first successful run.

Who is edgedump-stealer for?

Mainly ops devops.

peek the repo → explain another one

This repo across BitVibe Labs

double-check against the repo, no cap.