KeePass Password Manager

KeePass is a free and open-source password manager. The source code is available for download in each release.

KeePass is storing passwords locally in a .kdbx database.

KeePass Pentester Notes ☠️



$ keepass2john xxx.kdbx > myhash
$ john myhash --wordlist=wordlist

Well-Known CVEs


  • CVE-2023-32784: if we have memory dump when keepass was unlocked and running, we are able to dump almost all the cleartext password (aside from first char). There are many PoC below:

keepass-password-dumper (0.6k ⭐) in .NET. There is also keepass-dump-masterkey (0.06k ⭐) or keepass_dump (0.01k ⭐) both in Python.

πŸ‘» To-do πŸ‘»

Stuff that I found, but never read/used yet.

$ kpcli
kpclip:/> open xxx.kdbx
kpclip:/> ls
kpclip:/> cd xxx
kpclip:/> ls
kpclip:/> show <kid> -f