whatisgithub

What is edgedump-stealer?

harrison-wells-cyber/edgedump-stealer — explained in plain English

Analysis updated 2026-05-18

0PowerShellAudience · ops devopsComplexity · 2/5Setup · moderate

In one sentence

A PowerShell script described by its author as a tool for stealing cleartext passwords from Microsoft Edge browser memory.

Mindmap

mindmap
  root((EdgeDump-Stealer))
    What it does
      Targets Edge memory
      Extracts cleartext passwords
      Sends data to listener
    Tech stack
      PowerShell wrapper
      C sharp component
      Python listener
    Concerns
      Credential theft
      Clickfix technique
      No stated license
    Audience
      Security researchers
      Defenders

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Study this repository as a documented example of a browser credential theft technique for detection purposes.

USE CASE 2

Recognize the clickfix social engineering pattern it describes when building phishing or endpoint defenses.

What is it built with?

PowerShellC#Python

How does it compare?

harrison-wells-cyber/edgedump-stealerblackvenom5iix/winget-toctou-pocgfsaaser24/x-algo
Stars000
LanguagePowerShellPowerShellPowerShell
Setup difficultymoderatemoderateeasy
Complexity2/53/51/5
Audienceops devopsresearchervibe coder

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · moderate Time to first run · 30min

README provides no installation or usage instructions beyond a one-line description.

So what is it?

EdgeDump-Stealer is a small PowerShell script that the author describes as being built to take advantage of the Microsoft Edge browser storing unencrypted, cleartext passwords in system memory. According to the README, running it extracts those credentials and sends the captured data to a separate Python listener, meaning a small server that waits to receive whatever the script sends it. The README states that the PowerShell portion mainly wraps existing C sharp code from a project referred to as L1v1ng0ffTh3L4N, rather than implementing the credential extraction from scratch. The author labels the intended use as a clickfix style smash and grab attack, a term for a social engineering approach where a victim is tricked into running a malicious command themselves, often through a fake error message or prompt. The README is very short and includes a disclaimer that the project was made for fun and should not be used for actual crime. It does not include installation steps, usage instructions, or further explanation of how the script is meant to be deployed. There is no stated license for this repository. Because the README frames this tool around stealing saved browser passwords without the user's knowledge or consent, it describes offensive malware rather than a defensive or educational security utility. Readers should treat this repository as a description of a known credential theft technique rather than as software to run.

Copy-paste prompts

Prompt 1
Explain in general terms how attackers exploit browsers storing cleartext credentials in memory, for defensive awareness.
Prompt 2
What is a clickfix style social engineering attack and how can security teams detect or block it?
Prompt 3
What endpoint monitoring or browser hardening steps help defend against credential dumping tools like this one?

Frequently asked questions

What is edgedump-stealer?

A PowerShell script described by its author as a tool for stealing cleartext passwords from Microsoft Edge browser memory.

What language is edgedump-stealer written in?

Mainly PowerShell. The stack also includes PowerShell, C#, Python.

How hard is edgedump-stealer to set up?

Setup difficulty is rated moderate, with roughly 30min to a first successful run.

Who is edgedump-stealer for?

Mainly ops devops.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.