Quinn is a Rust-based, modular, Windows credential extraction toolkit built for security professionals. It demonstrates common post-exploitation techniques (LSASS dumping, SAM parsing, browser credential extraction, DPAPI abuse) in a safe, auditable, and transparent way — ideal for training, lab environments, and authorized assessments.
Unlike offensive tools that prioritize evasion, CredStealer prioritizes:
Code clarity & safety
Explicit consent workflows (dry-run mode, logging)
Resource cleanup & memory safety
Modular design for learning & extension
Evasion (Will try)
Work in progress
Right now only browsers works
Usage: quinn.exe [OPTIONS] <COMMAND>
Commands:
all Extract credentials from all supported browsers
chrome Extract from Chrome
edge Extract from Edge
firefox Extract from Firefox
list List available browser profiles
help Print this message or the help of the given subcommand(s)
Options:
--dry-run
-v, --verbose
--output <OUTPUT>
[default: json]
[possible values: json, text, csv]
-h, --help
Print help (see a summary with '-h')
-V, --version
Print version
Windows 10/11 or Windows Server 2016+ Rust 1.70+ (MSVC toolchain recommended)
git clone https://github.com/Tokyo-09/quinn.git
cd quinn
cargo build --release
