Vulnerability & Exploit Database

Back to search

Multi Gather Firefox Signon Credential Collection

This module will collect credentials from the Firefox web browser if it is installed on the targeted machine. Additionally, cookies are downloaded. Which could potentially yield valid web sessions. Firefox stores passwords within the signons.sqlite database file. There is also a keys3.db file which contains the key for decrypting these passwords. In cases where a Master Password has not been set, the passwords can easily be decrypted using 3rd party tools or by setting the DECRYPT option to true. Using the latter often needs root privileges. Also be warned that if your session dies in the middle of the file renaming process, this could leave Firefox in a non working state. If a Master Password was used the only option would be to bruteforce. Useful 3rd party tools: + firefox_decrypt ( + pswRecovery4Moz (

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name



  • bannedit <bannedit [at]>
  • xard4s
  • g0tmi1k


  • bsd
  • linux
  • osx
  • unix
  • windows



Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use post/multi/gather/firefox_creds msf post(firefox_creds) > sessions ...sessions... msf post(firefox_creds) > set SESSION <session-id> msf post(firefox_creds) > show options and set options... msf post(firefox_creds) > run