This Python script for offensive security conducts digital dumpster diving by exfiltrating all data from a Windows Recycle Bin, even if Python isn't installed on the compromised device.
The idea behind this type of malware is that important information like PII or intellectual property may not always be properly deleted, as users often neglect to empty their Recycle Bin. This creates an opportunity for attackers, especially if a careless employee has unwittingly left sensitive information behind. While initial access is required, possibly through social engineering or plugging a USB into the device, and the code could be further optimized, that isn't the primary objective here. Instead, the script highlights a fundamental vulnerability and tests whether employees routinely clean out their Recycle Bin.
This script could serve as a helpful tool in social engineering awareness campaigns, encouraging better information disposal practices among a company's employees. After all, we know the saying:
"One man's trash is another man's treasure."
This project is licensed under the MIT License. See the LICENSE file for details.