# Install hack-browser-data with Homebrew

Command-line tool for decrypting and exporting browser data. Version 1.1.0 via Homebrew; verified 2026-06-14.

## Install

```sh
sudo av install brew:hack-browser-data
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install hack-browser-data
```

  Evidence: local Homebrew formula metadata

## Package facts

- **Package key:** brew:hack-browser-data
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/hack-browser-data>
- **Version:** 1.1.0
- **Source summary:** Command-line tool for decrypting and exporting browser data
- **Homepage:** <https://github.com/moonD4rk/HackBrowserData>
- **Repository:** <https://github.com/moonD4rk/HackBrowserData>
- **Upstream docs:** <https://github.com/moonD4rk/HackBrowserData#readme>
- **License:** MIT
- **Source archive:** <https://github.com/moonD4rk/HackBrowserData/archive/refs/tags/v1.1.0.tar.gz>
- **Last updated:** 2026-06-14T12:11:17Z
- **Generated:** 2026-07-08T07:18:31+00:00

## Executables

- hack-browser-data (cli)
- hack-browser-data (alias)

## Build dependencies

- go

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 1.1.0
- Package-manager updated: 2026-06-14
- Local data: ok
- Upstream repository: https://github.com/moonD4rk/HackBrowserData
- Upstream latest detected: v1.1.0 (current)
## Project history and usage

HackBrowserData is a Go command-line security and forensics tool for decrypting and exporting browser data. Its package identity is straightforward: install one binary, point it at local browser profiles or archived profile data, and export passwords, cookies, history, bookmarks, downloads, storage, extensions, and related browser artifacts.

### Project history

The public GitHub repository was created in June 2020. The README describes support for Chromium-based browsers and Firefox on Windows, macOS, and Linux, plus Safari on macOS, and includes a legal-use disclaimer aimed at security research.

The project evolved from local extraction into richer workflows. Release notes and README content show additions such as local storage export, pure-Go SQLite-related refactoring, optimized encryption/decryption modules, Safari support, Chromium App-Bound Encryption support, and cross-host decryption workflows.

### Adoption history

Adoption is visible in the repository scale, release activity, and packaging through Homebrew. The tool appeals to incident-response, red-team, browser-forensics, and security-lab users because browser secrets and artifacts are spread across OS-specific stores, SQLite databases, browser profile layouts, keychains, and DPAPI-like mechanisms.

Cross-host decryption broadened its operational model: an origin host can export Chromium master keys and archive relevant profile files, while an analyst host restores and decrypts offline, even across operating systems for some browser families.

### How it is used

The default `dump` command extracts local browser data with flags for browser, category, output directory, format, profile path, macOS keychain password, verbosity, and zip output. Other commands list profiles, export master keys, archive decryption-relevant files, restore copied profile data with exported keys, and print version information.

Supported data categories include passwords, cookies, bookmarks, history, downloads, credit cards for Chromium-based browsers, extensions, localStorage, and sessionStorage where supported. The README notes platform-specific requirements such as Full Disk Access for Safari and extra payload support for some Chromium cookie decryption on Windows.

### Why package nerds care

HackBrowserData is notable as a packaged security tool because it compresses many browser- and OS-specific storage rules into one CLI. For package users, the value is less about a library API and more about repeatable collection, export formats, cross-platform builds, and workflows that can be scripted during authorized investigations.

### Timeline

- 2020: Public repository created.
- 2022: v0.4.x releases included browser-data extraction fixes and local-storage support.
- 2024: v0.4.6 release notes described refactors, pure-Go driver work, and encryption/decryption optimization.
- 2026: v1.x release notes documented architecture rewrite, Safari, Chromium App-Bound Encryption, and cross-host decryption and restore workflows.

### Related projects

- Related surfaces include Chromium, Chrome, Edge, Brave, Firefox, Safari, browser profile SQLite databases, Windows DPAPI and App-Bound Encryption, macOS Keychain, and incident-response tooling that inventories browser artifacts.

### Sources

- <https://formulae.brew.sh/formula/hack-browser-data>
- <https://github.com/moonD4rk/HackBrowserData>
- <https://github.com/moonD4rk/HackBrowserData/releases>
- <https://raw.githubusercontent.com/moonD4rk/HackBrowserData/main/README.md>


## Security Notes

broad file, network, media, or database tool signal.

- **Geiger risk:** blue / medium
- broad file, network, media, or database tool signal

## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** hack-browser-data
- **Version Scheme:** 0
- **Revision:** 0
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable


## Related links

- [Source-control packages](https://www.automicvault.com/pkg/source-control-tools/) - Belongs to a source-control command family.
- [Secret-risk packages](https://www.automicvault.com/pkg/secret-risk-packages/) - Has protected-tool coverage, approval-gate, or non-low Geiger security signals.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [go](https://www.automicvault.com/pkg/brew/go/) - Build dependency declared by Homebrew.
- [afflib](https://www.automicvault.com/pkg/brew/afflib/) - Shares av.db curated category or tags: cli, forensics, security.
- [chainsaw](https://www.automicvault.com/pkg/brew/chainsaw/) - Shares av.db curated category or tags: cli, forensics, security.
- [dc3dd](https://www.automicvault.com/pkg/brew/dc3dd/) - Shares av.db curated category or tags: cli, forensics, security.
- [dcfldd](https://www.automicvault.com/pkg/brew/dcfldd/) - Shares av.db curated category or tags: cli, forensics, security.
- [evtx](https://www.automicvault.com/pkg/brew/evtx/) - Shares av.db curated category or tags: cli, forensics, security.
- [ssdeep](https://www.automicvault.com/pkg/brew/ssdeep/) - Shares av.db curated category or tags: cli, forensics, security.
- [bulk_extractor](https://www.automicvault.com/pkg/brew/bulk-extractor/) - Shares av.db curated category or tags: cli, data-extraction, forensics, security.
- [mac-robber](https://www.automicvault.com/pkg/brew/mac-robber/) - Shares av.db curated category or tags: cli, forensics, security.

## Combined YAML source

View the package source record on GitHub. [combined/hack-browser-data.yml](https://github.com/automic-vault/db/blob/main/combined/hack-browser-data.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- cross-ecosystem install command graph
