lsassy

lsassy works out of the box on multiple targets (IP(s), range(s), CIDR(s), hostname(s), FQDN(s), file(s) containing a list of targets). By default, lsassy will try to dump lsass remotely using comsvcs.dll method, either via WMI or via a remote scheduled task.

lsassy can authenticate with Kerberos. It requires a valid TGT in KRB5CCNAME environment variable. See advanced usage for more details.

Different lsass dumping methods are implemented in lsassy, and some option are provided to give control to the user on how the tool will proceed.