pypykatz on


Mimikatz implementation in pure Python.

Platform idependent - all commands have a "live" and a normal version where applicable. The "live" version will use the current system and only works on Windows. The normal commands are platform independent. Can be used as a library for your projects.

LSASS processing:
Can parse the secrets hidden in the LSASS process. This is just like mimikatz's sekurlsa:: but with different commands.
The main difference here is that all the parsing logic is separated from the data source, so if you define a new reader object you can basically perform the parsing of LSASS from anywhere.

Registry processing:
Parses the registry hives to obtain stroed credentials, like NT and LM hashes, domain cached credentials (DCC/DCC2) and LSA secrets.

DPAPI is the protector of local secrets of many kinds. Currently the project supports decrypting masterkeys, dpapi blobs, credential files, vault files. The results are not 100% correct, as there is not much documentation on most of these things.

Impersonating users:
Can spawn a new process as any user who has a process running on the machine.
Can assign any available token of choise to your thread.