pypykatz
Pure Python implementation of Mimikatz, designed for portability and use as a library. It extracts credentials, hashes, and secrets from various sources, including live systems, minidumps, and Rekall memory images. Key features include:
- LSASS Processing: Parses secrets directly from LSASS process memory.
- Registry Processing: Extracts stored credentials from registry hives.
- DPAPI Support: Decrypts master keys, DPAPI blobs, and credential/vault files.
- User Impersonation: Spawns processes as other users.
- Cross-Platform: Runs on any OS supporting Python 3.6+.
Use cases include penetration testing, incident response, and offline credential recovery from memory dumps.
