pypykatz

pypykatz

Pure Python implementation of Mimikatz, designed for portability and use as a library. It extracts credentials, hashes, and secrets from various sources, including live systems, minidumps, and Rekall memory images. Key features include:

• LSASS Processing: Parses secrets directly from LSASS process memory.
• Registry Processing: Extracts stored credentials from registry hives.
• DPAPI Support: Decrypts master keys, DPAPI blobs, and credential/vault files.
• User Impersonation: Spawns processes as other users.
• Cross-Platform: Runs on any OS supporting Python 3.6+.

Use cases include penetration testing, incident response, and offline credential recovery from memory dumps.