Python library to parse remote lsass dumps
Project description
lsassy
Python library to remotely extract credentials on a set of hosts. This blog post explains how it works.
This library uses impacket project to remotely read necessary bytes in lsass dump and pypykatz to extract credentials.
| Chapters | Description |
|---|---|
| Requirements | Requirements to install lsassy from source |
| Documentation | Lsassy documentation |
| CrackMapExec Module | Link to CrackMapExec module included in this repository |
| Issues | Read this before creating an issue |
| Acknowledgments | Kudos to these people and tools |
| Contributors | People contributing to this tool |
Requirement
- Python >= 3.6
Documentation
The tool is fully documented in the project's wiki
Installation
Standalone
Library
CrackMapExec module
- CrackMapExec module is now part of CrackMapExec project
- CME module is documentated in project's wiki
Changelog
v2.1.0
------
* Kerberos authentication support (Thank you laxa for PR)
* Add CME module for python3
* Update bloodhound queries for BloodHound3
* Bug fixes
v2.0.0
------
* Multiprocessing support to dump credentials on multiple hosts at a time
* Add new dumping method using "dumpert"
* Can be used as a library in other python projects
* Syntax changed to be more flexible
* Complete code refactoring, way more organized and easy to maintain/extend
* Better error handling
* Complete wiki
v1.1.0
------
* Better execution process : --method flag has been added and described in help text
* Uses random dump name
* Chose between cmd, powershell, dll and/or procdump methods
* CME module is now using light lsassy WMIExec et TASKExec implementation
* Bug fixes
v1.0.0
------
* Built-in lsass dump
** Lsass dump using built-in Windows
** Lsass dump using procdump (using -p parameter)
* Add --dumppath to ask for remote parsing only
* Code refactoring
* Add --quiet to quiet output
v0.2.0
------
* Add BloodHound option to CME module (-o BLOODHOUND=True)
- Set compromised targets as "owned" in BloodHound
- Check if compromised users have at least one path to domain admin
* Custom parsing (json, grep, pretty [default])
* New --hashes option to lsassy
* Include CME module in repository
* Add credentials to CME database
v0.1.0
------
First release
Acknowledgments
Contributors
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
lsassy-2.1.3.tar.gz
(20.5 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
lsassy-2.1.3-py3-none-any.whl
(25.9 kB
view details)
File details
Details for the file lsassy-2.1.3.tar.gz.
File metadata
- Download URL: lsassy-2.1.3.tar.gz
- Upload date:
- Size: 20.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.2.0 pkginfo/1.5.0.1 requests/2.23.0 setuptools/46.4.0 requests-toolbelt/0.9.1 tqdm/4.46.0 CPython/3.7.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ffcf351ecd4299fb30dcb33821739cfe596f26089cc09983cfa6a58d9f7cb3e1
|
|
| MD5 |
b91d982b0557a69ea59fa0a7c20243a2
|
|
| BLAKE2b-256 |
9756c3571849a865e159a9178b85179f426d67df9228356409da69ab136b0672
|
File details
Details for the file lsassy-2.1.3-py3-none-any.whl.
File metadata
- Download URL: lsassy-2.1.3-py3-none-any.whl
- Upload date:
- Size: 25.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.2.0 pkginfo/1.5.0.1 requests/2.23.0 setuptools/46.4.0 requests-toolbelt/0.9.1 tqdm/4.46.0 CPython/3.7.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
08cd14d1a8f665125ef0baf8b2d2a955fbe39416a692cb114f728be627bfb8c8
|
|
| MD5 |
f890967d7ad0301c6db779e58a3c40e5
|
|
| BLAKE2b-256 |
b0708ea2f0450c5f8c0b6d500ff3b48e6cc40d6b5b050506ac87962493401d5a
|
