Skip to main content

Python Registry Parser

Project description


Regipy is a python library for parsing offline registry hives!


  • Use as a library
  • Recurse over the registry hive, from root or a given path and get all subkeys and values
  • Read specific subkeys and values
  • Apply transaction logs on a registry hive
  • Command Line Tools:
    • Dump an entire registry hive to json
    • Apply transaction logs on a registry hive
    • Compare registry hives
    • Execute plugins from a robust plugin system (i.e: amcache, shimcache, extract computer name…)
Project page:

Using as a library:

from regipy.registry import RegistryHive
reg = RegistryHive('/Users/martinkorman/Documents/TestEvidence/Registry/Vibranium-NTUSER.DAT')

# Iterate over a registry hive recursively:
for entry in reg.rec_subkeys(as_json=True):

# Iterate over a key and get all subkeys and their modification time:
for sk in reg.get_key('Software').get_subkeys():
    print(, convert_wintime(sk.header.last_modified).isoformat())

# Get values from a specific registry key:
reg.get_key('Software\Microsoft\Internet Explorer\BrowserEmulation').get_values(as_json=True)

# Use plugins:
from regipy.plugins.ntuser.ntuser_persistence import NTUserPersistencePlugin
NTUserPersistencePlugin(reg, as_json=True).run()

# Run all supported plugins on a registry hive:
run_relevant_plugins(reg, as_json=True)


pip install regipy

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for regipy, version 1.3.6
Filename, size File type Python version Upload date Hashes
Filename, size regipy-1.3.6.tar.gz (35.5 kB) File type Source Python version None Upload date Hashes View hashes

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page