1. Advisor
  2. pypykatz
  3. functions
  4. pypykatz.pypykatz.pypykatz
View all pypykatz analysis

How to use the pypykatz.pypykatz.pypykatz function in pypykatz

To help you get started, we’ve selected a few pypykatz examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github Coalfire-Research / Slackor / server.py View on Github external
import string
import sqlite3
import requests
import threading
from cmd import Cmd
from Crypto.Cipher import AES
from urllib.parse import urlparse
from prettytable import PrettyTable
from prettytable import PLAIN_COLUMNS
try:
    from SpookFlare.lib import sfhta, sfvba
except ModuleNotFoundError:
    print("WARNING: SpookFlare not found, clone with \"--recursive\" to be able to generate all stager types.")
try:
    from pypykatz import pypykatz as pypykatzfile
    pypykatzClass = pypykatzfile.pypykatz
except ModuleNotFoundError:
    print("WARNING: pypykatz not found, clone with \"--recursive\" to be able to extract credentials from .dmp files.")


# Global list of all agents
agent_list = []

# List to hold all processed jobs
processed_ids = []

# Connect to database
conn = sqlite3.connect('slackor.db')

# Connect to database and get keys
auths = conn.execute("SELECT * FROM KEYS")
for row in auths:
github skelsec / pypykatz / pypykatz / pypykatz.py View on Github external
def go_rekall(session, override_timestamp = None, buildnumber = None):
		from pypykatz.commons.readers.rekall.rekallreader import RekallReader
		reader = RekallReader.from_session(session, override_timestamp, buildnumber)
		sysinfo = KatzSystemInfo.from_rekallreader(reader)
		mimi = pypykatz(reader, sysinfo)
		mimi.start()
		return mimi
github skelsec / pypykatz / pypykatz / lsadecryptor / cmdhelper.py View on Github external
def run_live(self, args):
		files_with_error = []
		results = {}
		if args.module == 'lsa':
			filename = 'live'
			try:
				mimi = pypykatz.go_live()
				results['live'] = mimi
			except Exception as e:
				files_with_error.append(filename)
				if args.halt_on_error == True:
					raise e
				else:
					print('Exception while dumping LSA credentials from memory.')
					traceback.print_exc()
					pass
					
			self.process_results(results, files_with_error,args)
github skelsec / pypykatz / pypykatz / lsadecryptor / cmdhelper.py View on Github external
def run(self, args):
		files_with_error = []
		results = {}
		###### Rekall
		if args.cmd == 'rekall':
			mimi = pypykatz.parse_memory_dump_rekall(args.memoryfile, args.timestamp_override)
			results['rekall'] = mimi
	
		###### Minidump
		elif args.cmd == 'minidump':
			if args.directory:
				dir_fullpath = os.path.abspath(args.memoryfile)
				file_pattern = '*.dmp'
				if args.recursive == True:
					globdata = os.path.join(dir_fullpath, '**', file_pattern)
				else:	
					globdata = os.path.join(dir_fullpath, file_pattern)
					
				logging.info('Parsing folder %s' % dir_fullpath)
				for filename in glob.glob(globdata, recursive=args.recursive):
					logging.info('Parsing file %s' % filename)
					try:
github Coalfire-Research / Slackor / pypykatz / pypykatz / __main__.py View on Github external
elif args.verbose == 1:
		logging.basicConfig(level=logging.DEBUG)
	else:
		level = 5 - args.verbose
		logging.basicConfig(level=level)
	
	##### Common obj
	results = {}
	files_with_error = []
	
	###### Live 
	if args.command == 'live':
		if args.module == 'lsa':
			filename = 'live'
			try:
				mimi = pypykatz.go_live()
				results['live'] = mimi
			except Exception as e:
				files_with_error.append(filename)
				if args.halt_on_error == True:
					raise e
				else:
					print('Exception while dumping LSA credentials from memory.')
					traceback.print_exc()
					pass
	###### Rekall
	elif args.command == 'rekall':
		mimi = pypykatz.parse_memory_dump_rekall(args.memoryfile, args.timestamp_override)
		results['rekall'] = mimi
	
	###### Minidump
	elif args.command == 'minidump':
github Coalfire-Research / Slackor / pypykatz / pypykatz / plugins / pypykatz_rekall.py View on Github external
def collect(self):
		cc = self.session.plugins.cc()
		mimi = pypykatz.go_rekall(self.session, self.plugin_args.override_timestamp)

		if self.plugin_args.out_file and self.plugin_args.json:
			self.session.logging.info('Dumping results to file in JSON format')
			with open(self.plugin_args.out_file, 'w') as f:
				json.dump(mimi, f, cls = UniversalEncoder, indent=4, sort_keys=True)
		
	
		elif self.plugin_args.out_file:
			self.session.logging.info('Dumping results to file')
			with open(self.plugin_args.out_file, 'w') as f:
				f.write('FILE: ======== MEMORY =======\n')
					
				for luid in mimi.logon_sessions:
					f.write('\n'+str(mimi.logon_sessions[luid]))
					
					if len(mimi.orphaned_creds) > 0:
github skelsec / pypykatz / pypykatz / pypykatz.py View on Github external
def parse_minidump_external(handle):
		"""
		Parses LSASS minidump file based on the file object.
		File object can really be any object as longs as 
		it implements read, seek, tell functions with the 
		same parameters as a file object would.

		handle: file like object
		"""
		minidump = MinidumpFile.parse_external(handle)
		reader = minidump.get_reader().get_buffered_reader()
		sysinfo = KatzSystemInfo.from_minidump(minidump)
		mimi = pypykatz(reader, sysinfo)
		mimi.start()
		return mimi
github skelsec / pypykatz / pypykatz / pypykatz.py View on Github external
def parse_minidump_bytes(data):
		"""
		Parses LSASS minidump file bytes.
		data needs to be bytearray
		"""
		minidump = MinidumpFile.parse_bytes(data)
		reader = minidump.get_reader().get_buffered_reader()
		sysinfo = KatzSystemInfo.from_minidump(minidump)
		mimi = pypykatz(reader, sysinfo)
		mimi.start()
		return mimi

pypykatz

Python implementation of Mimikatz

GitHub
MIT
Latest version published 4 months ago

Package Health Score

74 / 100
Full package analysis

Popular pypykatz functions

Similar packages