Pypykatz: a Mimikatz Python implementation
Mimikatz is a famous post-exploitation tool written in C by Benjamin Delpy: it allows a local attacker to dump secrets from memory exploiting Windows single sign-on functionality.
How Mimikatz works?
Until Windows 10, Microsoft’s OSs by default used a feature called WDigest  that loads encrypted passwords into memory, but also loads the secret key to decrypt them: this feature is useful for authenticating large numbers of users on an enterprise or government network, but also allows Mimikatz  to dump memory and extracting the passwords.
Starting with Windows 8.1, Microsoft made it possible to disable this feature, and it is disabled by default in Windows 10.
However, Windows still ships with WDigest, and an attacker who gains administrative privileges can simply turn it on and run Mimikatz .
A “platform independent” mimikatz clone
In the past, i’ve already talked about about a powershell clone of mimikatz, dubbed Mimikittenz, and today I’d like to share a pure python version, called Pypykatz.
Pypykatz  is a Mimikatz implementation, developed and maintained by SkelSec, that runs on all OS’s which support python>=3.6.
All Pypykatz‘ commands have a “live” and a normal version: the “live” version works on the live memory of the current system and (obviously) only works on Windows.
The normal commands may process memory dumps and are platform independent.
pip3 install minidump minikerberos aiowinreg msldap winsspi
Clone this repo
git clone https://github.com/skelsec/pypykatz.git cd pypykatz
python3 setup.py install
The GitHub repository of the project contains a wiki  with a good documentation: