explaingit

alessandroz/lazagne

10,813PythonAudience · ops devopsComplexity · 2/5Setup · easy

TLDR

An open-source Python command-line tool that scans a local Windows, Linux, or Mac computer and extracts saved passwords from browsers, email clients, databases, VPN clients, and dozens of other applications.

Mindmap

mindmap
  root((LaZagne))
    What it does
      Scans saved passwords
      Extracts credentials
      Exports results
    Supported targets
      Browsers
      Email clients
      SSH and VPN
      Wi-Fi passwords
    Platforms
      Windows main
      Linux partial
      macOS limited
    Audience
      Security auditors
      Pentesters
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Run a credential audit on a Windows machine to see which saved passwords are recoverable from installed browsers and apps.

USE CASE 2

Compile LaZagne into a standalone executable using PyInstaller to run on machines that do not have Python installed.

USE CASE 3

Write a new module for an unsupported application to extend what LaZagne can extract and contribute it back to the project.

Tech stack

PythonPyInstallerNuitka

Getting it running

Difficulty · easy Time to first run · 5min

Retrieving Wi-Fi passwords and some Windows system secrets requires running the tool as administrator.

In plain English

LaZagne is an open source Python application that scans a local computer and collects passwords that various installed programs have saved to disk. Different applications store credentials in different ways, from plain text files to encrypted databases to operating system APIs, so LaZagne includes individual modules for each supported program and extracts whatever each one stores. The tool runs from the command line. You can tell it to scan everything at once, restrict it to a single category such as browsers or email clients, or target one specific application. Results can be printed to the terminal or saved as a text or JSON file. A verbosity flag controls how much detail appears during a scan. The list of supported programs is long. On Windows it covers dozens of browsers (Chrome, Firefox, Edge, Opera, Vivaldi, and many others), chat clients, databases, games, Git credentials, email clients, sysadmin tools like FileZilla and WinSCP, VPN clients, and stored Wi-Fi passwords. Linux support covers a similar but smaller set, and Mac OS has limited coverage. Retrieving Wi-Fi passwords and some Windows system secrets requires running the tool with administrator privileges. LaZagne was built as a credential auditing and security research tool. The README notes it has also been integrated into a post-exploitation framework called Pupy, which runs Python code in memory without writing to disk. The project is written in Python and can be compiled into a standalone executable using PyInstaller or Nuitka. The repository accepts contributions and includes a wiki covering how to compile the project and how to write new modules for software not yet supported.

Copy-paste prompts

Prompt 1
Using LaZagne on Windows, how do I scan only saved browser passwords from Chrome, Firefox, and Edge and export the results to a JSON file?
Prompt 2
How do I compile LaZagne into a standalone Windows executable using PyInstaller so I can run it without installing Python?
Prompt 3
What admin privileges does LaZagne need to extract Wi-Fi passwords and Windows system secrets, and how do I run it with those privileges?
Open on GitHub → Explain another repo

← alessandroz on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.