explaingit

gentilkiwi/mimikatz

21,566CAudience · developerComplexity · 4/5MaintainedLicenseSetup · hard

TLDR

Windows security testing tool that extracts credentials and authentication tokens from memory to help find vulnerabilities before attackers do.

Mindmap

mindmap
  root((repo))
    What it does
      Extract credentials from memory
      Steal authentication tokens
      Forge Kerberos tickets
      Perform pass-the-hash attacks
    How it works
      Reads LSASS process memory
      Accesses plaintext passwords
      Retrieves password hashes
      Captures Kerberos tickets
    Use cases
      Penetration testing
      Security vulnerability assessment
      Windows domain testing
      Credential theft simulation
    Tech stack
      C language
      Windows API
      Administrator privileges
    Audience
      Security professionals
      Penetration testers
      Red team operators

Things people build with this

USE CASE 1

Test whether a Windows environment is vulnerable to credential theft attacks during a penetration test.

USE CASE 2

Extract password hashes and Kerberos tickets from a compromised Windows machine to assess security posture.

USE CASE 3

Simulate real-world attacks by creating forged Golden Tickets to demonstrate domain network vulnerabilities.

USE CASE 4

Verify that credential protection mechanisms are working correctly on Windows systems.

Tech stack

CWindows API

Getting it running

Difficulty · hard Time to first run · 1h+

Requires Windows environment, Visual Studio/compiler toolchain, and administrative privileges to access process memory.

Use freely for any purpose, including commercial and educational use, as long as you provide attribution to the original creator.

In plain English

Mimikatz is a Windows security research and testing tool originally created by security researcher Benjamin Delpy to learn the C programming language and experiment with how Windows handles authentication. It is now widely used in the security community for penetration testing, the practice of deliberately trying to break into a system in order to find vulnerabilities before attackers do. The tool works by reading credential data directly from Windows memory. When a Windows computer logs you in, it stores authentication tokens and sometimes even passwords in a part of memory managed by a process called LSASS (Local Security Authority Subsystem Service). Mimikatz can extract this data, including plaintext passwords, password hashes (scrambled versions of passwords), PIN codes, and Kerberos tickets (authentication tokens used in Windows networks). It can also perform attacks like pass-the-hash and pass-the-ticket, which let an attacker authenticate as a user without knowing their actual password, just by reusing the stored hash or ticket. A particularly powerful feature is creating "Golden Tickets," forged Kerberos authentication tokens that can grant long-lasting access to resources in a Windows domain network. Mimikatz is primarily used by security professionals to test whether a Windows environment is vulnerable to these credential theft techniques. Because it works against real Windows authentication mechanisms, it is also well known to attackers, making it a common tool in real-world intrusions as well. It is written in C and requires running with elevated (administrator-level) privileges. It is licensed under CC BY 4.0.

Copy-paste prompts

Prompt 1
How do I use Mimikatz to extract plaintext passwords and password hashes from Windows memory during a penetration test?
Prompt 2
Show me how to create a Golden Ticket with Mimikatz to gain persistent access to a Windows domain.
Prompt 3
What are the pass-the-hash and pass-the-ticket attacks, and how does Mimikatz perform them?
Prompt 4
How can I use Mimikatz to test if my Windows environment is vulnerable to credential theft from LSASS memory?
Open on GitHub → Explain another repo

Generated 2026-05-18 · Model: sonnet-4-6 · Verify against the repo before relying on details.