explaingit

gentilkiwi/mimikatz

Analysis updated 2026-06-21

21,522CAudience · ops devopsComplexity · 4/5LicenseSetup · hard

TLDR

A Windows security research tool used in penetration testing to extract passwords, hashes, and Kerberos authentication tokens from Windows memory, revealing how vulnerable a system is to credential-theft attacks.

Mindmap

mindmap
  root((mimikatz))
    What it does
      Windows credential tool
      Security research
      Penetration testing
    Attacks demonstrated
      Pass the hash
      Pass the ticket
      Golden Tickets
    Data extracted
      Plaintext passwords
      NTLM hashes
      Kerberos tickets
    Requirements
      Admin privileges
      Windows only
    Audience
      Security professionals
      Penetration testers
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Test whether a Windows environment is vulnerable to credential theft by extracting cached passwords from memory during an authorized penetration test.

USE CASE 2

Simulate a pass-the-hash attack in a lab to verify that your detection and response tools catch it before a real attacker would.

USE CASE 3

Audit a Windows domain for Golden Ticket vulnerabilities by attempting to forge a Kerberos ticket in a controlled test environment.

What is it built with?

C

How does it compare?

gentilkiwi/mimikatzdarkflippers/unleashed-firmwarejulycoding/the-art-of-programming-by-july-2nd
Stars21,52221,51721,517
LanguageCCC
Setup difficultyhardhardeasy
Complexity4/54/52/5
Audienceops devopsdeveloperdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · hard Time to first run · 1h+

Requires administrator privileges on Windows, antivirus will flag and quarantine it, must be excluded or disabled in the test environment before use.

Use, share, and modify freely for any purpose including commercial as long as you credit the original author, licensed under Creative Commons Attribution 4.0.

In plain English

Mimikatz is a Windows security research and testing tool originally created by security researcher Benjamin Delpy to learn the C programming language and experiment with how Windows handles authentication. It is now widely used in the security community for penetration testing, the practice of deliberately trying to break into a system in order to find vulnerabilities before attackers do. The tool works by reading credential data directly from Windows memory. When a Windows computer logs you in, it stores authentication tokens and sometimes even passwords in a part of memory managed by a process called LSASS (Local Security Authority Subsystem Service). Mimikatz can extract this data, including plaintext passwords, password hashes (scrambled versions of passwords), PIN codes, and Kerberos tickets (authentication tokens used in Windows networks). It can also perform attacks like pass-the-hash and pass-the-ticket, which let an attacker authenticate as a user without knowing their actual password, just by reusing the stored hash or ticket. A particularly powerful feature is creating "Golden Tickets," forged Kerberos authentication tokens that can grant long-lasting access to resources in a Windows domain network. Mimikatz is primarily used by security professionals to test whether a Windows environment is vulnerable to these credential theft techniques. Because it works against real Windows authentication mechanisms, it is also well known to attackers, making it a common tool in real-world intrusions as well. It is written in C and requires running with elevated (administrator-level) privileges. It is licensed under CC BY 4.0.

Copy-paste prompts

Prompt 1
I am running an authorized penetration test on a Windows domain. Walk me through using mimikatz to extract NTLM hashes from LSASS memory after gaining admin access, and what those hashes reveal.
Prompt 2
Explain how a pass-the-hash attack works using mimikatz and what Windows security settings or SIEM detections can prevent or catch it in a real environment.
Prompt 3
In a lab environment, show me how mimikatz creates a Golden Ticket for a Windows domain and what mitigations like krbtgt password rotation prevent this attack.

Frequently asked questions

What is mimikatz?

A Windows security research tool used in penetration testing to extract passwords, hashes, and Kerberos authentication tokens from Windows memory, revealing how vulnerable a system is to credential-theft attacks.

What language is mimikatz written in?

Mainly C. The stack also includes C.

What license does mimikatz use?

Use, share, and modify freely for any purpose including commercial as long as you credit the original author, licensed under Creative Commons Attribution 4.0.

How hard is mimikatz to set up?

Setup difficulty is rated hard, with roughly 1h+ to a first successful run.

Who is mimikatz for?

Mainly ops devops.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Scan in gitsafehub Deploy in gitdeployhub gentilkiwi on gitmyhub

Verify against the repo before relying on details.