{ "id": "dc169ff6-cf41-40a0-a98e-ea1d77512784", "created_at": "2026-04-06T00:22:35.583037Z", "updated_at": "2026-04-10T03:36:47.673686Z", "deleted_at": null, "sha1_hash": "90eeb681efa3fd5dd4bd89a6572fea7582606739", "title": "GitHub - AlessandroZ/LaZagne: Credentials recovery project", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 75676, "plain_text": "GitHub - AlessandroZ/LaZagne: Credentials recovery project\r\nBy AlessandroZ\r\nArchived: 2026-04-05 15:24:34 UTC\r\nDescription\r\nThe LaZagne project is an open source application used to retrieve lots of passwords stored on a local\r\ncomputer. Each software stores its passwords using different techniques (plaintext, APIs, custom algorithms,\r\ndatabases, etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.\r\nThis project has been added to pupy as a post-exploitation module. Python code will be interpreted in memory\r\nwithout touching the disk and it works on Windows and Linux host.\r\nStandalones\r\nStandalones are now available here: https://github.com/AlessandroZ/LaZagne/releases/\r\nInstallation\r\nhttps://github.com/AlessandroZ/LaZagne\r\nPage 1 of 6\n\npip install -r requirements.txt\r\nUsage\r\nLaunch all modules\r\nLaunch only a specific module\r\nLaunch only a specific software script\r\nlaZagne.exe browsers -firefox\r\nWrite all passwords found into a file (-oN for Normal txt, -oJ for Json, -oA for All). Note: If you have\r\nproblems to parse JSON results written as a multi-line strings, check this.\r\nlaZagne.exe all -oN\r\nlaZagne.exe all -oA -output C:\\Users\\test\\Desktop\r\nGet help\r\nlaZagne.exe -h\r\nlaZagne.exe browsers -h\r\nChange verbosity mode (2 different levels)\r\nQuiet mode (nothing will be printed on the standard output)\r\nlaZagne.exe all -quiet -oA\r\nTo decrypt domain credentials, it could be done specifying the user windows password. Otherwise it will\r\ntry all passwords already found as windows passwords.\r\nlaZagne.exe all -password ZapataVive\r\nNote: For wifi passwords \\ Windows Secrets, launch it with administrator privileges (UAC Authentication /\r\nsudo)\r\nMac OS\r\nNote: In Mac OS System, without the user password it is very difficult to retrieve passwords stored on the\r\ncomputer. So, I recommend using one of these options\r\nIf you know the user password, add it in the command line\r\nhttps://github.com/AlessandroZ/LaZagne\r\nPage 2 of 6\n\nlaZagne all --password SuperSecurePassword\r\nYou could use the interactive mode that will prompt a dialog box to the user until the password will be\r\ncorrect\r\nSupported software\r\nWindows Linux Mac\r\nBrowsers 7Star\r\nAmigo\r\nBasilisk\r\nBlackHawk\r\nBrave\r\nCentbrowser\r\nChedot\r\nChrome Beta\r\nChrome Canary\r\nChromium\r\nCoccoc\r\nComodo Dragon\r\nComodo IceDragon\r\nCyberfox\r\nDCBrowser\r\nElements Browser\r\nEpic Privacy Browser\r\nFirefox\r\nGoogle Chrome\r\nIcecat\r\nK-Meleon\r\nKometa\r\nMicrosoft Edge\r\nOpera\r\nOpera GX\r\nOrbitum\r\nQQBrowser\r\npale Moon\r\nSogouExplorer\r\nSputnik\r\nTorch\r\nUran\r\nBrave\r\nChromium\r\nDissenter-Browser\r\nFirefox\r\nGoogle Chrome\r\nIceCat\r\nMicrosoft Edge\r\nOpera\r\nSlimJet\r\nVivaldi\r\nChrome\r\nFirefox\r\nhttps://github.com/AlessandroZ/LaZagne\r\nPage 3 of 6\n\nWindows Linux Mac\r\nVivaldi\r\nYandex\r\nChats\r\nPidgin\r\nPsi\r\nSkype\r\nPidgin\r\nPsi\r\nDatabases\r\nDBVisualizer\r\nPostgresql\r\nRobomongo\r\nSquirrel\r\nSQLdevelopper\r\nDBVisualizer\r\nSquirrel\r\nSQLdevelopper\r\nGames\r\nGalconFusion\r\nKalypsomedia\r\nRogueTale\r\nTurba\r\nGit Git for Windows\r\nMails\r\nEpyrus\r\nInterlink\r\nOutlook\r\nThunderbird\r\nClawsmail\r\nThunderbird\r\nMaven Maven Apache\r\nDumps from memory\r\nKeepass\r\nMimikatz method\r\nSystem Password\r\nMultimedia EyeCON\r\nPHP Composer\r\nSVN Tortoise\r\nSysadmin Apache Directory Studio\r\nCoreFTP\r\nCyberDuck\r\nFileZilla\r\nFileZilla Server\r\nFTPNavigator\r\nOpenSSH\r\nOpenVPN\r\nmRemoteNG\r\nApache Directory Studio\r\nAWS\r\nDocker\r\nEnvironnement variable\r\nFileZilla\r\ngFTP\r\nHistory files\r\nShares\r\nSSH private keys\r\nhttps://github.com/AlessandroZ/LaZagne\r\nPage 4 of 6\n\nWindows Linux Mac\r\nKeePass Configuration Files\r\n(KeePass1, KeePass2)\r\nPuttyCM\r\nRclone\r\nRDPManager\r\nVNC\r\nWinSCP\r\nWindows Subsystem for Linux\r\nKeePass Configuration Files\r\n(KeePassX, KeePass2)\r\nGrub\r\nRclone\r\nWifi Wireless Network\r\nNetwork Manager\r\nWPA Supplicant\r\nInternal mechanism\r\npasswords storage\r\nAutologon\r\nMSCache\r\nCredential Files\r\nCredman\r\nDPAPI Hash\r\nHashdump (LM/NT)\r\nLSA secret\r\nVault Files\r\nGNOME Keyring\r\nKwallet\r\nHashdump\r\nKeychains\r\nHashdump\r\nCompile\r\nUsing Pyinstaller\r\npyinstaller --additional-hooks-dir=. -F --onefile laZagne.py\r\nUsing Nuitka\r\npython3 -m nuitka --standalone --onefile --include-package=lazagne laZagne.py\r\nFor developers\r\nPlease refer to the wiki before opening an issue to understand how to compile the project or to develop a new\r\nmodule. https://github.com/AlessandroZ/LaZagne/wiki\r\nDonation\r\nIf you want to support my work doing a donation, I will appreciate a lot:\r\nVia BTC: 16zJ9wTXU4f1qfMLiWvdY3woUHtEBxyriu\r\nVia Paypal: https://www.paypal.me/lazagneproject\r\nhttps://github.com/AlessandroZ/LaZagne\r\nPage 5 of 6\n\nSpecial thanks\r\nHarmjoy for KeeThief\r\nn1nj4sec for his mimipy module\r\nBenjamin DELPY for mimikatz, which helps me to understand some Windows API.\r\n@skelsec for Pypykatz\r\nMoyix for Creddump\r\nN0fat for Chainbreaker\r\nRichard Moore for the AES module\r\nTodd Whiteman for the DES module\r\nmitya57 for secretstorage\r\nAll contributors who help me on this project\r\nSource: https://github.com/AlessandroZ/LaZagne\r\nhttps://github.com/AlessandroZ/LaZagne\r\nPage 6 of 6", "extraction_quality": 1, "language": "EN", "sources": [ "Malpedia", "ETDA", "MITRE" ], "references": [ "https://github.com/AlessandroZ/LaZagne" ], "report_names": [ "LaZagne" ], "threat_actors": [ { "id": "9f101d9c-05ea-48b9-b6f1-168cd6d06d12", "created_at": "2023-01-06T13:46:39.396409Z", "updated_at": "2026-04-10T02:00:03.312816Z", "deleted_at": null, "main_name": "Earth Lusca", "aliases": [ "CHROMIUM", "ControlX", "TAG-22", "BRONZE UNIVERSITY", "AQUATIC PANDA", "RedHotel", "Charcoal Typhoon", "Red Scylla", "Red Dev 10", "BountyGlad" ], "source_name": "MISPGALAXY:Earth Lusca", "tools": [ "RouterGod", "SprySOCKS", "ShadowPad", "POISONPLUG", "Barlaiy", "Spyder", "FunnySwitch" ], "source_id": "MISPGALAXY", "reports": null }, { "id": "18a7b52d-a1cd-43a3-8982-7324e3e676b7", "created_at": "2025-08-07T02:03:24.688416Z", "updated_at": "2026-04-10T02:00:03.734754Z", "deleted_at": null, "main_name": "BRONZE UNIVERSITY", "aliases": [ "Aquatic Panda", "Aquatic Panda ", "CHROMIUM", "CHROMIUM ", "Charcoal Typhoon", "Charcoal Typhoon ", "Earth Lusca", "Earth Lusca ", "FISHMONGER ", "Red Dev 10", "Red Dev 10 ", "Red Scylla", "Red Scylla ", "RedHotel", "RedHotel ", "Tag-22", "Tag-22 " ], "source_name": "Secureworks:BRONZE UNIVERSITY", "tools": [ "Cobalt Strike", "Fishmaster", "FunnySwitch", "Spyder", "njRAT" ], "source_id": "Secureworks", "reports": null }, { "id": "6abcc917-035c-4e9b-a53f-eaee636749c3", "created_at": "2022-10-25T16:07:23.565337Z", "updated_at": "2026-04-10T02:00:04.668393Z", "deleted_at": null, "main_name": "Earth Lusca", "aliases": [ "Bronze University", "Charcoal Typhoon", "Chromium", "G1006", "Red Dev 10", "Red Scylla" ], "source_name": "ETDA:Earth Lusca", "tools": [ "Agentemis", "AntSword", "BIOPASS", "BIOPASS RAT", "BadPotato", "Behinder", "BleDoor", "Cobalt Strike", "CobaltStrike", "Doraemon", "FRP", "Fast Reverse Proxy", "FunnySwitch", "HUC Port Banner Scanner", "KTLVdoor", "Mimikatz", "NBTscan", "POISONPLUG.SHADOW", "PipeMon", "RbDoor", "RibDoor", "RouterGod", "SAMRID", "ShadowPad Winnti", "SprySOCKS", "WinRAR", "Winnti", "XShellGhost", "cobeacon", "fscan", "lcx", "nbtscan" ], "source_id": "ETDA", "reports": null }, { "id": "d53593c3-2819-4af3-bf16-0c39edc64920", "created_at": "2022-10-27T08:27:13.212301Z", "updated_at": "2026-04-10T02:00:05.272802Z", "deleted_at": null, "main_name": "Earth Lusca", "aliases": [ "Earth Lusca", "TAG-22", "Charcoal Typhoon", "CHROMIUM", "ControlX" ], "source_name": "MITRE:Earth Lusca", "tools": [ "Mimikatz", "PowerSploit", "Tasklist", "certutil", "Cobalt Strike", "Winnti for Linux", "Nltest", "NBTscan", "ShadowPad" ], "source_id": "MITRE", "reports": null } ], "ts_created_at": 1775434955, "ts_updated_at": 1775792207, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/90eeb681efa3fd5dd4bd89a6572fea7582606739.pdf", "text": "https://archive.orkl.eu/90eeb681efa3fd5dd4bd89a6572fea7582606739.txt", "img": "https://archive.orkl.eu/90eeb681efa3fd5dd4bd89a6572fea7582606739.jpg" } }