The Web Local




Creddump is a python tool to extract various credentials and secrets from Windows registry hives. It currently extracts:


  • LM and NT hashes (SYSKEY protected)
  • Cached domain passwords
  • LSA secrets


It essentially performs all the functions that bkhive/ samdump2, cachedump, and lsadump2 do, but in a platform-independent way. It is also the first tool that does all of these things in an offline way (actually, Cain & Abel does, but is not open source and is only

available on Windows).




  • Alldump has only been tested on python 2.4/2.5. (Python >2.3 will need modification before it will work).
  • Python-crypto is required for its MD5/DES/RC4 support.

      (Windows version available here)

  • Lsadump: system and SECURITY hives
  • Cachedump: system and SECURITY hives
  • Pwdump: system and SAM hives


It is available from here.




Dump cached domain hashes:

usage: ./ <system hive> <security hive>


Dump LSA secrets:

usage: ./ <system hive> <security hive>


Dump local password hashes:

usage: ./ <system hive> <SAM hive>


IT Security News:


Pen Testing Framework:


Latest Tool Reviews: