LaZagne

LaZagne is an open source Python application that scans a local computer and collects passwords that various installed programs have saved to disk. Different applications store credentials in different ways, from plain text files to encrypted databases to operating system APIs, so LaZagne includes individual modules for each supported program and extracts whatever each one stores.

The tool runs from the command line. You can tell it to scan everything at once, restrict it to a single category such as browsers or email clients, or target one specific application. Results can be printed to the terminal or saved as a text or JSON file. A verbosity flag controls how much detail appears during a scan.

The list of supported programs is long. On Windows it covers dozens of browsers (Chrome, Firefox, Edge, Opera, Vivaldi, and many others), chat clients, databases, games, Git credentials, email clients, sysadmin tools like FileZilla and WinSCP, VPN clients, and stored Wi-Fi passwords. Linux support covers a similar but smaller set, and Mac OS has limited coverage. Retrieving Wi-Fi passwords and some Windows system secrets requires running the tool with administrator privileges.

LaZagne was built as a credential auditing and security research tool. The README notes it has also been integrated into a post-exploitation framework called Pupy, which runs Python code in memory without writing to disk. The project is written in Python and can be compiled into a standalone executable using PyInstaller or Nuitka.

The repository accepts contributions and includes a wiki covering how to compile the project and how to write new modules for software not yet supported.