Mimikatz MCP Server

Mimikatz MCP Server

Provides programmatic access to Mimikatz for credential extraction, Kerberos attacks, SAM/LSA dumping, and other Windows security assessment tasks through natural language.

Category
Visit Server

README

Mimikatz MCP Server

A Model Context Protocol (MCP) server that provides programmatic access to Mimikatz, the powerful credential extraction and security assessment tool for Windows systems.

WARNING: This tool is intended for authorized security testing only. Unauthorized use of Mimikatz may be illegal and unethical. Always ensure you have proper authorization before using this tool.

Features

  • Credential Extraction: Extract plaintext passwords, NTLM hashes, Kerberos tickets from memory
  • SAM/LSA Dumping: Dump local SAM database and LSA secrets
  • DCSync Attacks: Replicate Active Directory credentials
  • Kerberos Attacks: Create Golden/Silver tickets, Pass-the-Ticket
  • DPAPI Decryption: Decrypt Windows Data Protection API master keys
  • Certificate Export: Export certificates with private keys
  • Token Manipulation: Elevate privileges and impersonate users

Installation

Prerequisites

  • Node.js 18+
  • Mimikatz binary (see Setup)
  • Windows (native) or Linux with Wine (for Kali Linux)

Quick Start

# Clone the repository
git clone https://github.com/schwarztim/sec-mimikatz-mcp.git
cd sec-mimikatz-mcp

# Install dependencies
npm install

# Build
npm run build

Mimikatz Setup

Windows

Download Mimikatz from the official repository and place it in one of these locations:

  • C:\tools\mimikatz\x64\mimikatz.exe
  • C:\mimikatz\x64\mimikatz.exe
  • %USERPROFILE%\mimikatz\x64\mimikatz.exe

Or set the MIMIKATZ_PATH environment variable.

Kali Linux

Mimikatz is typically pre-installed:

# Check if mimikatz is available
locate mimikatz.exe

# Common paths on Kali:
# /usr/share/windows-resources/mimikatz/x64/mimikatz.exe
# /usr/share/mimikatz/x64/mimikatz.exe

Usage

Claude Desktop Configuration

Add to your claude_desktop_config.json:

{
  "mcpServers": {
    "mimikatz": {
      "command": "node",
      "args": ["/path/to/sec-mimikatz-mcp/dist/index.js"],
      "env": {
        "MIMIKATZ_PATH": "/path/to/mimikatz.exe"
      }
    }
  }
}

MCP Configuration (user-mcps.json)

{
  "mimikatz": {
    "command": "node",
    "args": ["/path/to/sec-mimikatz-mcp/dist/index.js"],
    "env": {
      "MIMIKATZ_PATH": "/usr/share/windows-resources/mimikatz/x64/mimikatz.exe"
    }
  }
}

Available Tools

Status and Information

Tool Description
mimikatz_status Check Mimikatz installation status and system compatibility

Credential Extraction (sekurlsa)

Tool Description
mimikatz_sekurlsa_logonpasswords Extract plaintext passwords, hashes, PIN codes, and Kerberos tickets
mimikatz_sekurlsa_wdigest Extract WDigest credentials from LSASS
mimikatz_sekurlsa_kerberos List Kerberos credentials and tickets
mimikatz_sekurlsa_msv Extract NTLM hashes (MSV1_0 credentials)

LSA/SAM Dumping

Tool Description
mimikatz_lsadump_sam Dump SAM database hashes (local accounts)
mimikatz_lsadump_secrets Dump LSA secrets (service account credentials)
mimikatz_lsadump_dcsync DCSync attack to replicate AD credentials

Kerberos Attacks

Tool Description
mimikatz_kerberos_golden Create Golden Ticket for persistent domain access
mimikatz_kerberos_silver Create Silver Ticket for service-specific access
mimikatz_kerberos_ptt Pass-the-Ticket: Import a Kerberos ticket
mimikatz_kerberos_list List Kerberos tickets in current session
mimikatz_kerberos_purge Purge all Kerberos tickets

Additional Tools

Tool Description
mimikatz_vault_cred Dump Windows Vault credentials (saved passwords)
mimikatz_dpapi_masterkey Decrypt DPAPI master keys
mimikatz_crypto_certificates Export certificates with private keys
mimikatz_token_elevate Elevate to SYSTEM or impersonate users
mimikatz_privilege_debug Enable SeDebugPrivilege
mimikatz_process_list List running processes with security context
mimikatz_misc_cmd Spawn command prompt with elevated context
mimikatz_custom Execute custom Mimikatz commands

Examples

Check Installation Status

Tool: mimikatz_status

Extract Logon Passwords

Tool: mimikatz_sekurlsa_logonpasswords

DCSync Attack

Tool: mimikatz_lsadump_dcsync
Arguments:
  domain: "corp.example.com"
  user: "Administrator"

Create Golden Ticket

Tool: mimikatz_kerberos_golden
Arguments:
  domain: "corp.example.com"
  sid: "S-1-5-21-..."
  krbtgt_hash: "aad3b435b51404eeaad3b435b51404ee"
  user: "FakeAdmin"

Custom Commands

Tool: mimikatz_custom
Arguments:
  commands: ["privilege::debug", "sekurlsa::logonpasswords", "exit"]

Security Considerations

  1. Authorization: Only use on systems you own or have explicit permission to test
  2. Privilege Requirements: Most tools require administrative/SYSTEM privileges
  3. Detection: Mimikatz is detected by most antivirus/EDR solutions
  4. Audit Logs: Actions may be logged by Windows Event Log and SIEM systems
  5. Legal Compliance: Ensure compliance with all applicable laws and regulations

Environment Variables

Variable Description
MIMIKATZ_PATH Full path to mimikatz.exe binary

Troubleshooting

Mimikatz Not Found

Set the MIMIKATZ_PATH environment variable to the full path of your mimikatz.exe binary.

Permission Denied

Run with elevated privileges (Administrator on Windows, root on Linux).

Wine Issues on Linux

Ensure Wine is properly installed and configured:

sudo apt install wine64
wine --version

Development

# Install dependencies
npm install

# Development mode (with hot reload)
npm run dev

# Build
npm run build

# Run
npm start

License

MIT License - see LICENSE

Disclaimer

This tool is provided for educational and authorized security testing purposes only. The authors are not responsible for any misuse or damage caused by this tool. Always obtain proper authorization before conducting security assessments.

References

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured