← All tools

SAMDump

https://ricardojoserf.github.io/samdump/

Free

Categories

Exploitation

Description

Extract the SAM and SYSTEM hives using the Volume Shadow Copy (VSS) API. With exfiltration and XOR obfuscation options. Implemented in C#, C++, Crystal and Python

Keywords

malware-development ntapi red-team red-team-tools redteam redteam-tools security-tools c#

Screenshots

Example Usage

SAMDump.exe [OPTIONS]

Options:
  --save-local [BOOL]    Save locally (default: false)
  --output-dir DIR       Output directory (default: C:\Windows\tasks)
  --send-remote [BOOL]   Send remotely (default: false)
  --host IP              Host for remote sending (default: 127.0.0.1)
  --port PORT            Port for remote sending (default: 7777)
  --xor-encode [BOOL]    XOR Encode (default: false)
  --xor-key KEY          Enable XOR with specified key (default: SAMDump2025)
  --disk DISK            Disk for shadow copy (default: C:\)
  --help                 Show this help