Active Directory Security Tools

Dumping DPAPI credz remotely

An executable that simplifies adding the msds-AllowedToActOnBehalfOfOtherIdentity attribute for RBCD

a real-world reconnaissance against SMB discovery automation

Active Directory information dumper via LDAP

autoNTDS is an automation script designed to simplify the process of dumping and cracking NTDS hashes using secretsdump.py and hashcat

Active Directory Mindmap Recipes: A Compromise à la Carte

PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.

Tool for Active Directory Certificate Services enumeration and abuse

A tool to perform Kerberos pre-auth bruteforcing

smbclient-ng, a fast and user friendly way to interact with SMB shares.

Fileless lateral movement tool that relies on ChangeServiceConfigA to run command

Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV.

The Network Execution Tool

Remote Desktop Protocol .NET Console Application for Authenticated Command Execution

DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAREFUL NOT TO LOCKOUT ACCOUNTS!

Automation for internal Windows Penetrationtest / AD-Security

This repo contains Mac M1/M2/M3/M4 Responder Prebuilt binary

Six Degrees of Domain Admin

Impacket is a collection of Python classes for working with network protocols.

PowerShell MachineAccountQuota and DNS exploit tools

PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server

PowerSploit - A PowerShell Post-Exploitation Framework

Attack Graph Visualizer and Explorer (Active Directory) ...Who's *really* Domain Admin?