Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…

StandIn is a small .NET35/45 AD post-exploitation toolkit

PoC tool to coerce Windows hosts authenticate to other machines via the MS-RPRN RPC interface. This is possible via other protocols as well.

Go alternative of python SimpleHTTPServer

Active Directory information dumper via LDAP

A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.

Powershell function to pull the local admin passwords from LDAP, stored there by LAPS.

Windows Event Log Killer

OpSec-safe Powershell runspace from within C# (aka SharpPick) with AMSI, Constrained Language Mode and Script Block Logging disabled at startup

The goal of this repository is to document the most common techniques to bypass AppLocker.

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk

A free open source IT asset/license management system

An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.

A little tool to play with Windows security

SeImpersonate privilege escalation tool for Windows 8 - 11 and Windows Server 2012 - 2022 with extensive PowerShell and .NET reflection support.

New version of RottenPotato as a C++ DLL and standalone C++ binary - no need for meterpreter or other tools.

Retrieve and display information about active user sessions on remote computers. No admin privileges required.

a tool for pentesters to help find delicious candy, by @l0ss and @Sh3r4 ( Twitter: @/mikeloss and @/sh3r4_hax )

DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAR…

Wordlists for creating statistically likely username lists for use in password attacks and security testing

A tool to perform Kerberos pre-auth bruteforcing

Find secrets with Gitleaks 🔑

game of active directory

smbclient-ng, a fast and user friendly way to interact with SMB shares.

.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers

PowerSploit - A PowerShell Post-Exploitation Framework