List of some AD tools I frequently use
- Recommendations
- Installation
- netexec
- impacket
- BloodHound
- BloodHound.py Legacy
- BloodHound.py CE
- bofhound
- RustHound
- bloodyAD
- powerview.py
- certipy
- PKINITtools
- targetedKerberoast
- gssapi-abuse
- krbrelayx
- ntdissector
- sliver
- Responder
- pypykatz
- pywhisker
- PetitPotam
- pyGPOAbuse
- SharpCollection
- PowerView
- Powermad
- ntlm_theft
- hashgrab
- RunasCs
- GodPotato
- PrintSpoofer
- DeadPotato
- proxychains
- chisel
- ligolo-ng
- nc64.exe
- rcat
- ConPtyShell
- winpspy
- winPEAS
- PrivescCheck
- LaZagne
- It is recommended to use
pipxwhenever possible for installing command-line python applications to keep them isolated. - It is also recommended to use a python virtual environment when installing tools to avoid breaking system-wide packages.
python3 -m venv venv
source venv/bin/activate
(venv) âžś
# to exit the virtual env
(venv) deactivate
sudo apt install pipx git
pipx ensurepath
pipx install git+https://github.com/Pennyw0rth/NetExec
python3 -m pipx install impacket
wget https://github.com/BloodHoundAD/BloodHound/releases/download/v4.3.1/BloodHound-linux-x64.zip
unzip BloodHound-linux-x64.zip
mv BloodHound-linux-x64 BloodHound
./BloodHound --disable-gpu-sandbox
Add this alias to the ~/.zshrc file
alias bloodhound="~/tools/BloodHound/BloodHound --disable-gpu-sandbox"
pipx install bloodhound
pipx install bloodhound-ce
pip3 install bofhound
git clone https://github.com/NH-RED-TEAM/RustHound.git
Install rust
curl https://sh.rustup.rs -sSf | sh
Build
cd RustHound
make install
pipx install bloodyAD
sudo apt install libkrb5-dev
pipx install "git+https://github.com/aniqfakhrul/powerview.py"
Using pip
python3 -m venv certipy-venv
source certipy-venv/bin/activate
pip install certipy-ad
Using pipx
pipx install -f "git+https://github.com/ly4k/Certipy.git"
git clone https://github.com/dirkjanm/PKINITtools
git clone https://github.com/ShutdownRepo/targetedKerberoast
git clone https://github.com/CCob/gssapi-abuse
git clone https://github.com/dirkjanm/krbrelayx
git clone https://github.com/synacktiv/ntdissector
python3 -m pip install ./ntdissector
wget https://github.com/BishopFox/sliver/releases/download/v1.5.44/sliver-server_linux -O sliver-server
chmod +x sliver-server
wget https://github.com/BishopFox/sliver/releases/download/v1.5.44/sliver-client_linux -O sliver-client
chmod +x sliver-client
git clone https://github.com/SpiderLabs/Responder.git
pip3 install pypykatz
git clone https://github.com/ShutdownRepo/pywhisker.git
git clone https://github.com/topotam/PetitPotam.git
git clone https://github.com/Hackndo/pyGPOAbuse.git
git clone https://github.com/Flangvik/SharpCollection
wget https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/refs/heads/master/Recon/PowerView.ps1
git clone https://github.com/Kevin-Robertson/Powermad.git
git clone https://github.com/Greenwolf/ntlm_theft
git clone https://github.com/xct/hashgrab
wget https://github.com/antonioCoco/RunasCs/releases/download/v1.5/RunasCs.zip
unzip RunasCs.zip
wget https://github.com/BeichenDream/GodPotato/releases/download/V1.20/GodPotato-NET4.exe -O gp.exe
wget https://github.com/itm4n/PrintSpoofer/releases/download/v1.0/PrintSpoofer64.exe
wget https://github.com/itm4n/PrintSpoofer/releases/download/v1.0/PrintSpoofer32.exe
wget https://github.com/lypd0/DeadPotato/releases/download/v1.2/DeadPotato-NET4.exe
sudo apt-get install proxychains4
wget https://github.com/jpillora/chisel/releases/download/v1.11.3/chisel_1.11.3_linux_amd64.gz
gunzip -d chisel_1.11.3_linux_amd64.gz
wget https://github.com/jpillora/chisel/releases/download/v1.11.3/chisel_1.11.3_windows_amd64.zip
7z x chisel_1.11.3_windows_amd64.zip
wget https://github.com/nicocha30/ligolo-ng/releases/download/v0.8.2/ligolo-ng_proxy_0.8.2_linux_amd64.tar.gz
wget https://github.com/nicocha30/ligolo-ng/releases/download/v0.8.2/ligolo-ng_agent_0.8.2_linux_amd64.tar.gz
wget wget https://github.com/nicocha30/ligolo-ng/releases/download/v0.8.2/ligolo-ng_agent_0.8.2_windows_amd64.zip
tar xvf ligolo-ng_proxy_0.8.2_linux_amd64.tar.gz
tar xvf ligolo-ng_agent_0.8.2_linux_amd64.tar.gz
7z x ligolo-ng_agent_0.8.2_windows_amd64.zip
wget https://github.com/int0x33/nc.exe/raw/refs/heads/master/nc64.exe
git clone https://github.com/xct/rcat.git
sudo apt update && sudo apt install mingw-w64
cd rcat
rcat git:(main) rustup target add x86_64-pc-windows-gnu
rcat git:(main) rustup toolchain install stable-x86_64-pc-windows-gnu
rcat git:(main) cargo build --release --target x86_64-pc-windows-gnu ### windows
rcat git:(main) cargo build --release ### linux
rcat git:(main) ls target/release/rcat
target/release/rcat
rcat git:(main) ls target/x86_64-pc-windows-gnu/release/rcat.exe
target/x86_64-pc-windows-gnu/release/rcat.exe
wget https://github.com/antonioCoco/ConPtyShell/releases/download/1.5/ConPtyShell.zip
wget https://raw.githubusercontent.com/antonioCoco/ConPtyShell/refs/heads/master/Invoke-ConPtyShell.ps1
git clone https://github.com/xct/winpspy
Build with Visual Studio
wget https://github.com/peass-ng/PEASS-ng/releases/download/20240922-a5703fe8/winPEASx64.exe
wget https://github.com/itm4n/PrivescCheck/releases/download/2025.10.06-1/PrivescCheck.ps1
wget https://github.com/AlessandroZ/LaZagne/releases/download/v2.4.7/LaZagne.exe