List of some AD tools I frequently use
- Recommendations
- Installation
- netexec
- impacket
- BloodHound
- BloodHound.py Legacy
- BloodHound.py CE
- bofhound
- RustHound
- bloodyAD
- powerview.py
- certipy
- PKINITtools
- targetedKerberoast
- gssapi-abuse
- krbrelayx
- ntdissector
- sliver
- Responder
- pypykatz
- pywhisker
- PetitPotam
- pyGPOAbuse
- SharpCollection
- PowerView
- Powermad
- ntlm_theft
- hashgrab
- RunasCs
- GodPotato
- PrintSpoofer
- DeadPotato
- proxychains
- chisel
- ligolo-ng
- nc64.exe
- rcat
- ConPtyShell
- winpspy
- winPEAS
- PrivescCheck
- LaZagne
- It is recommended to use
pipxwhenever possible for installing command-line python applications to keep them isolated. - It is also recommended to use a python virtual environment when installing tools to avoid breaking system-wide packages.
➜ python3 -m venv venv
➜ source venv/bin/activate
(venv) ➜
# to exit the virtual env
(venv) ➜ deactivate
➜ sudo apt install pipx git
➜ pipx ensurepath
➜ pipx install git+https://github.com/Pennyw0rth/NetExec
➜ python3 -m pipx install impacket
➜ wget https://github.com/BloodHoundAD/BloodHound/releases/download/v4.3.1/BloodHound-linux-x64.zip
➜ unzip BloodHound-linux-x64.zip
➜ mv BloodHound-linux-x64 BloodHound
➜ ./BloodHound --disable-gpu-sandbox
Add this to the ~/.zshrc file
alias bloodhound="~/tools/BloodHound/BloodHound --disable-gpu-sandbox"
pipx install bloodhound
pipx install bloodhound-ce
pip3 install bofhound
➜ git clone https://github.com/NH-RED-TEAM/RustHound.git
➜ curl https://sh.rustup.rs -sSf | sh
➜ cd RustHound
➜ RustHound git:(main) make install
➜ pip3 install bloodyAD
using pipx
pipx install bloodyAD
➜ sudo apt install libkrb5-dev
➜ pip3 install powerview
➜ pip3 install certipy-ad
Or using pipx
➜ pipx install -f "git+https://github.com/ly4k/Certipy.git"
➜ git clone https://github.com/dirkjanm/PKINITtools
➜ git clone https://github.com/ShutdownRepo/targetedKerberoast
➜ git clone https://github.com/CCob/gssapi-abuse
➜ git clone https://github.com/dirkjanm/krbrelayx
➜ git clone https://github.com/synacktiv/ntdissector
➜ python3 -m pip install ./ntdissector
➜ wget https://github.com/BishopFox/sliver/releases/download/v1.5.42/sliver-server_linux -O sliver-server
➜ chmod +x sliver-server
➜ wget https://github.com/BishopFox/sliver/releases/download/v1.5.42/sliver-client_linux -O sliver-client
➜ chmod +x sliver-client
➜ git clone https://github.com/SpiderLabs/Responder.git
➜ pip3 install pypykatz
➜ git clone https://github.com/ShutdownRepo/pywhisker.git
➜ git clone https://github.com/topotam/PetitPotam.git
➜ git clone https://github.com/Hackndo/pyGPOAbuse.git
➜ git clone https://github.com/Flangvik/SharpCollection
➜ wget https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/refs/heads/master/Recon/PowerView.ps1
➜ git clone https://github.com/Kevin-Robertson/Powermad.git
➜ git clone https://github.com/Greenwolf/ntlm_theft
➜ git clone https://github.com/xct/hashgrab
➜ wget https://github.com/antonioCoco/RunasCs/releases/download/v1.5/RunasCs.zip
➜ unzip RunasCs.zip
➜ wget https://github.com/BeichenDream/GodPotato/releases/download/V1.20/GodPotato-NET4.exe -O gp.exe
➜ wget https://github.com/itm4n/PrintSpoofer/releases/download/v1.0/PrintSpoofer64.exe
➜ wget https://github.com/itm4n/PrintSpoofer/releases/download/v1.0/PrintSpoofer32.exe
➜ wget https://github.com/lypd0/DeadPotato/releases/download/v1.2/DeadPotato-NET4.exe
➜ sudo apt-get install proxychains4
➜ wget https://github.com/jpillora/chisel/releases/download/v1.10.0/chisel_1.10.0_linux_amd64.gz
➜ gunzip chisel_1.10.0_linux_amd64.gz
➜ mv chisel_1.10.0_linux_amd64 chisel
➜ chmod +x chisel
➜ wget https://github.com/jpillora/chisel/releases/download/v1.10.0/chisel_1.10.0_windows_amd64.gz
➜ gunzip chisel_1.10.0_windows_amd64.gz
➜ mv chisel_1.10.0_windows_amd64 chisel.exe
➜ wget https://github.com/nicocha30/ligolo-ng/releases/download/v0.7.2-alpha/ligolo-ng_proxy_0.7.2-alpha_linux_amd64.tar.gz
➜ wget https://github.com/nicocha30/ligolo-ng/releases/download/v0.7.2-alpha/ligolo-ng_agent_0.7.2-alpha_windows_amd64.zip
➜ tar xvf ligolo-ng_proxy_0.7.2-alpha_linux_amd64.tar.gz
➜ unzip ligolo-ng_agent_0.7.2-alpha_windows_amd64.zip
➜ ls
agent.exe proxy
➜ wget https://github.com/int0x33/nc.exe/raw/refs/heads/master/nc64.exe
➜ git clone https://github.com/xct/rcat.git
➜ sudo apt update && sudo apt install mingw-w64
➜ cd rcat
➜ rcat git:(main) rustup target add x86_64-pc-windows-gnu
➜ rcat git:(main) rustup toolchain install stable-x86_64-pc-windows-gnu
➜ rcat git:(main) cargo build --release --target x86_64-pc-windows-gnu ### windows
➜ rcat git:(main) cargo build --release ### linux
➜ rcat git:(main) ls target/release/rcat
target/release/rcat
➜ rcat git:(main) ls target/x86_64-pc-windows-gnu/release/rcat.exe
target/x86_64-pc-windows-gnu/release/rcat.exe
➜ wget https://github.com/antonioCoco/ConPtyShell/releases/download/1.5/ConPtyShell.zip
➜ wget https://raw.githubusercontent.com/antonioCoco/ConPtyShell/refs/heads/master/Invoke-ConPtyShell.ps1
➜ git clone https://github.com/xct/winpspy
Build with Visual Studio
➜ wget https://github.com/peass-ng/PEASS-ng/releases/download/20240922-a5703fe8/winPEASx64.exe
➜ wget https://raw.githubusercontent.com/itm4n/PrivescCheck/refs/heads/master/PrivescCheck.ps1
➜ wget https://github.com/AlessandroZ/LaZagne/releases/download/v2.4.6/LaZagne.exe