Awesome-Active-Directory-PenTest-Tools icon indicating copy to clipboard operation
Awesome-Active-Directory-PenTest-Tools copied to clipboard

Published 7 months ago β€’ verified publisher icon CyberSecurityUP
β†’

Metadata

πŸ›‘οΈ Awesome Active Directory Pentest Tools

πŸ” Enumeration & Recon

  1. BloodHound
    Visualizes privilege escalation paths and relationships in AD.

  2. SharpHound
    Data collector for BloodHound in PowerShell and C#.

  3. Enum4Linux
    Enumerates SMB info (users, groups, shares) from Linux.

  4. WADComs
    Collection of useful AD commands for Windows environments.

  5. Grouper2
    Enumerates misconfigured GPOs for privilege escalation.

  6. Seatbelt (GhostPack)
    Situational awareness tool for post-exploitation.

πŸ” Credential Dumping & Kerberos Abuse

  1. Mimikatz
    Extracts passwords, hashes, tickets and more.

  2. Rubeus
    Kerberos abuse toolkit (tickets, AS-REP roasting, etc).

  3. Kekeo
    Advanced Kerberos manipulation by the author of Mimikatz.

  4. SharpLAPS
    Dumps LAPS passwords via LDAP.

  5. LAPSDumper
    Extracts LAPS secrets from AD.

  6. Pandora
    Extracts credentials from Windows Credential Manager.

βš”οΈ NTLM Relay, Coercion & Network Attacks

  1. Responder
    Poisoner for LLMNR, NBT-NS and WPAD.

  2. NTLMThief
    Captures NTLMv2 hashes via remote file access.

  3. Impacket
    Python library with tools like ntlmrelayx, secretsdump, wmiexec.

  4. ntlmrelayx
    Relay NTLM authentication for code execution or token abuse.

  5. PetitPotam
    Forces NTLM auth via MS-EFSRPC endpoint.

  6. Coercer
    Forces authentication via DCE/RPC to relayable services.

  7. Coerce-NTLM (PrintNightmare)
    Trigger NTLM authentication via MS-RPRN and others.

πŸŽ“ Active Directory Certificate Services (ADCS) Attacks

  1. Certipy
    Exploits vulnerable certificate templates (ESC1–ESC8).

  2. ForgeCert
    Creates forged certificates for impersonation/persistence.

  3. ADCSKiller
    Automates enumeration and exploitation of ADCS environments.

πŸ“¦ Post-Exploitation & Persistence

  1. PowerSploit
    PowerShell scripts for persistence, recon and more.

  2. PowerSharpPack
    Offensive C# tools inspired by PowerSploit.

  3. CrackMapExec
    Swiss army knife for AD recon, spray, and execution.

  4. NetExec
    Modern fork of CME with improved modules and usability.

  5. BloodyAD
    Abuse ACLs for privilege escalation in AD.

  6. GhostPack
    Collection of tools: SharpUp, SharpDump, Seatbelt, etc.

  7. Whisker
    Kerberos delegation abuse via S4U2Self and S4U2Proxy.

  8. PyWhisker
    Python version of Whisker delegation attacks.

  9. DCOMrade
    Discover vulnerable DCOM objects for remote execution.

πŸ§ͺ C2 Frameworks & Support Tools

  1. PowerShell Empire
    Post-exploitation C2 framework focused on PowerShell.

  2. PoshC2
    Command-and-control framework with HTTP/HTTPS agents.

πŸ”§ Miscellaneous & Analysis Tools

  1. ADExplorerSnapshot.py
    Compares AD Explorer snapshot files to detect changes.

  2. SharpView
    AD enumeration and manipulation via C#.

πŸ“Œ Contributing

Want to add your tool or suggest a category? Feel free to open an issue or PR!

🧠 Disclaimer

This repository is for educational and authorized security testing only. Always get proper permission before using any of these tools.

← Metadata

135
Stars
30
Forks
135
Watchers

Owner

verified publisher icon CyberSecurityUP

Metadata

Back