AD
Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, effectively adding "Shadow Credentials" to the target account.
ADExplorerSnapshot.py is an AD Explorer snapshot parser. It is made as an ingestor for BloodHound via BOFHound, and also supports full-object dumping to NDJSON.
BloodyAD is an Active Directory Privilege Escalation Framework
Custom Query list for the Bloodhound GUI based off my cheatsheet
Find vulnerabilities in AD Group Policy, but do it better than Grouper2 did.
Automation for internal Windows Penetrationtest / AD-Security
Proof-of-Concept tool to authenticate to an LDAP/S server with a certificate through Schannel
Tool for Active Directory Certificate Services enumeration and abuse
Powershell tool to automate Active Directory enumeration.
Check for LDAP protections regarding the relay of NTLM authentication
FindUncommonShares is a Python script allowing to quickly find uncommon shares in vast Windows Domains, and filter by READ or WRITE accesses.
SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by…
Partial python implementation of SharpGPOAbuse
SCCMHunter is a post-ex tool built to streamline identifying, profiling, and attacking SCCM related assets in an Active Directory domain.
Attack Graph Visualizer and Explorer (Active Directory) ...Who's *really* Domain Admin?
Quietly and anonymously bruteforce Active Directory usernames at insane speeds from Domain Controllers by (ab)using LDAP Ping requests (cLDAP)
DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments.
PingCastle - Get Active Directory Security at 80% in 20% of the time
Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS).
A collection of scripts for assessing Microsoft Azure security