Advanced Active Directory network topology analyzer with SMB validation, multiple authentication methods (password/NTLM/Kerberos), and comprehensive network discovery. Export results as BloodHound‑…

Python 599 65 Updated Oct 21, 2025

rasta-mouse / GadgetHunter

Find jmp gadgets for call stack spoofing.

C# 63 8 Updated Oct 1, 2025

Mr-Un1k0d3r / .NetConfigLoader

.net config loader

343 38 Updated Nov 9, 2023

tijme / dittobytes

Metamorphic cross-compilation of C++ & C-code to PIC, BOF & EXE.

C++ 551 59 Updated Sep 9, 2025

ZephrFish / pyLDAPGui

Python based GUI for browsing LDAP

Python 170 15 Updated Sep 15, 2025

guervild / BOFs

Cobalt Strike Beacon Object Files

C 166 27 Updated May 2, 2022

Mr-Un1k0d3r / Elevate-System-Trusted-BOF

C 160 26 Updated Mar 27, 2023

kleiton0x00 / RtlHijack

Alternative Read and Write primitives using Rtl* functions the unintended way.

C 76 10 Updated Aug 25, 2025

xct / SeManageVolumeAbuse

SeManageVolumePrivilege to SYSTEM

C++ 140 20 Updated Nov 22, 2023

aniqfakhrul / powerview.py

Just another Powerview alternative but on steroids

Python 817 82 Updated Nov 2, 2025

ly4k / PassTheChallenge

Recovering NTLM hashes from Credential Guard

C 350 22 Updated Dec 26, 2022

xct / rcat

rcat

Rust 72 11 Updated Mar 7, 2022

ZephrFish / ADFSDump-PS

PowerShell Implementation of ADFSDump to assist with GoldenSAML

PowerShell 37 11 Updated Apr 26, 2025

TheManticoreProject / Delegations

A tool to work with all types of Kerberos delegations (unconstrained, constrained, and resource-based constrained delegations) in Active Directory

Go 208 20 Updated Jun 29, 2025

zzzteph / weakpass

Weakpass collection of tools for bruteforce and hashcracking

Vue 635 64 Updated Oct 1, 2025

xaitax / Chrome-App-Bound-Encryption-Decryption

Fully decrypt App-Bound Encrypted (ABE) cookies, passwords & payment methods from Chromium-based browsers (Chrome, Brave, Edge) - all in user mode, no admin rights required.

C 1,127 192 Updated Nov 2, 2025

TheManticoreProject / FindGPPPasswords

A cross-platform tool to find and decrypt Group Policy Preferences passwords from the SYSVOL share using low-privileged domain accounts

Go 164 23 Updated Jun 29, 2025

MorDavid / BloodHound-MCP-AI

BloodHound-MCP-AI is integration that connects BloodHound with AI through Model Context Protocol, allowing security professionals to analyze Active Directory attack paths using natural language ins…

Python 302 44 Updated Jun 2, 2025

mpgn / BackupOperatorToDA

From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller

C++ 434 55 Updated Jan 4, 2025

FuzzySecurity / StandIn

StandIn is a small .NET35/45 AD post-exploitation toolkit

C# 815 135 Updated Dec 2, 2023

S3cur3Th1sSh1t / Amsi-Bypass-Powershell

This repo contains some Amsi Bypass methods i found on different Blog Posts.

2,059 326 Updated Nov 28, 2024

rasta-mouse / process-inject-kit

Port of Cobalt Strike's Process Inject Kit

C++ 188 29 Updated Dec 1, 2024

rvrsh3ll / BOF_Collection

Various Cobalt Strike BOFs

C 703 62 Updated Oct 16, 2022

tijme / cmstplua-uac-bypass

Cobalt Strike Beacon Object File for bypassing UAC via the CMSTPLUA COM interface.

C 204 28 Updated Oct 9, 2022

CCob / BOF.NET

A .NET Runtime for Cobalt Strike's Beacon Object Files

C 753 109 Updated Sep 4, 2024

Flangvik / SharpCollection

Nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.

2,674 380 Updated Oct 25, 2025

lineeralgebra

Lists (3)

🔮 Future ideas

✨ Inspiration

🚀 My stack

Starred repositories

malware-development