Windows Active Directory
This repository contains a list of python scripts to work with Microsoft RPC for research purposes.
A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.
A list of methods to coerce a windows machine to authenticate to an attacker-controlled machine through a Remote Procedure Call (RPC) with various protocols.
A python script to dump files and folders remotely from a Windows SMB share.
FindUncommonShares is a Python script allowing to quickly find uncommon shares in vast Windows Domains, and filter by READ or WRITE accesses.
The ldap2json script allows you to extract the whole LDAP content of a Windows domain into a JSON file.
Extract all users from an Active Directory domain to an Excel worksheet.
A python wrapper to run a command on against all users/computers/DCs of a Windows Domain
Python setter/getter for property ms-Mcs-AdmPwd used by LAPS.
The ldapconsole script allows you to perform custom LDAP requests to a Windows domain.
A python script to force authentication using MS-RPRN RemoteFindFirstPrinterChangeNotificationEx function (opnum 65).
A Python native library containing necessary classes, functions and structures to interact with Windows Active Directory.
Decode the values of common Windows properties such as userAccountControl and sAMAccountType.
A collection of python scripts to work with Windows Hives.
A python script to automatically add a KeyCredentialLink to newly created users, by quickly connecting to them with default credentials.
Impacket is a collection of Python classes for working with network protocols.
Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user
Dump NTDS with golden certificates and UnPAC the hash
Generate graphs and charts based on password cracking result
An advanced tool for working with access tokens and Windows security policy.
GeoWordlists is a tool to generate wordlists of passwords containing cities at a defined distance around the client city.
Collection of PoC and offensive techniques used by the BlackArrow Red Team
Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration!
A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.
A tool to generate a wordlist from the information present in LDAP, in order to crack passwords of domain accounts.
PowerShell toolkit for AD CS auditing based on the PSPKI toolkit.