BloodHound BloodHound is a single-page Javascript web application, built on top of Linkurious, compiled with Electron, with a Neo4j database fed by a PowerShell ingestor. BloodHound uses graph theory to reveal the hidden and often unintended...
Certipy Certipy is a Python tool to enumerate and abuse misconfigurations in Active Directory Certificate Services (AD CS). Changelog v4.8.2 Fixes issue #172 Install git clone https://github.com/ly4k/Certipy.git python3 setup.py install Use Examples Auto...
AD ACL Scanner A tool completely is written in PowerShell. A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory. Features It...
Lithnet Password Protection for Active Directory (LPP) enhances the options available to an organization wanting to ensure that all their Active Directory accounts have strong passwords. LPP is a module that you install on...
Network PenTest / Sniffing & Spoofing
by do son · Published January 25, 2018 · Last modified October 25, 2022
icebreaker Break the ice with that cute Active Directory environment over there. When you’re cold and alone staring in at an Active Directory party but don’t possess even a single AD credential to join...
Aced Aced is a tool to parse and resolve a single targeted Active Directory principal’s DACL. Aced will identify interesting inbound access allowed privileges against the targeted account, resolve the SIDS of the inbound...
Information Gathering / Network PenTest / Post Exploitation
by do son · Published October 30, 2018 · Last modified October 10, 2021
ADRecon: Active Directory Recon ADRecon is a tool which extracts and combines various artifacts (as highlighted below) out of an AD environment. The information can be presented in a specially formatted Microsoft Excel report...
Get-bADpasswords Get insights into the actual strength and quality of passwords in Active Directory. This module is able to compare password hashes of enabled Active Directory users against bad/weak/non-compliant passwords (e.g. hackers first guess...
cracke-dit (“Cracked It”) makes it easier to perform regular password audits against Active Directory environments. Ensuring your users have strong passwords throughout the organization is still your best line of defense against common attacks. Many organizations...
DCEPT (Domain Controller Enticing Password Tripwire) is a honeytoken-based tripwire for Microsoft’s Active Directory. Honeytokens are pieces of information intentionally littered with the system so they can be discovered by an intruder. In the...
