Alternatives and similar repositories for ntlm_theft

Users that are interested in ntlm_theft are comparing it to the libraries listed below

• antonioCoco / RunasCs

  View on GitHub
  RunasCs - Csharp and open version of windows builtin runas.exe
  ☆1,335Jul 12, 2024Updated last year
• CravateRouge / bloodyAD

  View on GitHub
  BloodyAD is an Active Directory Privilege Escalation Framework
  ☆2,077Jan 31, 2026Updated last week
• Flangvik / SharpCollection

  View on GitHub
  Nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion using Azure …
  ☆2,765Nov 15, 2025Updated 2 months ago
• dirkjanm / krbrelayx

  View on GitHub
  Kerberos relaying and unconstrained delegation abuse toolkit
  ☆1,526Jan 27, 2025Updated last year
• AlmondOffSec / PassTheCert

  View on GitHub
  Proof-of-Concept tool to authenticate to an LDAP/S server with a certificate through Schannel
  ☆724Sep 3, 2025Updated 5 months ago
• GhostPack / Certify

  View on GitHub
  Active Directory certificate abuse.
  ☆1,911Oct 27, 2025Updated 3 months ago
• ly4k / Certipy

  View on GitHub
  Tool for Active Directory Certificate Services enumeration and abuse
  ☆3,385Dec 3, 2025Updated 2 months ago
• p0dalirius / Coercer

  View on GitHub
  A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.
  ☆2,174Jan 5, 2026Updated last month
• S3cur3Th1sSh1t / PowerSharpPack

  View on GitHub
  ☆1,665Apr 14, 2025Updated 9 months ago
• eladshamir / Whisker

  View on GitHub
  Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, …
  ☆929Nov 11, 2024Updated last year
• login-securite / DonPAPI

  View on GitHub
  Dumping DPAPI credz remotely
  ☆1,318Mar 24, 2025Updated 10 months ago
• ShutdownRepo / targetedKerberoast

  View on GitHub
  Kerberoast with ACL abuse capabilities
  ☆603Dec 16, 2024Updated last year
• SnaffCon / Snaffler

  View on GitHub
  a tool for pentesters to help find delicious candy, by @l0ss and @Sh3r4 ( Twitter: @/mikeloss and @/sh3r4_hax )
  ☆2,722Feb 2, 2026Updated last week
• dirkjanm / PKINITtools

  View on GitHub
  Tools for Kerberos PKINIT and relaying to AD CS
  ☆874Jan 3, 2025Updated last year
• Mayyhem / SharpSCCM

  View on GitHub
  A C# utility for interacting with SCCM
  ☆682Aug 20, 2025Updated 5 months ago
• Dec0ne / KrbRelayUp

  View on GitHub
  KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default…
  ☆1,628Aug 6, 2022Updated 3 years ago
• garrettfoster13 / sccmhunter

  View on GitHub
  SCCMHunter is a post-ex tool built to streamline identifying, profiling, and attacking SCCM related assets in an Active Directory domain.…
  ☆882Feb 5, 2026Updated last week
• topotam / PetitPotam

  View on GitHub
  PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.
  ☆2,175Aug 15, 2024Updated last year
• RedTeamPentesting / pretender

  View on GitHub
  Your MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS, LLMNR and NetBIOS-NS spoofing.
  ☆1,256Dec 9, 2025Updated 2 months ago
• itm4n / FullPowers

  View on GitHub
  Recover the default privilege set of a LOCAL/NETWORK SERVICE account
  ☆672May 3, 2020Updated 5 years ago
• Wh04m1001 / DFSCoerce

  View on GitHub
  ☆827Sep 9, 2022Updated 3 years ago
• cube0x0 / KrbRelay

  View on GitHub
  Framework for Kerberos relaying
  ☆939May 29, 2022Updated 3 years ago
• ShutdownRepo / pywhisker

  View on GitHub
  Python version of the C# tool for "Shadow Credentials" attacks
  ☆851Feb 1, 2026Updated last week
• itm4n / PrivescCheck

  View on GitHub
  Privilege Escalation Enumeration Script for Windows
  ☆3,685Jan 30, 2026Updated 2 weeks ago
• dirkjanm / BloodHound.py

  View on GitHub
  A Python based ingestor for BloodHound
  ☆2,335Oct 24, 2025Updated 3 months ago
• dirkjanm / adidnsdump

  View on GitHub
  Active Directory Integrated DNS dumping by any authenticated user
  ☆1,125Apr 4, 2025Updated 10 months ago
• zyn3rgy / LdapRelayScan

  View on GitHub
  Check for LDAP protections regarding the relay of NTLM authentication
  ☆532Nov 19, 2024Updated last year
• Kevin-Robertson / Powermad

  View on GitHub
  PowerShell MachineAccountQuota and DNS exploit tools
  ☆1,428Jan 11, 2023Updated 3 years ago
• FuzzySecurity / StandIn

  View on GitHub
  StandIn is a small .NET35/45 AD post-exploitation toolkit
  ☆831Dec 2, 2023Updated 2 years ago
• FSecureLABS / SharpGPOAbuse

  View on GitHub
  SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GP…
  ☆1,297Dec 15, 2020Updated 5 years ago
• c3c / ADExplorerSnapshot

  View on GitHub
  ADExplorerSnapshot.py is an AD Explorer snapshot parser. It is made as an ingestor for BloodHound via BOFHound, and also supports full-ob…
  ☆1,048Jan 22, 2026Updated 3 weeks ago
• fortra / nanodump

  View on GitHub
  The swiss army knife of LSASS dumping
  ☆2,069Sep 17, 2024Updated last year
• GhostPack / SharpDPAPI

  View on GitHub
  SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.
  ☆1,390Jun 27, 2024Updated last year
• Kevin-Robertson / Inveigh

  View on GitHub
  .NET IPv4/IPv6 machine-in-the-middle tool for penetration testers
  ☆2,903Nov 19, 2025Updated 2 months ago
• antonioCoco / RemotePotato0

  View on GitHub
  Windows Privilege Escalation from User to Domain Admin.
  ☆1,438Dec 18, 2022Updated 3 years ago
• ropnop / kerbrute

  View on GitHub
  A tool to perform Kerberos pre-auth bruteforcing
  ☆3,236Aug 20, 2024Updated last year
• zblurx / certsync

  View on GitHub
  Dump NTDS with golden certificates and UnPAC the hash
  ☆646Mar 20, 2024Updated last year
• GhostPack / Rubeus

  View on GitHub
  Trying to tame the three-headed dog.
  ☆4,869Nov 14, 2025Updated 2 months ago
• mdsecactivebreach / Farmer

  View on GitHub
  ☆413Apr 28, 2021Updated 4 years ago