TokenSmith generates Entra ID access & refresh tokens on offensive engagements. It is suitable for both covert adversary simulations and penetration tests with the tokens generated working out of the box with many popular Azure post exploitation tools.
☆381Jan 23, 2025Updated last year
Alternatives and similar repositories for TokenSmith
Users that are interested in TokenSmith are comparing it to the libraries listed below
Sorting:
- Abusing Azure services over C2☆368Jan 20, 2026Updated last month
- Simple pure PowerShell POC to bypass Entra / Intune Compliance Conditional Access Policy☆167Nov 17, 2025Updated 3 months ago
- Azure Post Exploitation Framework☆244Oct 27, 2025Updated 4 months ago
- A BloodHound collector for Microsoft Configuration Manager☆391Jul 7, 2025Updated 7 months ago
- ☆138Nov 17, 2025Updated 3 months ago
- A fork of the great TokenTactics with support for CAE and token endpoint v2☆393Feb 9, 2026Updated 2 weeks ago
- ☆283Aug 14, 2025Updated 6 months ago
- Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI�☆1,032Dec 31, 2025Updated 2 months ago
- A tool leveraging Kerberos tickets to get Microsoft 365 access tokens using Seamless SSO☆236Aug 25, 2024Updated last year
- .NET Post-Exploitation Utility for Abusing Strong Explicit Certificate Mappings in ADCS☆150Feb 10, 2025Updated last year
- ☆235Oct 8, 2024Updated last year
- A Post-exploitation Toolset for Interacting with the Microsoft Graph API☆1,253Jul 22, 2025Updated 7 months ago
- Proof of Concept (PoC) .NET tool for remotely killing EDR with WDAC☆423Sep 29, 2025Updated 5 months ago
- M365/Azure adversary simulation tool that generates realistic attack telemetry to help blue teams improve their detection and response ca…☆323Oct 12, 2025Updated 4 months ago
- SCCMSecrets.py aims at exploiting SCCM policies distribution for credentials harvesting, initial access and lateral movement.☆261Nov 22, 2025Updated 3 months ago
- ☆160Jan 27, 2025Updated last year
- This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…☆215Oct 19, 2024Updated last year
- ☆117Jun 17, 2025Updated 8 months ago
- Azure DevOps Services Attack Toolkit☆314Mar 15, 2025Updated 11 months ago
- Find potential DLL Sideloads on your windows computer☆219Jan 12, 2025Updated last year
- BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions☆346Nov 19, 2024Updated last year
- Azure JWT Token Manipulation Toolset☆714Dec 6, 2024Updated last year
- DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely☆381Dec 13, 2024Updated last year
- Disconnected RSAT - A method of running Group Policy Manager, Certificate Authority and Certificate Templates MMC snap-ins from non-domai…☆275Dec 27, 2024Updated last year
- ☆619Feb 5, 2026Updated 3 weeks ago
- SoaPy is a Proof of Concept (PoC) tool for conducting offensive interaction with Active Directory Web Services (ADWS) from Linux hosts.☆262Feb 21, 2025Updated last year
- Remote Kerberos Relay made easy! Advanced Kerberos Relay Framework☆638May 8, 2025Updated 9 months ago
- Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!☆537May 9, 2025Updated 9 months ago
- A Python POC for CRED1 over SOCKS5☆164Oct 5, 2024Updated last year
- Weaponizing DCOM for NTLM Authentication Coercions☆275Jul 1, 2025Updated 7 months ago
- The GPOddity project, aiming at automating GPO attack vectors through NTLM relaying (and more).☆361Dec 13, 2025Updated 2 months ago
- SCCMHunter is a post-ex tool built to streamline identifying, profiling, and attacking SCCM related assets in an Active Directory domain.…☆892Feb 18, 2026Updated last week
- TokenCert☆102Nov 15, 2024Updated last year
- Misconfiguration Manager is a central knowledge base for all known Microsoft Configuration Manager tradecraft and associated defensive an…☆1,096Feb 20, 2026Updated last week
- Weaponized Browser-in-the-Middle (BitM) for Penetration Testers☆607Dec 9, 2025Updated 2 months ago
- A PoC for Early Cascade process injection technique.☆211Jan 30, 2025Updated last year
- TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts☆1,369Oct 22, 2025Updated 4 months ago
- A collection of Azure AD/Entra tools for offensive and defensive security purposes☆2,528Feb 5, 2026Updated 3 weeks ago
- ☆198Mar 28, 2025Updated 11 months ago