TokenSmith generates Entra ID access & refresh tokens on offensive engagements. It is suitable for both covert adversary simulations and penetration tests with the tokens generated working out of the box with many popular Azure post exploitation tools.
☆385Jan 23, 2025Updated last year
Alternatives and similar repositories for TokenSmith
Users that are interested in TokenSmith are comparing it to the libraries listed below
Sorting:
- Abusing Azure services over C2☆367Jan 20, 2026Updated 2 months ago
- Simple pure PowerShell POC to bypass Entra / Intune Compliance Conditional Access Policy☆168Nov 17, 2025Updated 4 months ago
- Azure Post Exploitation Framework☆245Oct 27, 2025Updated 4 months ago
- A BloodHound collector for Microsoft Configuration Manager☆393Jul 7, 2025Updated 8 months ago
- ☆139Nov 17, 2025Updated 4 months ago
- A fork of the great TokenTactics with support for CAE and token endpoint v2☆398Feb 9, 2026Updated last month
- ☆287Aug 14, 2025Updated 7 months ago
- ☆234Oct 8, 2024Updated last year
- .NET Post-Exploitation Utility for Abusing Strong Explicit Certificate Mappings in ADCS☆150Feb 10, 2025Updated last year
- Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI☆1,175Dec 31, 2025Updated 2 months ago
- M365/Azure adversary simulation tool that generates realistic attack telemetry to help blue teams improve their detection and response ca…☆322Oct 12, 2025Updated 5 months ago
- A Post-exploitation Toolset for Interacting with the Microsoft Graph API☆1,261Jul 22, 2025Updated 7 months ago
- A tool leveraging Kerberos tickets to get Microsoft 365 access tokens using Seamless SSO☆238Aug 25, 2024Updated last year
- ☆160Jan 27, 2025Updated last year
- ☆117Jun 17, 2025Updated 9 months ago
- DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely☆384Dec 13, 2024Updated last year
- Find potential DLL Sideloads on your windows computer☆220Jan 12, 2025Updated last year
- Azure JWT Token Manipulation Toolset☆718Dec 6, 2024Updated last year
- TokenCert☆102Nov 15, 2024Updated last year
- ☆53Sep 23, 2025Updated 5 months ago
- Proof of Concept (PoC) .NET tool for remotely killing EDR with WDAC☆424Sep 29, 2025Updated 5 months ago
- Remote Kerberos Relay made easy! Advanced Kerberos Relay Framework☆640May 8, 2025Updated 10 months ago
- SCCMSecrets.py aims at exploiting SCCM policies distribution for credentials harvesting, initial access and lateral movement.☆265Nov 22, 2025Updated 3 months ago
- Azure DevOps Services Attack Toolkit☆313Mar 15, 2025Updated last year
- BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions☆346Nov 19, 2024Updated last year
- This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…☆216Oct 19, 2024Updated last year
- A Python POC for CRED1 over SOCKS5☆165Oct 5, 2024Updated last year
- Disconnected RSAT - A method of running Group Policy Manager, Certificate Authority and Certificate Templates MMC snap-ins from non-domai…☆276Dec 27, 2024Updated last year
- Research into Undocumented Behavior of Azure AD Refresh Tokens☆342Feb 23, 2024Updated 2 years ago
- ☆623Feb 5, 2026Updated last month
- Weaponizing DCOM for NTLM Authentication Coercions☆274Jul 1, 2025Updated 8 months ago
- A collection of Azure AD/Entra tools for offensive and defensive security purposes☆2,542Feb 5, 2026Updated last month
- A comprehensive list of usable Entra ID first-party clients with pre-consented Microsoft Graph scopes, in a simple YAML-file explorable w…☆151Nov 16, 2025Updated 4 months ago
- SoaPy is a Proof of Concept (PoC) tool for conducting offensive interaction with Active Directory Web Services (ADWS) from Linux hosts.☆261Feb 21, 2025Updated last year
- SCCMHunter is a post-ex tool built to streamline identifying, profiling, and attacking SCCM related assets in an Active Directory domain.…☆898Mar 11, 2026Updated last week
- Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!☆541May 9, 2025Updated 10 months ago
- The GPOddity project, aiming at automating GPO attack vectors through NTLM relaying (and more).☆361Dec 13, 2025Updated 3 months ago
- A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the …☆1,828Nov 3, 2024Updated last year
- Remote operations commands implemented using Beacon Object Files☆1,139Mar 5, 2026Updated 2 weeks ago