Alternatives and similar repositories for AD-Ghost

Users that are interested in AD-Ghost are comparing it to the libraries listed below

• Shac0x / Wonka
  Wonka is a sweet Windows tool that extracts Kerberos tickets from the Local Security Authority (LSA) cache. Like finding a ticket, but fo…
  ☆104Updated 3 weeks ago
• MorDavid / DCSyncHound
  This script analyzes the DCSync output file from several tools (such as Mimikatz, Secretsdump and SharpKatz...)
  ☆65Updated 8 months ago
• Leo4j / Invoke-ShareHunter
  Enumerate the Domain for Readable and Writable Shares
  ☆22Updated this week
• JonasBK / Powershell
  ☆43Updated 9 months ago
• jfjallid / go-lsass
  Tool to aid in dumping LSASS process remotely
  ☆42Updated last month
• Helixo32 / GetSystem-LCI
  GetSystem-LCI is a PowerShell script to escalate privileges from Administrator to NT AUTHORITY\SYSTEM by abusing LanguageComponentsInstal…
  ☆34Updated 11 months ago
• WKL-Sec / docker-cobaltstrike
  Docker container for running CobaltStrike 4.7 and above
  ☆24Updated 8 months ago
• ZSECURE / zDocker-cobaltstrike
  Docker container for running CobaltStrike 4.10
  ☆37Updated last year
• mubix / Find-WSUS
  Helps defenders find their WSUS configurations in the wake of CVE-2025-59287
  ☆44Updated 3 weeks ago
• dmcxblue / AzureStrike
  An HTA Application which builds Azure (Entra) Scenarios for Red Team Simulations
  ☆60Updated 3 months ago
• The-Viper-One / Invoke-PassTheCert
  Pure PowerShell port of PassTheCert tool to authenticate to an LDAP/S server with a certificate through Schannel
  ☆49Updated 7 months ago
• truerustyy / wcreddump
  Fully automated windows credentials dumper, for SAM (classic passwords) and WINHELLO (pins). Requires to be run from a linux machine with…
  ☆79Updated last year
• Krypteria / Neo4LDAP
  Neo4LDAP is a query and visualization tool focused on Active Directory environments. It combines LDAP syntax with graph-based data analys…
  ☆89Updated last week
• outflanknl / regcertipy
  Parses cached certificate templates from a Windows Registry file and displays them in the same style as Certipy does
  ☆91Updated 4 months ago
• smokeme / ansible-havoc
  Scripts I use to deploy Havoc on Linode and setup categorization and SSL
  ☆42Updated last year
• ZephrFish / LOLSearches
  Living off the land searches for explorer and sharepoint
  ☆91Updated 6 months ago
• eversinc33 / CredGuess
  Generate password spraying lists based on the pwdLastSet-attribute of users.
  ☆55Updated last year
• cogiceo / DACLSearch
  Exhaustive search and flexible filtering of Active Directory ACEs.
  ☆62Updated last week
• skelsec / adiskreader-secretsdump
  Extract registry and NTDS secrets from local or remote disk images
  ☆44Updated 8 months ago
• 1r0BIT / TaskHound
  Tool to enumerate privileged Scheduled Tasks on Remote Systems
  ☆128Updated this week
• EvilBytecode / Lifetime-AmsiBypass
  Lifetime AMSI bypass.
  ☆35Updated 6 months ago
• huntandhackett / PassiveAggression
  Source code and examples for PassiveAggression
  ☆64Updated last year
• decoder-it / Troopers24
  ☆41Updated last year
• 7hePr0fess0r / ADCSDevilCOM
  A C# tool for requesting certificates from ADCS using DCOM over SMB. This tool allows you to remotely request X.509 certificates from CA …
  ☆154Updated 2 weeks ago
• nickvourd / Rocabella
  Sniffing files generator
  ☆59Updated 8 months ago
• scottctaylor12 / Red-Lambda
  Leveraging AWS Lambda Function URLs for C2 Redirection
  ☆44Updated 2 years ago
• nullenc0de / trust-validator
  Validates priv escalation of AD trusts
  ☆48Updated 7 months ago
• myexploit / Hunt
  ☆20Updated 2 weeks ago
• MaorSabag / impacket-jump
  Remote service-staging tool built on Impacket, designed for BOF-style lateral movement workflows that lets you upload custom service load…
  ☆45Updated this week
• OtterHacker / ShareFouine
  ☆52Updated last year