Alternatives and similar repositories for LinikatzV2

Users that are interested in LinikatzV2 are comparing it to the libraries listed below

• p0dalirius / pyLDAPWordlistHarvester

  View on GitHub
  A tool to generate a wordlist from the information present in LDAP, in order to crack passwords of domain accounts.
  ☆372Sep 29, 2025Updated 4 months ago
• FalconForceTeam / SOAPHound

  View on GitHub
  SOAPHound is a custom-developed .NET data collector tool which can be used to enumerate Active Directory environments via the Active Dire…
  ☆855Feb 3, 2024Updated 2 years ago
• zblurx / certsync

  View on GitHub
  Dump NTDS with golden certificates and UnPAC the hash
  ☆647Mar 20, 2024Updated last year
• foxlox / GIUDA

  View on GitHub
  Ask a TGS on behalf of another user without password
  ☆481Mar 30, 2025Updated 10 months ago
• garrettfoster13 / sccmhunter

  View on GitHub
  SCCMHunter is a post-ex tool built to streamline identifying, profiling, and attacking SCCM related assets in an Active Directory domain.…
  ☆886Updated this week
• synacktiv / GPOddity

  View on GitHub
  The GPOddity project, aiming at automating GPO attack vectors through NTLM relaying (and more).
  ☆358Dec 13, 2025Updated 2 months ago
• Dec0ne / DavRelayUp

  View on GitHub
  DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced (the …
  ☆565Jun 5, 2023Updated 2 years ago
• Tw1sm / PySQLRecon

  View on GitHub
  Offensive MSSQL toolkit written in Python, based off SQLRecon
  ☆207Jan 12, 2025Updated last year
• zblurx / dploot

  View on GitHub
  DPAPI looting remotely and locally in Python
  ☆540Oct 7, 2025Updated 4 months ago
• JPG0mez / ADCSync

  View on GitHub
  Use ESC1 to perform a makeshift DCSync and dump hashes
  ☆210Nov 2, 2023Updated 2 years ago
• CICADA8-Research / RemoteKrbRelay

  View on GitHub
  Remote Kerberos Relay made easy! Advanced Kerberos Relay Framework
  ☆635May 8, 2025Updated 9 months ago
• xct / rcat

  View on GitHub
  rcat
  ☆75Mar 7, 2022Updated 3 years ago
• xpn / RandomTSScripts

  View on GitHub
  Collection of random RedTeam scripts.
  ☆211Mar 8, 2024Updated last year
• Tw1sm / aesKrbKeyGen

  View on GitHub
  Generate AES128/256 Kerberos keys for an AD account using a plaintext password and Python3
  ☆81Jun 1, 2022Updated 3 years ago
• susMdT / AceLdr

  View on GitHub
  Cobalt Strike UDRL for memory scanner evasion.
  ☆52Dec 4, 2023Updated 2 years ago
• CCob / gssapi-abuse

  View on GitHub
  A tool for enumerating potential hosts that are open to GSSAPI abuse within Active Directory networks
  ☆182Aug 16, 2025Updated 5 months ago
• wh0amitz / SharpADWS

  View on GitHub
  Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS).
  ☆585Mar 19, 2024Updated last year
• xforcered / SQLRecon

  View on GitHub
  A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation.
  ☆401Jan 10, 2025Updated last year
• skelsec / evilrdp

  View on GitHub
  ☆307Mar 15, 2025Updated 10 months ago
• zyn3rgy / smbtakeover

  View on GitHub
  BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions
  ☆345Nov 19, 2024Updated last year
• S1lkys / SharpKiller

  View on GitHub
  Lifetime AMSI bypass by @ZeroMemoryEx ported to .NET Framework 4.8
  ☆351Aug 29, 2024Updated last year
• trustedsec / orpheus

  View on GitHub
  Bypassing Kerberoast Detections with Modified KDC Options and Encryption Types
  ☆411Mar 21, 2025Updated 10 months ago
• tothi / serviceDetector

  View on GitHub
  Detect whether a service is installed (blindly) and/or running (if exposing named pipes) on a remote machine without using local admin pr…
  ☆239Sep 3, 2023Updated 2 years ago
• The-Viper-One / PsMapExec

  View on GitHub
  Dominate Active Directory with PowerShell.
  ☆1,162Nov 28, 2025Updated 2 months ago
• Z4kSec / Masky

  View on GitHub
  Python library with CLI allowing to remotely dump domain user credentials via an ADCS without dumping the LSASS process memory
  ☆399Aug 15, 2025Updated 5 months ago
• S3cur3Th1sSh1t / Caro-Kann

  View on GitHub
  Encrypted shellcode Injection to avoid Kernel triggered memory scans
  ☆407Sep 12, 2023Updated 2 years ago
• NH-RED-TEAM / RustHound

  View on GitHub
  Active Directory data ingestor for BloodHound Legacy written in Rust. 🦀
  ☆1,125Oct 21, 2024Updated last year
• YOLOP0wn / POSTDump

  View on GitHub
  ☆341Nov 10, 2025Updated 3 months ago
• praetorian-inc / ADFSRelay

  View on GitHub
  Proof of Concept Utilities Developed to Research NTLM Relaying Attacks Targeting ADFS
  ☆186Jun 22, 2022Updated 3 years ago
• OtterHacker / SetProcessInjection

  View on GitHub
  ☆151Oct 2, 2023Updated 2 years ago
• decoder-it / KrbRelay-SMBServer

  View on GitHub
  ☆235Oct 8, 2024Updated last year
• slemire / WSPCoerce

  View on GitHub
  PoC to coerce authentication from Windows hosts using MS-WSP
  ☆302Sep 7, 2023Updated 2 years ago
• wh0amitz / S4UTomato

  View on GitHub
  Escalate Service Account To LocalSystem via Kerberos
  ☆402Sep 14, 2023Updated 2 years ago
• ewby / Mockingjay_BOF

  View on GitHub
  Cobalt Strike + Brute Ratel C4 Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique
  ☆158Nov 7, 2023Updated 2 years ago
• xpn / OktaPostExToolkit

  View on GitHub
  ☆190Nov 21, 2024Updated last year
• SpecterOps / cred1py

  View on GitHub
  A Python POC for CRED1 over SOCKS5
  ☆164Oct 5, 2024Updated last year
• CravateRouge / autobloody

  View on GitHub
  Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound
  ☆669Oct 23, 2025Updated 3 months ago
• LuemmelSec / APEX

  View on GitHub
  Azure Post Exploitation Framework
  ☆244Oct 27, 2025Updated 3 months ago
• lefayjey / linWinPwn

  View on GitHub
  linWinPwn is a bash script that streamlines the use of a number of Active Directory tools
  ☆2,149Updated this week