Alternatives and similar repositories for tickey:

Users that are interested in tickey are comparing it to the libraries listed below

• Mr-Un1k0d3r / PoisonHandler
  lateral movement techniques that can be used during red team exercises
  ☆269Updated 5 years ago
• zer1t0 / ticket_converter
  A little tool to convert ccache tickets into kirbi (KRB-CRED) and vice versa based on impacket.
  ☆165Updated 2 years ago
• preempt / ntlm-scanner
  A simple python tool based on Impacket that tests servers for various known NTLM vulnerabilities
  ☆202Updated 4 years ago
• nopfor / ntlm_challenger
  Parse NTLM challenge messages over HTTP and SMB
  ☆143Updated 2 years ago
• outflanknl / Recon-AD
  Recon-AD, an AD recon tool based on ADSI and reflective DLL’s
  ☆318Updated 5 years ago
• bb00 / zer0dump
  Abuse CVE-2020-1472 (Zerologon) to take over a domain and then repair the local stored machine account password.
  ☆176Updated last year
• bohops / GhostBuild
  GhostBuild is a collection of simple MSBuild launchers for various GhostPack/.NET projects
  ☆245Updated 4 years ago
• Tylous / Vibe
  A framework for stealthy domain reconnaissance
  ☆297Updated 3 years ago
• outflanknl / Spray-AD
  A Cobalt Strike tool to audit Active Directory user accounts for weak, well known or easy guessable passwords.
  ☆428Updated 2 years ago
• lexfo / rpc2socks
  Post-exploit tool that enables a SOCKS tunnel via a Windows host using an extensible custom RPC proto over SMB through a named pipe.
  ☆182Updated 3 years ago
• fox-it / LDAPFragger
  ☆189Updated 4 years ago
• pwnfoo / NTLMRecon
  Enumerate information from NTLM authentication enabled web endpoints 🔎
  ☆468Updated 6 months ago
• skelsec / msldap
  LDAP library for auditing MS AD
  ☆392Updated 2 weeks ago
• golem445 / Corporate_Masks
  8-14 character Hashcat masks based on analysis of 1.5 million NTLM hashes cracked while pentesting
  ☆184Updated 4 years ago
• optiv / Dent
  A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.
  ☆297Updated last year
• WithSecureLabs / physmem2profit
  Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely
  ☆407Updated 2 years ago
• elnerd / Get-NetNTLM
  Powershell module to get the NetNTLMv2 hash of the current user
  ☆92Updated 2 years ago
• redteaminfra / redteam-infra
  ☆102Updated 3 months ago
• initstring / lxd_root
  Linux privilege escalation via LXD
  ☆132Updated 4 years ago
• bohops / WSMan-WinRM
  A collection of proof-of-concept source code and scripts for executing remote commands over WinRM using the WSMan.Automation COM object
  ☆230Updated 4 years ago
• SpiderLabs / SCShell
  Fileless lateral movement tool that relies on ChangeServiceConfigA to run command
  ☆105Updated 5 years ago
• s0lst1c3 / dropengine
  DropEngine provides a malleable framework for creating shellcode runners, allowing operators to choose from a selection of components and…
  ☆208Updated 4 years ago
• sailay1996 / cve-2020-1337-poc
  poc for CVE-2020-1337 (Windows Print Spooler Elevation of Privilege)
  ☆173Updated 4 years ago
• TsukiCTF / Lovely-Potato
  Automating juicy potato local privilege escalation exploit for penetration testers
  ☆139Updated 3 years ago
• djhohnstein / cliProxy
  Proxy Unix applications in the terminal
  ☆113Updated 3 years ago
• outflanknl / Ps-Tools
  Ps-Tools, an advanced process monitoring toolkit for offensive operations
  ☆334Updated 4 years ago
• soffensive / windowsblindread
  A list of files / paths to probe when arbitrary files can be read on a Microsoft Windows operating system
  ☆200Updated last year
• fox-it / aclpwn.py
  Active Directory ACL exploitation with BloodHound
  ☆708Updated 3 years ago
• HarmJ0y / DAMP
  The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification
  ☆375Updated 5 years ago