Alternatives and similar repositories for forest-trust-tools

Users that are interested in forest-trust-tools are comparing it to the libraries listed below

• dirkjanm / PKINITtools

  View on GitHub
  Tools for Kerberos PKINIT and relaying to AD CS
  ☆874Jan 3, 2025Updated last year
• GhostPack / ForgeCert

  View on GitHub
  "Golden" certificates
  ☆710Aug 17, 2024Updated last year
• Semperis / GoldenGMSA

  View on GitHub
  GolenGMSA tool for working with GMSA passwords
  ☆167Aug 21, 2025Updated 5 months ago
• dirkjanm / krbrelayx

  View on GitHub
  Kerberos relaying and unconstrained delegation abuse toolkit
  ☆1,526Jan 27, 2025Updated last year
• cube0x0 / KrbRelay

  View on GitHub
  Framework for Kerberos relaying
  ☆939May 29, 2022Updated 3 years ago
• zer1t0 / certi

  View on GitHub
  ADCS abuser
  ☆311Feb 6, 2023Updated 3 years ago
• G0ldenGunSec / GetWebDAVStatus

  View on GitHub
  Determine if the WebClient Service (WebDAV) is running on a remote system
  ☆142Mar 9, 2024Updated last year
• CCob / lsarelayx

  View on GitHub
  NTLM relaying for Windows made easy
  ☆579Apr 25, 2023Updated 2 years ago
• ShutdownRepo / ShadowCoerce

  View on GitHub
  MS-FSRVP coercion abuse PoC
  ☆305Dec 30, 2021Updated 4 years ago
• Kevin-Robertson / Sharpmad

  View on GitHub
  C# version of Powermad
  ☆170Dec 5, 2023Updated 2 years ago
• praetorian-inc / ADFSRelay

  View on GitHub
  Proof of Concept Utilities Developed to Research NTLM Relaying Attacks Targeting ADFS
  ☆186Jun 22, 2022Updated 3 years ago
• dirkjanm / adidnsdump

  View on GitHub
  Active Directory Integrated DNS dumping by any authenticated user
  ☆1,125Apr 4, 2025Updated 10 months ago
• bats3c / ADCSPwn

  View on GitHub
  A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certifica…
  ☆863Mar 20, 2023Updated 2 years ago
• zyn3rgy / LdapRelayScan

  View on GitHub
  Check for LDAP protections regarding the relay of NTLM authentication
  ☆532Nov 19, 2024Updated last year
• Hackndo / pyGPOAbuse

  View on GitHub
  Partial python implementation of SharpGPOAbuse
  ☆518Nov 9, 2025Updated 3 months ago
• synacktiv / GPOddity

  View on GitHub
  The GPOddity project, aiming at automating GPO attack vectors through NTLM relaying (and more).
  ☆358Dec 13, 2025Updated 2 months ago
• antonioCoco / RemotePotato0

  View on GitHub
  Windows Privilege Escalation from User to Domain Admin.
  ☆1,438Dec 18, 2022Updated 3 years ago
• tothi / rbcd-attack

  View on GitHub
  Kerberos Resource-Based Constrained Delegation Attack from Outside using Impacket
  ☆609Aug 15, 2025Updated 5 months ago
• rvrsh3ll / SharpSMBSpray

  View on GitHub
  Spray a hash via smb to check for local administrator access
  ☆142Feb 7, 2021Updated 5 years ago
• mdsecactivebreach / Farmer

  View on GitHub
  ☆413Apr 28, 2021Updated 4 years ago
• klezVirus / CheeseTools

  View on GitHub
  Self-developed tools for Lateral Movement/Code Execution
  ☆720Aug 17, 2021Updated 4 years ago
• swisskyrepo / SharpLAPS

  View on GitHub
  Retrieve LAPS password from LDAP
  ☆433Feb 17, 2021Updated 4 years ago
• eladshamir / Whisker

  View on GitHub
  Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, …
  ☆929Nov 11, 2024Updated last year
• ShutdownRepo / pywhisker

  View on GitHub
  Python version of the C# tool for "Shadow Credentials" attacks
  ☆851Feb 1, 2026Updated last week
• FSecureLABS / SharpGPOAbuse

  View on GitHub
  SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GP…
  ☆1,297Dec 15, 2020Updated 5 years ago
• slemire / WSPCoerce

  View on GitHub
  PoC to coerce authentication from Windows hosts using MS-WSP
  ☆300Sep 7, 2023Updated 2 years ago
• Ridter / pyForgeCert

  View on GitHub
  pyForgeCert is a Python equivalent of the ForgeCert.
  ☆69Aug 15, 2023Updated 2 years ago
• AlmondOffSec / PassTheCert

  View on GitHub
  Proof-of-Concept tool to authenticate to an LDAP/S server with a certificate through Schannel
  ☆724Sep 3, 2025Updated 5 months ago
• c3c / ADExplorerSnapshot

  View on GitHub
  ADExplorerSnapshot.py is an AD Explorer snapshot parser. It is made as an ingestor for BloodHound via BOFHound, and also supports full-ob…
  ☆1,048Jan 22, 2026Updated 3 weeks ago
• praetorian-inc / PortBender

  View on GitHub
  TCP Port Redirection Utility
  ☆760Jan 31, 2023Updated 3 years ago
• itm4n / PPLdump

  View on GitHub
  Dump the memory of a PPL with a userland exploit
  ☆891Jul 24, 2022Updated 3 years ago
• Kevin-Robertson / InveighZero

  View on GitHub
  .NET IPv4/IPv6 machine-in-the-middle tool for penetration testers
  ☆811Aug 28, 2022Updated 3 years ago
• Mayyhem / SharpSCCM

  View on GitHub
  A C# utility for interacting with SCCM
  ☆682Aug 20, 2025Updated 5 months ago
• pkb1s / SharpAllowedToAct

  View on GitHub
  Computer object takeover through Resource-Based Constrained Delegation (msDS-AllowedToActOnBehalfOfOtherIdentity)
  ☆197Feb 1, 2021Updated 5 years ago
• GhostPack / RestrictedAdmin

  View on GitHub
  Remotely enables Restricted Admin Mode
  ☆215Sep 3, 2021Updated 4 years ago
• Kevin-Robertson / Powermad

  View on GitHub
  PowerShell MachineAccountQuota and DNS exploit tools
  ☆1,428Jan 11, 2023Updated 3 years ago
• FuzzySecurity / StandIn

  View on GitHub
  StandIn is a small .NET35/45 AD post-exploitation toolkit
  ☆831Dec 2, 2023Updated 2 years ago
• jfmaes / SharpNukeEventLog

  View on GitHub
  nuke that event log using some epic dinvoke fu
  ☆118May 12, 2021Updated 4 years ago
• CravateRouge / bloodyAD

  View on GitHub
  BloodyAD is an Active Directory Privilege Escalation Framework
  ☆2,077Jan 31, 2026Updated last week