CLI tool to interact with the BloodHound CE API
☆69Jan 4, 2026Updated last month
Alternatives and similar repositories for bhcli
Users that are interested in bhcli are comparing it to the libraries listed below
Sorting:
- Generate BloodHound compatible JSON from logs written by ldapsearch BOF, pyldapsearch and Brute Ratel's LDAP Sentinel☆362Jan 29, 2026Updated 3 weeks ago
- DPAPI looting remotely and locally in Python☆541Oct 7, 2025Updated 4 months ago
- Tool for Active Directory Certificate Services enumeration and abuse☆164Apr 17, 2025Updated 10 months ago
- SOAPy is a Proof of Concept (PoC) tool for conducting offensive interaction with Active Directory Web Services (ADWS) from Linux hosts.☆163Jan 23, 2026Updated last month
- PowerShell collector for adding MSSQL attack paths to BloodHound with OpenGraph☆293Feb 10, 2026Updated 2 weeks ago
- Command Augmentation support for BOFs and .NET assemblies across agents☆40Feb 17, 2026Updated last week
- Get Fine Grained Password Policy☆77Apr 15, 2025Updated 10 months ago
- A community-driven collection of BloodHound queries☆171Feb 17, 2026Updated last week
- Generate BloodHound compatible JSON from logs written by ldapsearch BOF, pyldapsearch and Brute Ratel's LDAP Sentinel☆387Feb 23, 2024Updated 2 years ago
- ☆138Nov 17, 2025Updated 3 months ago
- Python version of the C# tool for "Shadow Credentials" attacks☆858Feb 14, 2026Updated 2 weeks ago
- A Python POC for CRED1 over SOCKS5☆164Oct 5, 2024Updated last year
- ☆13Jun 27, 2024Updated last year
- Offensive GPO dumping and analysis tool that leverages and enriches BloodHound data☆357Jan 8, 2026Updated last month
- A BloodHound collector for Microsoft Configuration Manager☆391Jul 7, 2025Updated 7 months ago
- Entra ID Password Protection Banned Password Lists☆17Apr 16, 2024Updated last year
- Proof-of-Concept tool to authenticate to an LDAP/S server with a certificate through Schannel☆730Sep 3, 2025Updated 5 months ago
- Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain☆34Nov 13, 2023Updated 2 years ago
- Python3 rewrite of AsOutsider features of AADInternals☆60Jul 23, 2025Updated 7 months ago
- RPC to WebClient startup☆55Aug 19, 2025Updated 6 months ago
- The GPOddity project, aiming at automating GPO attack vectors through NTLM relaying (and more).☆361Dec 13, 2025Updated 2 months ago
- Partial python implementation of SharpGPOAbuse☆523Nov 9, 2025Updated 3 months ago
- Enable or Disable TokenPrivilege(s)☆15May 17, 2024Updated last year
- Custom Queries - Brought Up to BH4.1 syntax☆275Dec 7, 2025Updated 2 months ago
- SCCMSecrets.py aims at exploiting SCCM policies distribution for credentials harvesting, initial access and lateral movement.☆261Nov 22, 2025Updated 3 months ago
- BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions☆346Nov 19, 2024Updated last year
- A tool leveraging Kerberos tickets to get Microsoft 365 access tokens using Seamless SSO☆236Aug 25, 2024Updated last year
- In-depth ldap enumeration utility☆561Feb 19, 2026Updated last week
- Active Directory data ingestor for BloodHound Community Edition written in Rust. 🦀☆456Jan 15, 2026Updated last month
- Determine if the WebClient Service (WebDAV) is running on a remote system☆142Mar 9, 2024Updated last year
- ☆167Feb 18, 2026Updated last week
- BOF implementation of Adopt. Spawns a process from a process. Can sometimes be used to run a session > 0 process from session 0.☆17Jul 22, 2022Updated 3 years ago
- .NET/PowerShell/VBA Offensive Security Obfuscator☆190May 4, 2024Updated last year
- A C# utility for interacting with SCCM☆682Aug 20, 2025Updated 6 months ago
- Tool to aid in dumping LSASS process remotely☆42Sep 23, 2025Updated 5 months ago
- Remote Kerberos Relay made easy! Advanced Kerberos Relay Framework☆638May 8, 2025Updated 9 months ago
- various methods of making API calls☆19Feb 1, 2025Updated last year
- Parses logs created by Cobalt Strike or Brute Ratel and creates an SQLite DB which can be used to create custom reports.☆24Jan 15, 2026Updated last month
- Shellcode loader written in C and Assembly utilizing direct or indirect syscalls for evading EDR hooks☆137Dec 22, 2024Updated last year