Alternatives and similar repositories for kerbtool

Users that are interested in kerbtool are comparing it to the libraries listed below

• slygoo / pssrecon
  ☆40Updated last year
• skelsec / adiskreader-secretsdump
  Extract registry and NTDS secrets from local or remote disk images
  ☆45Updated 10 months ago
• nyxgeek / autodiscover_enum
  time-based user enum via Basic Auth in Azure against Autodiscover
  ☆33Updated last year
• jojonas / SharpSAMDump
  SAM Dumping in C#
  ☆54Updated 2 months ago
• LaresLLC / SuperSharpShares
  SuperSharpShares is a tool designed to automate enumerating domain shares, allowing for quick verification of accessible shares by your a…
  ☆75Updated last year
• SpecterOps / SCOMHound
  ☆35Updated 2 months ago
• laxa / SharpSecretsdump
  Secretsdump C# version only supporting local (live) operation
  ☆55Updated 9 months ago
• jfjallid / go-lsass
  Tool to aid in dumping LSASS process remotely
  ☆42Updated 4 months ago
• Tw1sm / aesKrbKeyGen
  Generate AES128/256 Kerberos keys for an AD account using a plaintext password and Python3
  ☆81Updated 3 years ago
• eversinc33 / SharpStartWebclient
  Programmatically start WebClient from an unprivileged session to enable that juicy privesc.
  ☆77Updated 3 years ago
• latortuga71 / SharpChisel-NG
  ☆39Updated 2 years ago
• nettitude / SharpConflux
  ☆65Updated last year
• decoder-it / NewMachineAccount
  ☆38Updated 11 months ago
• snovvcrash / RemoteRegSave
  A .NET implementation to dump SAM, SYSTEM, SECURITY registry hives from a remote host
  ☆41Updated 2 years ago
• cogiceo / DACLSearch
  Exhaustive search and flexible filtering of Active Directory ACEs.
  ☆73Updated 3 months ago
• ricardojoserf / AutoPtT
  Automated Pass-the-Ticket (PtT) attack. Standalone alternative to Rubeus and Mimikatz for this attack, implemented in C++ and Python.
  ☆87Updated this week
• kapellos / LNKSmuggler
  A Python script for creating `.lnk` (shortcut) files with embedded encoded data and packaging them into ZIP archives.
  ☆92Updated last year
• bugch3ck / SharpLdapWhoami
  WhoAmI by asking the LDAP service on a domain controller.
  ☆64Updated 4 years ago
• BronzeBee / DavRelayUp
  An old Windows workstations LPE for domain environments without LDAP signing/channel binding.
  ☆35Updated 3 years ago
• nullenc0de / trust-validator
  Validates priv escalation of AD trusts
  ☆48Updated 10 months ago
• Tw1sm / pyldapsearch
  Tool for issuing manual LDAP queries which offers bofhound compatible output
  ☆41Updated 3 weeks ago
• NVISOsecurity / cs2br-bof
  Run Cobalt Strike BOFs in Brute Ratel C4!
  ☆86Updated 9 months ago
• ghost-ng / slinger
  An impacket-lite cli tool that combines many useful impacket functions using a single session.
  ☆57Updated 3 weeks ago
• leftp / SharpPXE
  A C# tool for extracting information from SCCM PXE boot media.
  ☆45Updated 3 weeks ago
• nickvourd / Rocabella
  Sniffing files generator
  ☆61Updated 11 months ago
• Leo4j / KeyCredentialLink
  Add Shadow Credentials to a target object by editing their msDS-KeyCredentialLink attribute
  ☆25Updated last year
• zyn3rgy / ClickonceHunter
  Golang search engine scraper intended for identification of published ClickOnce deployments
  ☆93Updated last year
• zblurx / BloodHoundCustomQueries
  My BloodHound custom queries
  ☆26Updated 3 years ago
• 0xthirteen / WMI_Proc_Dump
  Dump processes over WMI with MSFT_MTProcess
  ☆81Updated 4 months ago
• n00py / GetFGPP
  Get Fine Grained Password Policy
  ☆77Updated 9 months ago