A tool to interact with Kerberos to request, forge and convert various types of tickets in an Active Directory environment.
☆65Jun 10, 2025Updated 8 months ago
Alternatives and similar repositories for kerbtool
Users that are interested in kerbtool are comparing it to the libraries listed below
Sorting:
- A tool to enumerate and download files from the System Center Configuration Manager (SCCM) SMB share (SCCMContentLib)☆16Jul 27, 2024Updated last year
- Find world writable directories that contain a .exe or .dll file☆13Aug 31, 2021Updated 4 years ago
- Powershell and python utilties for Entra Connect☆28Jun 5, 2025Updated 8 months ago
- A PowerShell script to perform PKINIT authentication with the Windows API from a non domain-joined machine.☆172May 13, 2024Updated last year
- tool for enumeration & bulk download of sensitive files found in SharePoint environments☆81Apr 2, 2025Updated 11 months ago
- A .NET implementation to dump SAM, SYSTEM, SECURITY registry hives from a remote host☆41Dec 8, 2023Updated 2 years ago
- Demo code JavaScript POC that tricks user into sending Windows hash to responder☆37Dec 12, 2025Updated 2 months ago
- Collection of many ldap bofs for domain enumeration and privilege escalation. Created for use with the Adaptix C2.☆58Dec 15, 2025Updated 2 months ago
- CRACK AND CHECK HASH TYPES IN BULK☆13Jul 28, 2021Updated 4 years ago
- A way to maintain long-term access to Windows LAPS for lateral movement in AD via installing an Offensive LAPS RPC backdoor on a DC.☆29Jun 9, 2025Updated 8 months ago
- Smuggle a file to a user's browser☆20Apr 16, 2022Updated 3 years ago
- The GPOddity project, aiming at automating GPO attack vectors through NTLM relaying (and more).☆361Dec 13, 2025Updated 2 months ago
- Hiding your infrastructure from the boys in blue.☆23Oct 18, 2021Updated 4 years ago
- Identify binaries with Authenticode digital signatures signed to an internal CA/domain☆40Feb 6, 2024Updated 2 years ago
- ☆20Feb 6, 2024Updated 2 years ago
- PowerShell scripts to create sandboxed or vulnerable environments using HyperV and AutomatedLab☆93Jul 22, 2025Updated 7 months ago
- MSBuild without MSbuild.exe☆135Dec 21, 2020Updated 5 years ago
- ☆105Jul 31, 2024Updated last year
- SOAPy is a Proof of Concept (PoC) tool for conducting offensive interaction with Active Directory Web Services (ADWS) from Linux hosts.☆164Jan 23, 2026Updated last month
- SharpBuster is a C# implementation of a directory brute forcing tool. It's designed to be used via Cobalt Strike's execute-assembly and s…☆63Sep 2, 2020Updated 5 years ago
- ☆65Mar 15, 2024Updated last year
- Tool for interacting with outlook interop during red team engagements☆146Jun 29, 2021Updated 4 years ago
- ☆103Nov 14, 2025Updated 3 months ago
- ☆105Feb 11, 2026Updated 3 weeks ago
- A Python POC for CRED1 over SOCKS5☆165Oct 5, 2024Updated last year
- Local SYSTEM auth trigger for relaying☆169Jul 22, 2025Updated 7 months ago
- BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions☆345Nov 19, 2024Updated last year
- A python library to create BloodHound OpenGraphs☆53Feb 4, 2026Updated last month
- Safe Harbor is a BOF that streamlines process reconnaissance for red team operations by identifying trusted, low-noise targets to maintai…☆76Oct 27, 2025Updated 4 months ago
- Convert an LDIF file to JSON files ingestible by BloodHound☆45Feb 9, 2026Updated 3 weeks ago
- A comprehensive list of usable Entra ID first-party clients with pre-consented Microsoft Graph scopes, in a simple YAML-file explorable w…☆148Nov 16, 2025Updated 3 months ago
- ☆242May 5, 2024Updated last year
- Generate droppers with encrypted payloads automatically.☆54Nov 16, 2021Updated 4 years ago
- A C# tool for requesting certificates from ADCS using DCOM over SMB. This tool allows you to remotely request X.509 certificates from CA …☆163Nov 2, 2025Updated 4 months ago
- Automatically run and populate a new instance of BH CE☆115Jan 30, 2026Updated last month
- LoadLibrary for offensive operations☆33Dec 14, 2021Updated 4 years ago
- A tool that allows you to extract a client-specific wordlist from the LDAP of an Active Directory.☆58Jul 2, 2025Updated 8 months ago
- Parser and reconciliation tooling for large Active Directory environments.☆33Feb 18, 2025Updated last year
- The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning☆154Nov 2, 2025Updated 4 months ago