Alternatives and similar repositories for bloodhound-quickwin

Users that are interested in bloodhound-quickwin are comparing it to the libraries listed below

• seajaysec / cypheroth

  View on GitHub
  Automated, extensible toolset that runs cypher queries against Bloodhound's Neo4j backend and saves output to spreadsheets.
  ☆255Jul 29, 2021Updated 4 years ago
• ZephrFish / Bloodhound-CustomQueries

  View on GitHub
  Custom Queries - Brought Up to BH4.1 syntax
  ☆272Dec 7, 2025Updated 2 months ago
• knavesec / Max

  View on GitHub
  Maximizing BloodHound. Max is a good boy.
  ☆531Apr 25, 2025Updated 9 months ago
• zyn3rgy / LdapRelayScan

  View on GitHub
  Check for LDAP protections regarding the relay of NTLM authentication
  ☆532Nov 19, 2024Updated last year
• login-securite / DonPAPI

  View on GitHub
  Dumping DPAPI credz remotely
  ☆1,318Mar 24, 2025Updated 10 months ago
• zer1t0 / certi

  View on GitHub
  ADCS abuser
  ☆313Feb 6, 2023Updated 3 years ago
• p0dalirius / pyLDAPWordlistHarvester

  View on GitHub
  A tool to generate a wordlist from the information present in LDAP, in order to crack passwords of domain accounts.
  ☆372Sep 29, 2025Updated 4 months ago
• Mayyhem / SharpSCCM

  View on GitHub
  A C# utility for interacting with SCCM
  ☆682Aug 20, 2025Updated 5 months ago
• c3c / ADExplorerSnapshot

  View on GitHub
  ADExplorerSnapshot.py is an AD Explorer snapshot parser. It is made as an ingestor for BloodHound via BOFHound, and also supports full-ob…
  ☆1,050Jan 22, 2026Updated 3 weeks ago
• hausec / Bloodhound-Custom-Queries

  View on GitHub
  Custom Query list for the Bloodhound GUI based off my cheatsheet
  ☆836Oct 29, 2025Updated 3 months ago
• dirkjanm / PKINITtools

  View on GitHub
  Tools for Kerberos PKINIT and relaying to AD CS
  ☆876Jan 3, 2025Updated last year
• foxlox / GIUDA

  View on GitHub
  Ask a TGS on behalf of another user without password
  ☆482Mar 30, 2025Updated 10 months ago
• Cobalt-Strike / beacon_health_check

  View on GitHub
  This aggressor script uses a beacon's note field to indicate the health status of a beacon.
  ☆141Sep 29, 2021Updated 4 years ago
• FalconForceTeam / SOAPHound

  View on GitHub
  SOAPHound is a custom-developed .NET data collector tool which can be used to enumerate Active Directory environments via the Active Dire…
  ☆859Feb 3, 2024Updated 2 years ago
• mdsecactivebreach / Farmer

  View on GitHub
  ☆415Apr 28, 2021Updated 4 years ago
• garrettfoster13 / sccmhunter

  View on GitHub
  SCCMHunter is a post-ex tool built to streamline identifying, profiling, and attacking SCCM related assets in an Active Directory domain.…
  ☆886Updated this week
• franc-pentest / ldeep

  View on GitHub
  In-depth ldap enumeration utility
  ☆559Updated this week
• zblurx / certsync

  View on GitHub
  Dump NTDS with golden certificates and UnPAC the hash
  ☆647Mar 20, 2024Updated last year
• outflanknl / HelpColor

  View on GitHub
  Agressor script that lists available Cobalt Strike beacon commands and colors them based on their type
  ☆211Mar 18, 2024Updated last year
• Dramelac / GoldenCopy

  View on GitHub
  Copy the properties and groups of a user from neo4j (bloodhound) to create an identical golden ticket.
  ☆102May 6, 2024Updated last year
• med0x2e / NTLMRelay2Self

  View on GitHub
  An other No-Fix LPE, NTLMRelay2Self over HTTP (Webdav).
  ☆417Jan 27, 2024Updated 2 years ago
• FuzzySecurity / StandIn

  View on GitHub
  StandIn is a small .NET35/45 AD post-exploitation toolkit
  ☆830Dec 2, 2023Updated 2 years ago
• NH-RED-TEAM / RustHound

  View on GitHub
  Active Directory data ingestor for BloodHound Legacy written in Rust. 🦀
  ☆1,123Oct 21, 2024Updated last year
• zblurx / dploot

  View on GitHub
  DPAPI looting remotely and locally in Python
  ☆540Oct 7, 2025Updated 4 months ago
• fortalice / bofhound

  View on GitHub
  Generate BloodHound compatible JSON from logs written by ldapsearch BOF, pyldapsearch and Brute Ratel's LDAP Sentinel
  ☆387Feb 23, 2024Updated last year
• ShutdownRepo / pywhisker

  View on GitHub
  Python version of the C# tool for "Shadow Credentials" attacks
  ☆851Feb 1, 2026Updated 2 weeks ago
• nodauf / GoMapEnum

  View on GitHub
  User enumeration and password bruteforce on Azure, ADFS, OWA, O365, Teams and gather emails on Linkedin
  ☆484Sep 24, 2025Updated 4 months ago
• Hackndo / pyGPOAbuse

  View on GitHub
  Partial python implementation of SharpGPOAbuse
  ☆518Nov 9, 2025Updated 3 months ago
• Hackndo / sprayhound

  View on GitHub
  Password spraying tool and Bloodhound integration
  ☆249Dec 31, 2024Updated last year
• naksyn / Pyramid

  View on GitHub
  a tool to help operate in EDRs' blind spots
  ☆767Dec 2, 2024Updated last year
• alfarom256 / BOF-ForeignLsass

  View on GitHub
  ☆101Aug 23, 2021Updated 4 years ago
• idnahacks / GoodHound

  View on GitHub
  Uses Sharphound, Bloodhound and Neo4j to produce an actionable list of attack paths for targeted remediation.
  ☆483Jul 9, 2024Updated last year
• Flangvik / SharpAppLocker

  View on GitHub
  C# port of the Get-AppLockerPolicy PS cmdlet
  ☆100Dec 8, 2022Updated 3 years ago
• Flangvik / TeamFiltration

  View on GitHub
  TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts
  ☆1,368Oct 22, 2025Updated 3 months ago
• cube0x0 / LdapSignCheck

  View on GitHub
  Beacon Object File & C# project to check LDAP signing
  ☆199Aug 7, 2024Updated last year
• nheiniger / SnaffPoint

  View on GitHub
  A tool for pointesters to find candies in SharePoint
  ☆278Nov 4, 2022Updated 3 years ago
• cube0x0 / SharpSystemTriggers

  View on GitHub
  Collection of remote authentication triggers in C#
  ☆524May 15, 2024Updated last year
• wh0amitz / S4UTomato

  View on GitHub
  Escalate Service Account To LocalSystem via Kerberos
  ☆402Sep 14, 2023Updated 2 years ago
• Dec0ne / DavRelayUp

  View on GitHub
  DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced (the …
  ☆565Jun 5, 2023Updated 2 years ago