Collection of scripts to retrieve stored passwords from Veeam Backup
☆144Jun 3, 2025Updated 9 months ago
Alternatives and similar repositories for veeam-creds
Users that are interested in veeam-creds are comparing it to the libraries listed below
Sorting:
- Decrypt Veeam database passwords☆222Dec 8, 2025Updated 3 months ago
- POC for Veeam Backup and Replication CVE-2023-27532☆71Mar 28, 2023Updated 2 years ago
- Exploit for CVE-2023-27532 against Veeam Backup & Replication☆115Mar 23, 2023Updated 2 years ago
- This project is an EDRSandblast fork, adding some features and custom pieces of code.☆25Sep 29, 2023Updated 2 years ago
- Uses rpcdump to locate the ADCS server, and identify if ESC8 is vulnerable from unauthenticated perspective.☆82Sep 13, 2024Updated last year
- The BackupOperatorToolkit contains different techniques allowing you to escalate from Backup Operator to Domain Admin☆180Feb 14, 2023Updated 3 years ago
- Another LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in…☆270Mar 18, 2021Updated 4 years ago
- A repository with my code snippets for research/education purposes.☆53Jul 28, 2023Updated 2 years ago
- Enumerate all network shares in the current domain. Also, can resolve names to IP addresses.☆303Mar 4, 2020Updated 6 years ago
- A Python-based tool for analyzing Active Directory security posture by processing LDAP dumps, NTDS.dit extracts, and password cracking re…☆26May 6, 2025Updated 10 months ago
- Fileless atexec, no more need for port 445☆406Mar 28, 2024Updated last year
- SAM Dumping in C#☆54Nov 27, 2025Updated 3 months ago
- Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user☆977Jan 29, 2023Updated 3 years ago
- DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced (the …☆568Jun 5, 2023Updated 2 years ago
- NTLMRelay for MS Exchange☆11Nov 13, 2018Updated 7 years ago
- Python library with CLI allowing to remotely dump domain user credentials via an ADCS without dumping the LSASS process memory☆398Aug 15, 2025Updated 6 months ago
- Lateral Movement☆126Nov 14, 2023Updated 2 years ago
- A tool for carrying out brute force attacks against Office 365, with built in IP rotation use AWS gateways.☆80Jun 6, 2024Updated last year
- BloodHound PowerShell client☆78Dec 10, 2025Updated 2 months ago
- HelpSystems Nanodump, but wrapped in powershell via Invoke-ReflectivePEInjection☆58Feb 20, 2022Updated 4 years ago
- The GPOddity project, aiming at automating GPO attack vectors through NTLM relaying (and more).☆360Dec 13, 2025Updated 2 months ago
- Dump NTDS with golden certificates and UnPAC the hash☆647Mar 20, 2024Updated last year
- ☆242May 5, 2024Updated last year
- SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application.☆75May 1, 2024Updated last year
- SoaPy is a Proof of Concept (PoC) tool for conducting offensive interaction with Active Directory Web Services (ADWS) from Linux hosts.☆261Feb 21, 2025Updated last year
- Collection of remote authentication triggers in C#☆524May 15, 2024Updated last year
- havoc2nginx is a simple python script that converts Havoc Framework's yaotl malleable c2 profile to Nginx configuration file format. Most…☆12May 8, 2023Updated 2 years ago
- NTLM relaying for Windows made easy☆579Apr 25, 2023Updated 2 years ago
- Exploit to dump ipmi hashes☆37Apr 21, 2023Updated 2 years ago
- Chrome browser extension-based Command & Control☆239Jul 2, 2025Updated 8 months ago
- A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other ob…☆483Oct 14, 2022Updated 3 years ago
- UAC Bypass By Abusing Kerberos Tickets☆507Aug 10, 2023Updated 2 years ago
- ADExplorerSnapshot.py is an AD Explorer snapshot parser. It is made as an ingestor for BloodHound via BOFHound, and also supports full-ob…☆1,055Jan 22, 2026Updated last month
- Find vulnerabilities in AD Group Policy, but do it better than Grouper2 did.☆887Apr 8, 2025Updated 11 months ago
- Recovering NTLM hashes from Credential Guard☆377Dec 26, 2022Updated 3 years ago
- Another Windows Local Privilege Escalation from Service Account to System☆944Nov 12, 2022Updated 3 years ago
- SpoolSample -> Responder w/NetNTLM Downgrade -> NetNTLMv1 -> NTLM -> Kerberos Silver Ticket☆929Jul 26, 2021Updated 4 years ago
- Lockless allows for the copying of locked files.☆254Apr 30, 2021Updated 4 years ago
- BloodyAD is an Active Directory Privilege Escalation Framework☆2,102Feb 27, 2026Updated last week