Alternatives and similar repositories for spearspray

Users that are interested in spearspray are comparing it to the libraries listed below

• sud0Ru / NauthNRPC

  View on GitHub
  Enumerate Domain Users Without Authentication
  ☆281Apr 22, 2025Updated 9 months ago
• synacktiv / GroupPolicyBackdoor

  View on GitHub
  Group Policy Objects manipulation and exploitation framework
  ☆289Dec 7, 2025Updated 2 months ago
• SpecterOps / MSSQLHound

  View on GitHub
  PowerShell collector for adding MSSQL attack paths to BloodHound with OpenGraph
  ☆291Updated this week
• cogiceo / GPOHound

  View on GitHub
  Offensive GPO dumping and analysis tool that leverages and enriches BloodHound data
  ☆354Jan 8, 2026Updated last month
• 0xthirteen / rpc2wc

  View on GitHub
  RPC to WebClient startup
  ☆55Aug 19, 2025Updated 5 months ago
• rtecCyberSec / BitlockMove

  View on GitHub
  Lateral Movement via Bitlocker DCOM interfaces & COM Hijacking
  ☆433Jun 27, 2025Updated 7 months ago
• Coontzy1 / WSUScripts

  View on GitHub
  ☆20Sep 6, 2025Updated 5 months ago
• grayhatkiller / wambam-bof

  View on GitHub
  ☆47Dec 5, 2025Updated 2 months ago
• logangoins / Cable

  View on GitHub
  .NET post-exploitation toolkit for Active Directory reconnaissance and exploitation
  ☆400Jul 23, 2025Updated 6 months ago
• olafhartong / ETWLocksmith

  View on GitHub
  A powerful Windows command-line tool for analyzing and searching ETW (Event Tracing for Windows) provider permissions from the Windows re…
  ☆62Jul 29, 2025Updated 6 months ago
• Thunter-HackTeam / EvilentCoerce

  View on GitHub
  ☆159May 5, 2025Updated 9 months ago
• dirkjanm / DeviceToken

  View on GitHub
  Request device ticket/token using the device's MSA
  ☆38Aug 25, 2025Updated 5 months ago
• zimedev / certipy-merged

  View on GitHub
  Tool for Active Directory Certificate Services enumeration and abuse
  ☆164Apr 17, 2025Updated 9 months ago
• kleiton0x00 / RtlHijack

  View on GitHub
  Alternative Read and Write primitives using Rtl* functions the unintended way.
  ☆78Aug 25, 2025Updated 5 months ago
• logangoins / SOAPy

  View on GitHub
  SOAPy is a Proof of Concept (PoC) tool for conducting offensive interaction with Active Directory Web Services (ADWS) from Linux hosts.
  ☆161Jan 23, 2026Updated 3 weeks ago
• 0xJs / EnumEDRs

  View on GitHub
  Enumerate active EDR's on the system
  ☆150Sep 23, 2025Updated 4 months ago
• synacktiv / gpoParser

  View on GitHub
  gpoParser is a tool designed to extract and analyze configurations applied through Group Policy Objects (GPOs) in an Active Directory env…
  ☆328Jan 14, 2026Updated last month
• xaitax / NTSleuth

  View on GitHub
  Comprehensive Windows Syscall Extraction & Analysis Framework
  ☆161Aug 30, 2025Updated 5 months ago
• deepinstinct / DCOMUploadExec

  View on GitHub
  DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely
  ☆381Dec 13, 2024Updated last year
• garrettfoster13 / mssqlkaren

  View on GitHub
  modified mssqlclient from impacket to extract policies from the SCCM database
  ☆42Nov 4, 2025Updated 3 months ago
• trustedsec / Titanis

  View on GitHub
  Windows protocol library, including SMB and RPC implementations, among others.
  ☆614Jan 21, 2026Updated 3 weeks ago
• ttpreport / ligolo-mp

  View on GitHub
  Multiplayer pivoting solution
  ☆485Nov 3, 2025Updated 3 months ago
• CICADA8-Research / RemoteKrbRelay

  View on GitHub
  Remote Kerberos Relay made easy! Advanced Kerberos Relay Framework
  ☆635May 8, 2025Updated 9 months ago
• jakobfriedl / conquest

  View on GitHub
  Conquest is a feature-rich and malleable command & control/post-exploitation framework developed in Nim.
  ☆258Updated this week
• Paradoxis / ADSyncDump-BOF

  View on GitHub
  The ADSyncDump BOF is a port of Dirk-Jan Mollema's adconnectdump.py / ADSyncDecrypt into a Beacon Object File (BOF) with zero dependencie…
  ☆172Sep 3, 2025Updated 5 months ago
• garrettfoster13 / ldap_bofs

  View on GitHub
  Random BOFs for LDAP tradecraft
  ☆72Sep 9, 2025Updated 5 months ago
• 3lp4tr0n / RemoteMonologue

  View on GitHub
  Weaponizing DCOM for NTLM Authentication Coercions
  ☆195Nov 4, 2025Updated 3 months ago
• rtecCyberSec / RAITrigger

  View on GitHub
  Local SYSTEM auth trigger for relaying
  ☆168Jul 22, 2025Updated 6 months ago
• werdhaihai / msi_lateral_mv

  View on GitHub
  Lateral Movement Bof with MSI ODBC Driver Install
  ☆144Sep 30, 2025Updated 4 months ago
• zyn3rgy / RelayInformer

  View on GitHub
  Python and BOF utilites to the determine EPA enforcement levels of popular NTLM relay targets from the offensive perspective
  ☆166Jan 12, 2026Updated last month
• Print3M / DllShimmer

  View on GitHub
  Weaponize DLL hijacking easily. Backdoor any function in any DLL.
  ☆705Aug 26, 2025Updated 5 months ago
• logangoins / Krueger

  View on GitHub
  Proof of Concept (PoC) .NET tool for remotely killing EDR with WDAC
  ☆418Sep 29, 2025Updated 4 months ago
• The-Viper-One / Invoke-PassTheCert

  View on GitHub
  Pure PowerShell port of PassTheCert tool to authenticate to an LDAP/S server with a certificate through Schannel
  ☆59Apr 13, 2025Updated 10 months ago
• adityatelange / evil-winrm-py

  View on GitHub
  Execute commands interactively on remote Windows machines using the WinRM protocol
  ☆326Jan 24, 2026Updated 3 weeks ago
• logangoins / Stifle

  View on GitHub
  .NET Post-Exploitation Utility for Abusing Strong Explicit Certificate Mappings in ADCS
  ☆150Feb 10, 2025Updated last year
• RedTeamPentesting / keycred

  View on GitHub
  Generate and Manage KeyCredentialLinks
  ☆245Jan 30, 2026Updated 2 weeks ago
• sikumy / sauron

  View on GitHub
  Fast context enumeration for newly obtained Active Directory credentials.
  ☆85Aug 26, 2025Updated 5 months ago
• TwoSevenOneT / WSASS

  View on GitHub
  This is the tool to dump the LSASS process on modern Windows 11
  ☆555Nov 1, 2025Updated 3 months ago
• xforcered / RemoteMonologue

  View on GitHub
  Weaponizing DCOM for NTLM Authentication Coercions
  ☆275Jul 1, 2025Updated 7 months ago