Alternatives and similar repositories for AADOutsider-py

Users that are interested in AADOutsider-py are comparing it to the libraries listed below

• synacktiv / SCCMSecrets

  View on GitHub
  SCCMSecrets.py aims at exploiting SCCM policies distribution for credentials harvesting, initial access and lateral movement.
  ☆260Nov 22, 2025Updated 2 months ago
• 0xRedpoll / ludus_cobaltstrike_teamserver

  View on GitHub
  Ludus role for deploying a Cobalt Strike Teamserver onto Linux servers
  ☆18Mar 19, 2025Updated 10 months ago
• RedSiege / SharpCollectionTemplate

  View on GitHub
  ☆14Sep 26, 2023Updated 2 years ago
• LuemmelSec / APEX

  View on GitHub
  Azure Post Exploitation Framework
  ☆244Oct 27, 2025Updated 3 months ago
• zblurx / dploot

  View on GitHub
  DPAPI looting remotely and locally in Python
  ☆540Oct 7, 2025Updated 4 months ago
• RedTeamPentesting / keycred

  View on GitHub
  Generate and Manage KeyCredentialLinks
  ☆241Jan 30, 2026Updated 2 weeks ago
• Tw1sm / pyldapsearch

  View on GitHub
  Tool for issuing manual LDAP queries which offers bofhound compatible output
  ☆41Jan 14, 2026Updated last month
• xforcered / SoaPy

  View on GitHub
  SoaPy is a Proof of Concept (PoC) tool for conducting offensive interaction with Active Directory Web Services (ADWS) from Linux hosts.
  ☆260Feb 21, 2025Updated 11 months ago
• zyn3rgy / smbtakeover

  View on GitHub
  BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions
  ☆345Nov 19, 2024Updated last year
• ToweringDragoon / SACL_Scanner

  View on GitHub
  SACL Scanner is a tool designed to scan and analyze SACLs.
  ☆50Feb 13, 2025Updated last year
• secureworks / pytune

  View on GitHub
  ☆280Aug 14, 2025Updated 5 months ago
• synacktiv / OUned

  View on GitHub
  The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning
  ☆155Nov 2, 2025Updated 3 months ago
• garrettfoster13 / sccmhunter

  View on GitHub
  SCCMHunter is a post-ex tool built to streamline identifying, profiling, and attacking SCCM related assets in an Active Directory domain.…
  ☆882Feb 5, 2026Updated last week
• CCob / Shwmae

  View on GitHub
  ☆160Jan 27, 2025Updated last year
• logangoins / Stifle

  View on GitHub
  .NET Post-Exploitation Utility for Abusing Strong Explicit Certificate Mappings in ADCS
  ☆150Feb 10, 2025Updated last year
• nullenc0de / trust-validator

  View on GitHub
  Validates priv escalation of AD trusts
  ☆48Apr 1, 2025Updated 10 months ago
• snovvcrash / RemoteRegSave

  View on GitHub
  A .NET implementation to dump SAM, SYSTEM, SECURITY registry hives from a remote host
  ☆41Dec 8, 2023Updated 2 years ago
• WKL-Sec / dcomhijack

  View on GitHub
  Lateral Movement Using DCOM and DLL Hijacking
  ☆326Jun 18, 2023Updated 2 years ago
• mandiant / msi-search

  View on GitHub
  ☆290Jul 20, 2023Updated 2 years ago
• wotwot563 / aad_prt_bof

  View on GitHub
  ☆156Apr 17, 2024Updated last year
• 0xthirteen / reg_snake

  View on GitHub
  Python tool to interact with WMI StdRegProv
  ☆60Nov 19, 2024Updated last year
• techBrandon / CAPs

  View on GitHub
  Scripts to enumerate and report on Entra Conditional Access
  ☆41Sep 5, 2025Updated 5 months ago
• secureworks / BAADTokenBroker

  View on GitHub
  ☆116Jun 17, 2025Updated 7 months ago
• synacktiv / GPOddity

  View on GitHub
  The GPOddity project, aiming at automating GPO attack vectors through NTLM relaying (and more).
  ☆358Dec 13, 2025Updated 2 months ago
• kozmer / aad-bofs

  View on GitHub
  ☆137Nov 17, 2025Updated 2 months ago
• atomicchonk / roadrecon_mcp_server

  View on GitHub
  Claude MCP server to perform analysis on ROADrecon data
  ☆48Mar 30, 2025Updated 10 months ago
• 1njected / CMLoot

  View on GitHub
  Find interesting files stored on (System Center) Configuration Manager (SCCM/CM) SMB shares
  ☆191Feb 5, 2023Updated 3 years ago
• CrowdStrike / sccmhound

  View on GitHub
  A BloodHound collector for Microsoft Configuration Manager
  ☆363Jul 7, 2025Updated 7 months ago
• zyn3rgy / LdapRelayScan

  View on GitHub
  Check for LDAP protections regarding the relay of NTLM authentication
  ☆532Nov 19, 2024Updated last year
• SpecterOps / cred1py

  View on GitHub
  A Python POC for CRED1 over SOCKS5
  ☆164Oct 5, 2024Updated last year
• zimedev / certipy-merged

  View on GitHub
  Tool for Active Directory Certificate Services enumeration and abuse
  ☆164Apr 17, 2025Updated 9 months ago
• rweijnen / createdump

  View on GitHub
  Leverage WindowsApp createdump tool to obtain an lsass dump
  ☆153Sep 20, 2024Updated last year
• Friends-Security / SharpExclusionFinder

  View on GitHub
  Tool designed to find folder exclusions using Windows Defender using command line utility MpCmdRun.exe as a low privileged user, without …
  ☆230Oct 6, 2024Updated last year
• CCob / Volumiser

  View on GitHub
  ☆424Apr 22, 2025Updated 9 months ago
• badsectorlabs / sccm-http-looter

  View on GitHub
  Find interesting files stored on (System Center) Configuration Manager (SCCM/CM) shares via HTTP(s)
  ☆206Sep 30, 2024Updated last year
• Dec0ne / DavRelayUp

  View on GitHub
  DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced (the …
  ☆565Jun 5, 2023Updated 2 years ago
• mlcsec / EDRenum-BOF

  View on GitHub
  Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.
  ☆128Oct 4, 2024Updated last year
• EvanMcBroom / lsa-whisperer

  View on GitHub
  Tools for interacting with authentication packages using their individual message protocols
  ☆368Feb 1, 2026Updated last week
• Octoberfest7 / ThreadCPUAssignment_POC

  View on GitHub
  A small experiment on assigning a processes threads a specific CPU and then blocking it with a high priority thread
  ☆30Sep 24, 2025Updated 4 months ago