Alternatives and similar repositories for CAPs

Users that are interested in CAPs are comparing it to the libraries listed below

• sap8899 / Group3rExplorer
  Fun GUI for Group3rs output log
  ☆37Updated last year
• BloodHoundAD / TierZeroTable
  Table of AD and Azure assets and whether they belong to Tier Zero
  ☆27Updated last year
• sleeptok3n / RoleCrawl
  ☆21Updated last year
• nicolonsky / AzureAiTMFunction
  Azure AiTM Function PoC to phish Entra ID Credentials
  ☆22Updated 9 months ago
• emiliensocchi / azurehound-queries
  🌩️ Collection of BloodHound queries for Azure
  ☆74Updated 6 months ago
• HackmichNet / AzTokenFinder
  ☆106Updated 2 years ago
• techspence / BadShares
  A tool to create randomly insecure file shares that also contain unsecured credential files
  ☆43Updated last year
• improsec / 2Cloudz
  ☆25Updated 3 years ago
• FuzzySecurity / SANS-HackFest-2023
  ☆49Updated last year
• bouj33boy / Domain-Persistence-Detection-Triage-and-Recovery-SO-CON-2024
  Resources Links for the Research Based on Josh Prager and Nico Shyne's
  ☆13Updated 8 months ago
• kiwids0220 / deviceCode2WinHello
  A small script that automates Entra ID persistence with Windows Hello For Business key
  ☆57Updated 4 months ago
• secureworks / TokenMan
  ☆100Updated 2 years ago
• secureworks / primary-refresh-token-viewer
  ☆11Updated 2 years ago
• nyxgeek / azure_survey_2025
  results of scraping OneDrive from February 2022 - March 2025
  ☆25Updated 2 months ago
• MorDavid / DCSyncHound
  This script analyzes the DCSync output file from several tools (such as Mimikatz, Secretsdump and SharpKatz...)
  ☆47Updated 3 months ago
• spyr0-sec / AutomatedBadLab
  PowerShell scripts to create sandboxed or vulnerable environments using HyperV and AutomatedLab
  ☆85Updated this week
• secureworks / BAADTokenBroker
  ☆99Updated 3 weeks ago
• bagelByt3s / ludus_adfs
  An Ansible collection that installs an ADFS deployment with optional configurations.
  ☆40Updated 6 months ago
• atomicchonk / roadrecon_mcp_server
  Claude MCP server to perform analysis on ROADrecon data
  ☆41Updated 3 months ago
• ASOT-LABS / TeamsBreaker
  ☆46Updated last year
• PwnDefend / Active_Directory_ADSI_Audit_Powershell
  blame Huy
  ☆42Updated 4 years ago
• Semperis / SilverSamlForger
  Silver SAML forgery tool
  ☆53Updated last year
• notEricaZelic / M365AdminAccessReviewer
  Shows which M365 Objects have Privileged Access and what type (i.e. PIM, Direct, Currently Elevated)
  ☆27Updated last month
• thalpius / Microsoft-Defender-for-Identity-Check-Instance
  This script gets all accepted domains in Microsoft 365 using autodiscover, gets the tenant name and checks if there is a Microsoft Defend…
  ☆24Updated last year
• zh54321 / GraphPreConsentExplorer
  A comprehensive list of usable Entra ID first-party clients with pre-consented Microsoft Graph scopes, in a simple YAML-file explorable w…
  ☆117Updated 3 months ago
• NetSPI / FuncoPop
  Tools for attacking Azure Function Apps
  ☆82Updated 8 months ago
• sse-secure-systems / Active-Directory-Spotlights
  ☆37Updated last year
• GabrielDuschl / Automated-CME-Password-Spraying
  A script designed to test passwords against user accounts within an Active Directory environment, offering customizable Account Lockout T…
  ☆14Updated last year
• Phil0x4a / msuserstats
  msuserstats is a comprehensive Powershell tool to manage accounts from Microsoft Entra ID and Active Directory. It supports: a unified vi…
  ☆41Updated 4 months ago
• olafhartong / BHCEupload
  A small go tool to upload JSON files to the BloodHound community edition API
  ☆30Updated last year