Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

Username tools for penetration testing

MaxMind's GeoIP2 GeoLite2 Country, City, and ASN databases

PowerShell MachineAccountQuota and DNS exploit tools

GolenGMSA tool for working with GMSA passwords

Active Directory ACL Visualizer and Explorer - who's really Domain Admin? (Commerical versions available from NetSection)

Proof-of-Concept tool to authenticate to an LDAP/S server with a certificate through Schannel

PowerShell Pass The Hash Utils

Active Directory certificate abuse.

An ADCS Exploitation Automation Tool Weaponizing Certipy and Coercer

A list of methods to coerce a windows machine to authenticate to an attacker-controlled machine through a Remote Procedure Call (RPC) with various protocols.

A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.

Your MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS, LLMNR and NetBIOS-NS spoofing.

A script that you can run in the background!

Partial python implementation of SharpGPOAbuse

SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by…

ScriptSentry finds misconfigured and dangerous logon scripts.

Python version of the C# tool for "Shadow Credentials" attacks

Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, effectively adding "Shadow Credentials" to the target account.

Kerberoast with ACL abuse capabilities

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…

Enabling the Windows Subsystem for Linux to include support for Wayland and X server related scenarios

PoC tool to coerce Windows hosts authenticate to other machines via the MS-RPRN RPC interface. This is possible via other protocols as well.

Nala is a front-end for libapt-pkg.

Universal MCT wrapper script for all Windows 10/11 versions from 1507 to 21H2!

Chris Titus Tech's Windows Utility - Install Programs, Tweaks, Fixes, and Updates

Kerberos unconstrained delegation abuse toolkit

MS17-010

Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab