#
Windows
#
Active Directory
- Aced - A tool to parse and resolve a single targeted Active Directory principal's DACL)
- BadBlood - Fills a Microsoft Active Directory Domain with a structure and thousands of objects.
- BloodHound - Six Degrees of Domain Admin.
- Certify - Active Directory certificate abuse.
- CrackMapExec - A swiss army knife for pentesting networks.
- SCCMHunter - tool built to streamline identifying, profiling, and attacking SCCM related assets in an Active Directory domain.
- WinPwn - Automation for internal Windows Penetrationtest / AD-Security.
#
Bitlocker
- Bitleaker - This tool can decrypt a BitLocker-locked partition with the TPM vulnerability.
#
Cheatsheets
- LOLBAS - Living Off The Land Binaries and Scripts.
#
Credentials
- LaZagne - Credentials recovery project
- Redsnarf - Tool for retrieving hashes and credentials from Windows workstations, servers and domain controllers using OpSec Safe Techniques.
- SCOMDecrypt - Tool to decrypt stored RunAs credentials from SCOM servers.
#
Exchange
- MailSniper - A penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms
- Ruler - A tool to abuse Exchange services.
#
Interprocess Communication
- pipe-intercept - Intercept Windows Named Pipes communication.
#
Kerberos
- Kerberoast - A series of tools for attacking MS Kerberos implementations.
- Pykek - A python library to manipulate KRB5-related data.
- Rubeus - A C# toolset for raw Kerberos interaction and abuses.
#
Kernel
- Fibratus - A modern tool for Windows kernel exploration and tracing with a focus on security.
- Vergilius - Take a look into the depths of Windows kernels and reveal more than 60000+ undocumented structures. The descent into Hell is easy!
#
Memory
#
Post Exploitation
- CredNinja - A multithreaded tool designed to identify if credentials are valid, invalid, or local admin valid credentials within a network at-scale via SMB.
- Mimikatz - Experiments with Windows security.
#
Powershell
- iBombshell - Tool to deploy a post-exploitation prompt at any time.
- Pentestly - Python and Powershell internal penetration testing framework.
- Powershell Suite - A collection of PowerShell utilities.
- Stracciatella - OpSec-safe Powershell runspace from within C# with AMSI, Constrained Language Mode and Script Block Logging disabled at startup.
#
RDP
- PowerRemoteDesktop - Remote Desktop entirely coded in PowerShell.
- SharpRDP - Remote Desktop Protocol .NET Console Application for Authenticated Command Execution.
#
RPC
- rpcenum - Bash tool to extract info from a domain via RPCClient.
#
Scripts
- LOLBAS - Living Off The Land Binaries and Scripts.
- Macshift - Windows command-line application changes the MAC address of a given network adapter on the current machine to a random or given value.
- Windows-Pentest - Windows Pentest Scripts.