# Windows

# Active Directory

  • Aced - A tool to parse and resolve a single targeted Active Directory principal's DACL) last-commit
  • BadBlood - Fills a Microsoft Active Directory Domain with a structure and thousands of objects. last-commit
  • BloodHound - Six Degrees of Domain Admin. last-commit
  • Certify - Active Directory certificate abuse. last-commit
  • CrackMapExec - A swiss army knife for pentesting networks. last-commit
  • SCCMHunter - tool built to streamline identifying, profiling, and attacking SCCM related assets in an Active Directory domain. last-commit
  • WinPwn - Automation for internal Windows Penetrationtest / AD-Security. last-commit

# Bitlocker

  • Bitleaker - This tool can decrypt a BitLocker-locked partition with the TPM vulnerability. last-commit

# Cheatsheets

  • LOLBAS - Living Off The Land Binaries and Scripts. last-commit

# Credentials

  • LaZagne - Credentials recovery project last-commit
  • Redsnarf - Tool for retrieving hashes and credentials from Windows workstations, servers and domain controllers using OpSec Safe Techniques. last-commit
  • SCOMDecrypt - Tool to decrypt stored RunAs credentials from SCOM servers. last-commit

# Exchange

  • MailSniper - A penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms last-commit
  • Ruler - A tool to abuse Exchange services. last-commit

# Interprocess Communication

# Kerberos

  • Kerberoast - A series of tools for attacking MS Kerberos implementations. last-commit
  • Pykek - A python library to manipulate KRB5-related data. last-commit
  • Rubeus - A C# toolset for raw Kerberos interaction and abuses. last-commit

# Kernel

  • Fibratus - A modern tool for Windows kernel exploration and tracing with a focus on security. last-commit
  • Vergilius - Take a look into the depths of Windows kernels and reveal more than 60000+ undocumented structures. The descent into Hell is easy!

# Memory

  • Blackbone - DLL scatter manual mapper. last-commit
  • PPLdump - Dump the memory of a PPL with a userland exploit. last-commit

# Post Exploitation

  • CredNinja - A multithreaded tool designed to identify if credentials are valid, invalid, or local admin valid credentials within a network at-scale via SMB. last-commit
  • Mimikatz - Experiments with Windows security. last-commit

# Powershell

  • iBombshell - Tool to deploy a post-exploitation prompt at any time. last-commit
  • Pentestly - Python and Powershell internal penetration testing framework. last-commit
  • Powershell Suite - A collection of PowerShell utilities. last-commit
  • Stracciatella - OpSec-safe Powershell runspace from within C# with AMSI, Constrained Language Mode and Script Block Logging disabled at startup. last-commit


  • PowerRemoteDesktop - Remote Desktop entirely coded in PowerShell. last-commit
  • SharpRDP - Remote Desktop Protocol .NET Console Application for Authenticated Command Execution. last-commit


  • rpcenum - Bash tool to extract info from a domain via RPCClient. last-commit

# Scripts

  • LOLBAS - Living Off The Land Binaries and Scripts. last-commit
  • Macshift - Windows command-line application changes the MAC address of a given network adapter on the current machine to a random or given value. last-commit
  • Windows-Pentest - Windows Pentest Scripts. last-commit