- Create Vulnerable AD Lab
- AD Pentesting Cheat Sheets
- AD Pentesting Cheat-Sheets
- This one contains an AMAZING amount of info on AD for Pentesters and Red Teams
- S1ckB0y1337 Active Directory Exploitation Cheat-Sheet
- HackTheBox AD Pentesting Cheat-Sheet
- HackTricks AD Methodology
- The Hacker Recipes
- ired.team AD and Kerberos Cheat Sheets
- AD Pentesting Cheat-Sheets
- BloodHound CE
- BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory or Azure environment
- Attackers can use BloodHound to quickly identify highly complex attack paths that would otherwise be impossible to find
- Defenders can use BloodHound to identify and eliminate those same attack paths
- Both red and blue teams can use BloodHound to better understand privileged relationships in an Active Directory or Azure environment
- GoodHound
- GoodHound operationalises Bloodhound by determining the busiest paths to high value targets and creating actionable output to prioritise remediation of attack paths
- ADalanche
- Adalanche instantly reveals what permissions users and groups have in an Active Directory
- It is useful for visualizing and exploring
- Who can take over accounts, machines or the entire domain
- Find and show misconfigurations
- Hardening Kitty
- Intended use is for Windows system hardening
- Can be used to test for weak configurations
- Delinea Weak Password Finder
- Free tool to quickly discover weak passwords in AD
- Rubeus
- A C# toolset for raw Kerberos interaction and abuses
- Seatbelt
- A C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives
- Microsoft Security Compliance Toolkit
- This set of tools allows enterprise security administrators to download, analyze, test, edit and store Microsoft-recommended security configuration baselines for Windows and other Microsoft products, while comparing them against other security configurations
- Semperis Forest Druid
- Focuses on attack paths leading into the Tier 0 perimeter in hybrid identity environments—saving time by prioritizing your most critical assets
- Semperis Purple Knight
- A free AD, Entra ID, and Okta security assessment tool—to help you discover indicators of exposure (IoEs) and indicators of compromise (IoCs) in your hybrid AD environment
- Group3r
- A tool for pentesters and red teamers to rapidly enumerate relevant settings in AD Group Policy, and to identify exploitable misconfigurations
- LockSmith
- A tool built to find and fix common misconfigurations in Active Directory Certificate Services
- BlueTuxedo
- A tool built to find and fix common misconfigurations in Active Directory-Integrated DNS
- Also a little bit of DHCP
- A tool built to find and fix common misconfigurations in Active Directory-Integrated DNS
- Empire
- A post-exploitation and adversary emulation C2 framework that is used to aid Red Teams and Penetration Testers
- Starkiller
- Frontend for Empire
- PowerSploit
- A collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment
- SharpSploit
- A .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers
- Ping Castle
- An Active Directory health and security audit tool
- Specifically designed to assess the security posture of an AD environment and provides a report with detailed findings
- ADRecon
- Extracts and combines various artefacts out of an AD environment
- GPOZaurr
- Group Policy Eater is a PowerShell module that aims to gather information about Group Policies
- Also allows fixing issues that you may find in them
- Provides 360 degrees of information about Group Policies and their settings
- PowerPUG
- A tiny tool built to help Active Directory (AD) admins, operators, and defenders smoothly transition their most sensitive users (Domain Admins, etc.) into the AD Protected Users group (PUG) with minimal complications.
- PlumHound
- Released as Proof of Concept for Blue and Purple teams to more effectively use BloodHoundAD in continual security life-cycles by utilizing the BloodHoundAD pathfinding engine to identify Active Directory security vulnerabilities resulting from business operations, procedures, policies and legacy service operations
- The Respotter Honepot
- This application detects active instances of Responder by taking advantage of the fact that Responder will respond to any DNS query
- Atomic Purple Team
- A business/organizational concept designed to assist organizations in building, deploying, maintaining, and justying Attack-Detect-Defend Infosec Exercises