BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions

Outil de récupération automatique des données de l'Active Directory / Automated tool for dumping Active Directory data

Convert .reg to registry hive and reciprocally, without elevation

LDAP Swiss Army Knife

Automatic SQL injection and database takeover tool

Dump Azure AD Connect credentials for Azure AD and Active Directory

Generate BloodHound compatible JSON from logs written by ldapsearch BOF, pyldapsearch and Brute Ratel's LDAP Sentinel

Сollection of TCL scripts for Cisco IOS penetration testing

SharPyShell - tiny and obfuscated ASP.NET webshell for C# web applications

Compile SharpHound and others on Linux

Lockless allows for the copying of locked files.

A slightly more fun way to disable windows defender + firewall. (through the WSC api)

Azure Data Exporter for BloodHound

A simple Toolkit to BF and decrypt Windows EntraId CacheData

smbclient-ng, a fast and user friendly way to interact with SMB shares.

A tool to crack WPA2 passphrase with PMKID value without clients or de-authentication

Fileless atexec, no more need for port 445

Bring your own print driver privilege escalation tool

Exploits for CNEXT (CVE-2024-2961), a buffer overflow in the glibc's iconv()

Assess the security of your Active Directory with few or all privileges.

mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse

Make everyone in your VLAN ASRep roastable

A PowerShell script to perform PKINIT authentication with the Windows API from a non domain-joined machine.

Python script to enumerate valid Microsoft 365 domains, retrieve tenant name, and check for an MDI instance.

Find and verify secrets

RunasCs - Csharp and open version of windows builtin runas.exe