.svg){kind=icon}
HardenSysvol is an open-source tool developed by the HardenAD Community to complement Active Directory audit tools by analyzing GPOs and scripts on Sysvol folder. It is ready-to-use, easy to deploy, and requires no complex configurations (no elevated privileges or EDR deactivation needed).
Policy Module for Microsoft Active Directory Certificate Services.
TameMyCerts is a policy module for Microsoft Active Directory Certificate Services (AD CS) enterprise certification authorities that enables security automation for a lot of use cases in the PKI field.
Monitor changes in Active Directory with replication metadata.
Tool for monitor Active Directory changes in real time without getting all objects. Instead of this it use replication metadata and Update Sequence Number (USN) to filter current properties of objects.
Document Your Datacenter With PowerShell.
As Built Report is an open source configuration document framework which utilises Microsoft PowerShell to produce as-built documentation in multiple document formats for multiple vendors and technologies. The framework allows users to easily generate clear and consistent documentation, for any environment which supports Microsoft PowerShell and/or a RESTful API.
This module provides an easy way to cleanup Active Directory from dead/old objects based on various criteria. It can also disable, move or delete objects. It can utilize Azure AD, Intune and Jamf to get additional information about objects before deleting them.
CleanupMonster is a PowerShell module to that helps you clean up Active Directory. It's a complete solution that allows you to remove stale Computer (Users will be added in future) objects from Active Directory. It's a very advanced module with many options and you can easily customize it to your needs. Please make sure to run this module with proper permissions or you may get wrong results. By default Active Directory domain allows a standard user to read LastLogonDate and LastPasswordSet attributes. If you have changed those settings you may need to run the module with elevated permissions even for reporting needs.
Credentials gathering tool automating remote procdump and parse of lsass process.
Spraykatz is a tool without any pretention able to retrieve credentials on Windows machines and large Active Directory environments.
It simply tries to procdump machines and parse dumps remotely in order to avoid detections by antivirus softwares as much as possible.
This project is specifically made for brand new directories and ease their creation with all security rules in place:
-
Remove legacy protocols/setup used by Microsoft for compliance purposes
-
Enforce the use of modern alogrithm for cyphering and authentication
-
Enforce LDAPS when a client requests a connection to your DC
-
Enforce the default password strategy to match with modern expectation
-
Add other Domain Controllers to your secured domain
Active Directory Security Assessment. Close Active Directory and Entra ID Security Gaps.
Find and fix security vulnerabilities in AD, now Entra ID, and Okta with Purple Knight, a free AD security vulnerability assessment that helps you uncover hundreds of AD indicators of exposure (IOEs) and compromise (IOCs). Quickly conduct a security assessment of AD—involved in 9 out of 10 cyberattacks.
BTA is an open-source Active Directory security audit framework.
AD Miner is an Active Directory audit tool that leverages cypher queries to crunch data from the #Bloodhound graph database to uncover security weaknesses.
ADMiner is an Active Directory audit tool that leverages cypher queries to crunch data from the BloodHound graph database (neo4j) and gives you a global overview of existing weaknesses through a web-based static report, including detailed listing, dynamic graphs, key indicators history, along with risk ratings.
- AD Miner - Analyse Active Directory — Emilien Vannier, Jean-Michel Besnard, Tanguy Boisset @ SSTIC :fr:.
- Episode #461 consacré à ADMiner avec Jean-Michel BESNARD @ NoLimitSecu :fr:.
- Not All Paths are Created Equal -- Attackers' Economy (Part 1) @ Riccardo Ancarani - Red Team Adventures.
- Graph theory to assess Active Directory : Smartest vs. Shortest Control Paths @ Jean-Michel BESNARD's LinkedIn.
Identify the accounts most vulnerable to dictionary attacks.
PassTester is a tool for finding user passwords that are most vulnerable to dictionary attacks. The aim is to prompt the users concerned to choose a more secure password.
Input NT/LM hashes in hex format, one per line
The intention with this site is to help you get rid of easy to crack passwords. We have a huge collection of easy to break passwords that are looked up with a one-way hashed version of the password.
The ldap2json script allows you to extract the whole LDAP content of a Windows domain into a JSON file.
Secure infrastructure in minutes. Hardening Active Directory and Office 365.
Trying to tame the three-headed dog.
Rubeus is a C# toolset for raw Kerberos interaction and abuses.
A little tool to play with Windows security.
BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory or Azure environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory or Azure environment.
Active Directory data collector for BloodHound written in Rust. 🦀
RustHound generates users, groups, computers, OUs, GPOs, containers, and domain JSON files that can be analyzed with BloodHound.
Snaffler is a tool for pentesters and red teamers to help find delicious candy needles (creds mostly, but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment).
An ADCS Exploitation Automation Tool Weaponizing Certipy and Coercer.
ADCSKiller is a Python-based tool designed to automate the process of discovering and exploiting Active Directory Certificate Services (ADCS) vulnerabilities. It leverages features of Certipy and Coercer to simplify the process of attacking ADCS infrastructure. Please note that the ADCSKiller is currently in its first drafts and will undergo further refinements and additions in future updates for sure.