.svg){kind=icon}
email
BTA is an open-source Active Directory security audit framework.
AD Miner is an Active Directory audit tool that leverages cypher queries to crunch data from the #Bloodhound graph database to uncover security weaknesses.
ADMiner is an Active Directory audit tool that leverages cypher queries to crunch data from the BloodHound graph database (neo4j) and gives you a global overview of existing weaknesses through a web-based static report, including detailed listing, dynamic graphs, key indicators history, along with risk ratings.
- AD Miner - Analyse Active Directory — Emilien Vannier, Jean-Michel Besnard, Tanguy Boisset @ SSTIC
. - Episode #461 consacré à ADMiner avec Jean-Michel BESNARD @ NoLimitSecu .
- Not All Paths are Created Equal -- Attackers' Economy (Part 1) @ Riccardo Ancarani - Red Team Adventures.
- Graph theory to assess Active Directory : Smartest vs. Shortest Control Paths @ Jean-Michel BESNARD's LinkedIn.
Identify the accounts most vulnerable to dictionary attacks.
PassTester is a tool for finding user passwords that are most vulnerable to dictionary attacks. The aim is to prompt the users concerned to choose a more secure password.
Input NT/LM hashes in hex format, one per line
The intention with this site is to help you get rid of easy to crack passwords. We have a huge collection of easy to break passwords that are looked up with a one-way hashed version of the password.
The ldap2json script allows you to extract the whole LDAP content of a Windows domain into a JSON file.
Secure infrastructure in minutes. Hardening Active Directory and Office 365.
Trying to tame the three-headed dog.
Rubeus is a C# toolset for raw Kerberos interaction and abuses.
A little tool to play with Windows security.
BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory or Azure environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory or Azure environment.
Active Directory data collector for BloodHound written in Rust. 
RustHound generates users, groups, computers, OUs, GPOs, containers, and domain JSON files that can be analyzed with BloodHound.
Snaffler is a tool for pentesters and red teamers to help find delicious candy needles (creds mostly, but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment).
An ADCS Exploitation Automation Tool Weaponizing Certipy and Coercer.
ADCSKiller is a Python-based tool designed to automate the process of discovering and exploiting Active Directory Certificate Services (ADCS) vulnerabilities. It leverages features of Certipy and Coercer to simplify the process of attacking ADCS infrastructure. Please note that the ADCSKiller is currently in its first drafts and will undergo further refinements and additions in future updates for sure.
#1 Active Directory security assessment community tool
Active Directory, Azure AD (now called Entra ID), and Okta vulnerabilities can give attackers virtually unrestricted access to your organization’s network and resources. Semperis built Purple Knight—a free AD, Azure AD, and Okta security assessment tool—to help you discover indicators of exposure (IoEs) and indicators of compromise (IoCs) in your hybrid AD environment. Download Purple Knight and dramatically reduce your AD attack surface today.
PowerHuntShares is an audit script designed in inventory, analyze, and report excessive privileges configured on Active Directory domains.
PowerHuntShares is PowerShell tool designed to help cybersecurity teams
and penetration testers better identify, understand, attack,
and remediate SMB shares in the Active Directory environments they protect.
Sources:
Get Active Directory Security at 80% in 20% of the time.
PingCastle is an Active Directory vunerability and misconfiguration scanner.
TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts.
Web interface to change and reset password in an LDAP directory.
Self Service Password is a PHP application that allows users to change their password in an LDAP directory.
The application can be used on standard LDAPv3 directories (OpenLDAP, OpenDS, ApacheDS, Sun Oracle DSEE, Novell, etc.) and also on Active Directory.
LDAP Tool Box project
Because even LDAP administrators need help
FusionDirectory is only a web interface in front of Directory using LDAP v3 protocol.
Thanks to this, the user only see the informations stored inside the directory not the container, attributes names or other technical informations which could complexify informations and configuration management
Resara Server Community Edition is an open source Linux domain controller and file server solution based on Samba4. It is incredibly easy-to-use and requires no Linux expertise to setup or maintain. Please download and try for yourself! Get involved!