The GPOddity project, aiming at automating GPO attack vectors through NTLM relaying (and more).

Related contents:

• GPOddity: Et si vos GPO devenaient votre pire cauchemar Active Directory ? @ Laurent Biagiotti's LinkedIn .

Adalanche is an Attack Graph Visualizer and Explorer for Active Directory.
It shows the permissions users and groups have in an Active Directory.
It's useful for visualizing and exploring who can take over accounts, machines,
or the entire domain.
It can find and show misconfigurations.

Related contents:

• Plongez au Cœur des Attaques de votre Active Directory !
  @ Laurent Biagiotti's LinkedIn .

AADInternals is PowerShell module for administering Azure AD and Office 365.

• AADInternals @ GitHub.
• AADInternals documentation.

PowerShell scripts for alternative SharpHound enumeration, including users, groups, computers, and certificates, using the ActiveDirectory module (ADWS) or System.DirectoryServices class (LDAP).

ShadowHound is a set of PowerShell scripts for Active Directory enumeration without the need for introducing known-malicious binaries like SharpHound. It leverages native PowerShell capabilities to minimize detection risks and offers two methods for data collection.

Related contents:

• Pentester d'Active Directory: cet outil est pour toi ! @ Laurent Biagiotti's LinkedIn .

linWinPwn is a bash script that wraps a number of Active Directory tools for enumeration (LDAP, RPC, ADCS, MSSQL, Kerberos), vulnerability checks (noPac, ZeroLogon, MS17-010, MS14-068), object modifications (password change, add user to group, RBCD, Shadow Credentials) and password dumping (secretsdump, lsassy, nanodump, DonPAPI). The script streamlines the use of a large number of tools: impacket, bloodhound, netexec, enum4linux-ng, ldapdomaindump, lsassy, smbmap, kerbrute, adidnsdump, certipy, silenthound, bloodyAD, DonPAPI and many others.

Related contents:

• LinWinPwn : Testez votre Active Directory! @ Laurent Biagiotti's LinkedIn .

Find vulnerabilities in AD Group Policy, but do it better than Grouper2 did.

Like its ancestors, Group3r is a tool for pentesters and red teamers to rapidly enumerate relevant settings in AD Group Policy, and to identify exploitable misconfigurations in same. It does this by talking LDAP to Domain Controllers, parsing GPO config files off the domain SYSVOL share, and also by looking at other files (usually on file shares) that are referenced within GPOs, like scripts, MSI packages, exes, etc.

Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab

Assess the security of your Active Directory with few or all privileges.

Assess the security of your Active Directory with few or all privileges. This tool offers functionalities similar to PingCastle, ORADAD, or even PurpleKnight (with some bonuses).

Related contents:

• Renforcez la sécurité de votre Active Directory avec ADcheck @ ATTEIB H.(BirackInit)'s LinkedIn .

GPOZaurr is a PowerShell module that aims to gather information about Group Policies but also allows fixing issues that you may find in them. GPOZaurr provides 360 degrees of information about Group Policies and their settings.

Active Directory Group Policy Security Analyzer.

A security assessment tool for analyzing Active Directory Group Policy Objects (GPOs) to identify misconfigurations and vulnerabilities.

GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory Group Policy Objects (GPOs). It automates security checks and provides detailed reports on potential vulnerabilities, helping administrators secure their environments.

ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.

• ADRecon, un outil en PowerShell pour collecter des informations sur l’Active Directory @ IT-Connect .

Game Of Active Directory is a free pentest active directory LAB(s) project.

The purpose of this tool is to give pentesters a vulnerable Active directory environment ready to use to practice usual attack techniques. The idea behind this project is to give you an environment where you can try and train your pentest skills without having the pain to build all by yourself. This repository was build for pentest practice

• Game Of Active Directory @ GitHub.

HardenSysvol is an open-source tool developed by the HardenAD Community to complement Active Directory audit tools by analyzing GPOs and scripts on Sysvol folder. It is ready-to-use, easy to deploy, and requires no complex configurations (no elevated privileges or EDR deactivation needed).

• Sécurité Active Directory : détectez les vulnérabilités dans les GPO et les scripts avec HardenSysvol ! @ IT-Connect .
• Audit AD : débusquez les vulnérabilités dans les scripts et les GPO @ IT-Connect's YouTube .

Policy Module for Microsoft Active Directory Certificate Services.

TameMyCerts is a policy module for Microsoft Active Directory Certificate Services (AD CS) enterprise certification authorities that enables security automation for a lot of use cases in the PKI field.

Monitor changes in Active Directory with replication metadata.

Tool for monitor Active Directory changes in real time without getting all objects. Instead of this it use replication metadata and Update Sequence Number (USN) to filter current properties of objects.

• ADSpider - Monitor changes in Active Directory with replication metadata @ Laurent M.'s LinkedIn .

Document Your Datacenter With PowerShell.

As Built Report is an open source configuration document framework which utilises Microsoft PowerShell to produce as-built documentation in multiple document formats for multiple vendors and technologies. The framework allows users to easily generate clear and consistent documentation, for any environment which supports Microsoft PowerShell and/or a RESTful API.

• AsBuiltReport.Core @ GitHub.
• Microsoft AD As Built Report @ GitHub.
• HomeLab: Active Directory Documentation using AsBuiltReport @ TechMyth.

This module provides an easy way to cleanup Active Directory from dead/old objects based on various criteria. It can also disable, move or delete objects. It can utilize Azure AD, Intune and Jamf to get additional information about objects before deleting them.

CleanupMonster is a PowerShell module to that helps you clean up Active Directory. It's a complete solution that allows you to remove stale Computer (Users will be added in future) objects from Active Directory. It's a very advanced module with many options and you can easily customize it to your needs. Please make sure to run this module with proper permissions or you may get wrong results. By default Active Directory domain allows a standard user to read LastLogonDate and LastPasswordSet attributes. If you have changed those settings you may need to run the module with elevated permissions even for reporting needs.

Related contents

• Ordinateurs inactifs : comment nettoyer l’Active Directory avec CleanupMonster ? @ IT Connect .

Credentials gathering tool automating remote procdump and parse of lsass process.

Spraykatz is a tool without any pretention able to retrieve credentials on Windows machines and large Active Directory environments.

It simply tries to procdump machines and parse dumps remotely in order to avoid detections by antivirus softwares as much as possible.

• Spraykatz, alat penguji Windows @ ZdanSec.

This project is specifically made for brand new directories and ease their creation with all security rules in place:

• Remove legacy protocols/setup used by Microsoft for compliance purposes
• Enforce the use of modern alogrithm for cyphering and authentication
• Enforce LDAPS when a client requests a connection to your DC
• Enforce the default password strategy to match with modern expectation
• Add other Domain Controllers to your secured domain

Related contents:

• Comment créer un domaine Active Directory respectueux des bonnes pratiques de sécurité ? @ IT Connect .

Active Directory Security Assessment. Close Active Directory and Entra ID Security Gaps.

Find and fix security vulnerabilities in AD, now Entra ID, and Okta with Purple Knight, a free AD security vulnerability assessment that helps you uncover hundreds of AD indicators of exposure (IOEs) and compromise (IOCs). Quickly conduct a security assessment of AD—involved in 9 out of 10 cyberattacks.