This project automates the creation of a complete security lab environment for detection engineering and attack simulation. With a single command, it deploys three virtual machines: a fully configured Splunk server, a Windows Server Active Directory Domain Controller with advanced logging, and a Splunk SOAR server for automated response capabilities.

Aced is a tool to parse and resolve a single targeted Active Directory principal's DACL. Aced will identify interesting inbound access allowed privileges against the targeted account, resolve the SIDS of the inbound permissions, and present that data to the operator. Additionally, the logging features of pyldapsearch have been integrated with Aced to log the targeted principal's LDAP attributes locally which can then be parsed by pyldapsearch's companion tool BOFHound to ingest the collected data into BloodHound.

The GPOddity project, aiming at automating GPO attack vectors through NTLM relaying (and more).

Related contents:

• GPOddity: Et si vos GPO devenaient votre pire cauchemar Active Directory ? @ Laurent Biagiotti's LinkedIn :fr:.

Adalanche is an Attack Graph Visualizer and Explorer for Active Directory. It shows the permissions users and groups have in an Active Directory. It's useful for visualizing and exploring who can take over accounts, machines, or the entire domain. It can find and show misconfigurations.

Related contents:

• ⚠️⚠️⚠️ Plongez au Cœur des Attaques de votre Active Directory ! @ Laurent Biagiotti's LinkedIn :fr:.

AADInternals is PowerShell module for administering Azure AD and Office 365.

• AADInternals @ GitHub.
• AADInternals documentation.

PowerShell scripts for alternative SharpHound enumeration, including users, groups, computers, and certificates, using the ActiveDirectory module (ADWS) or System.DirectoryServices class (LDAP).

ShadowHound is a set of PowerShell scripts for Active Directory enumeration without the need for introducing known-malicious binaries like SharpHound. It leverages native PowerShell capabilities to minimize detection risks and offers two methods for data collection.

Related contents:

• 🚨 Pentester d'Active Directory: cet outil est pour toi ! 🚨 @ Laurent Biagiotti's LinkedIn :fr:.

linWinPwn is a bash script that wraps a number of Active Directory tools for enumeration (LDAP, RPC, ADCS, MSSQL, Kerberos), vulnerability checks (noPac, ZeroLogon, MS17-010, MS14-068), object modifications (password change, add user to group, RBCD, Shadow Credentials) and password dumping (secretsdump, lsassy, nanodump, DonPAPI). The script streamlines the use of a large number of tools: impacket, bloodhound, netexec, enum4linux-ng, ldapdomaindump, lsassy, smbmap, kerbrute, adidnsdump, certipy, silenthound, bloodyAD, DonPAPI and many others.

Related contents:

• 🚨 LinWinPwn : Testez votre Active Directory! 🚨 @ Laurent Biagiotti's LinkedIn :fr:.

Find vulnerabilities in AD Group Policy, but do it better than Grouper2 did.

Like its ancestors, Group3r is a tool for pentesters and red teamers to rapidly enumerate relevant settings in AD Group Policy, and to identify exploitable misconfigurations in same. It does this by talking LDAP to Domain Controllers, parsing GPO config files off the domain SYSVOL share, and also by looking at other files (usually on file shares) that are referenced within GPOs, like scripts, MSI packages, exes, etc.

Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab

Assess the security of your Active Directory with few or all privileges.

Assess the security of your Active Directory with few or all privileges. This tool offers functionalities similar to PingCastle, ORADAD, or even PurpleKnight (with some bonuses).

Related contents:

• Renforcez la sécurité de votre Active Directory avec ADcheck @ ATTEIB H.(BirackInit)'s LinkedIn :fr:.

GPOZaurr is a PowerShell module that aims to gather information about Group Policies but also allows fixing issues that you may find in them. GPOZaurr provides 360 degrees of information about Group Policies and their settings.

Active Directory Group Policy Security Analyzer.

A security assessment tool for analyzing Active Directory Group Policy Objects (GPOs) to identify misconfigurations and vulnerabilities.

GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory Group Policy Objects (GPOs). It automates security checks and provides detailed reports on potential vulnerabilities, helping administrators secure their environments.

ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.

• ADRecon, un outil en PowerShell pour collecter des informations sur l’Active Directory @ IT-Connect :fr:.

Game Of Active Directory is a free pentest active directory LAB(s) project.

The purpose of this tool is to give pentesters a vulnerable Active directory environment ready to use to practice usual attack techniques. The idea behind this project is to give you an environment where you can try and train your pentest skills without having the pain to build all by yourself. This repository was build for pentest practice 🙂

• Game Of Active Directory @ GitHub.

HardenSysvol is an open-source tool developed by the HardenAD Community to complement Active Directory audit tools by analyzing GPOs and scripts on Sysvol folder. It is ready-to-use, easy to deploy, and requires no complex configurations (no elevated privileges or EDR deactivation needed).

• Sécurité Active Directory : détectez les vulnérabilités dans les GPO et les scripts avec HardenSysvol ! @ IT-Connect :fr:.
• Audit AD : débusquez les vulnérabilités dans les scripts et les GPO @ IT-Connect's YouTube :fr:.

Policy Module for Microsoft Active Directory Certificate Services.

TameMyCerts is a policy module for Microsoft Active Directory Certificate Services (AD CS) enterprise certification authorities that enables security automation for a lot of use cases in the PKI field.

Monitor changes in Active Directory with replication metadata.

Tool for monitor Active Directory changes in real time without getting all objects. Instead of this it use replication metadata and Update Sequence Number (USN) to filter current properties of objects.

• 🛠ADSpider - Monitor changes in Active Directory with replication metadata @ Laurent M.'s LinkedIn :fr:.

Document Your Datacenter With PowerShell.

As Built Report is an open source configuration document framework which utilises Microsoft PowerShell to produce as-built documentation in multiple document formats for multiple vendors and technologies. The framework allows users to easily generate clear and consistent documentation, for any environment which supports Microsoft PowerShell and/or a RESTful API.

• AsBuiltReport.Core @ GitHub.
• Microsoft AD As Built Report @ GitHub.
• HomeLab: Active Directory Documentation using AsBuiltReport @ TechMyth.

This module provides an easy way to cleanup Active Directory from dead/old objects based on various criteria. It can also disable, move or delete objects. It can utilize Azure AD, Intune and Jamf to get additional information about objects before deleting them.

CleanupMonster is a PowerShell module to that helps you clean up Active Directory. It's a complete solution that allows you to remove stale Computer (Users will be added in future) objects from Active Directory. It's a very advanced module with many options and you can easily customize it to your needs. Please make sure to run this module with proper permissions or you may get wrong results. By default Active Directory domain allows a standard user to read LastLogonDate and LastPasswordSet attributes. If you have changed those settings you may need to run the module with elevated permissions even for reporting needs.

Related contents

• Ordinateurs inactifs : comment nettoyer l’Active Directory avec CleanupMonster ? @ IT Connect :fr:.

Credentials gathering tool automating remote procdump and parse of lsass process.

Spraykatz is a tool without any pretention able to retrieve credentials on Windows machines and large Active Directory environments.

It simply tries to procdump machines and parse dumps remotely in order to avoid detections by antivirus softwares as much as possible.

• Spraykatz, alat penguji Windows @ ZdanSec.

This project is specifically made for brand new directories and ease their creation with all security rules in place:

• Remove legacy protocols/setup used by Microsoft for compliance purposes
• Enforce the use of modern alogrithm for cyphering and authentication
• Enforce LDAPS when a client requests a connection to your DC
• Enforce the default password strategy to match with modern expectation
• Add other Domain Controllers to your secured domain

Related contents:

• Comment créer un domaine Active Directory respectueux des bonnes pratiques de sécurité ? @ IT Connect :fr:.

Active Directory Security Assessment. Close Active Directory and Entra ID Security Gaps.

Find and fix security vulnerabilities in AD, now Entra ID, and Okta with Purple Knight, a free AD security vulnerability assessment that helps you uncover hundreds of AD indicators of exposure (IOEs) and compromise (IOCs). Quickly conduct a security assessment of AD—involved in 9 out of 10 cyberattacks.

BTA is an open-source Active Directory security audit framework.

• Analyse de la sécurité d'un Active Directory avec l'outil BTA — Joffrey Czarny, Philippe Biondi @ SSTIC :fr:.
• AD Miner - Analyse Active Directory — Emilien Vannier, Jean-Michel Besnard, Tanguy Boisset @ SSTIC :fr:.

AD Miner is an Active Directory audit tool that leverages cypher queries to crunch data from the #Bloodhound graph database to uncover security weaknesses.

ADMiner is an Active Directory audit tool that leverages cypher queries to crunch data from the BloodHound graph database (neo4j) and gives you a global overview of existing weaknesses through a web-based static report, including detailed listing, dynamic graphs, key indicators history, along with risk ratings.

• AD Miner - Analyse Active Directory — Emilien Vannier, Jean-Michel Besnard, Tanguy Boisset @ SSTIC :fr:.
• Episode #461 consacré à ADMiner avec Jean-Michel BESNARD @ NoLimitSecu :fr:.
• Not All Paths are Created Equal -- Attackers' Economy (Part 1) @ Riccardo Ancarani - Red Team Adventures.
• Graph theory to assess Active Directory : Smartest vs. Shortest Control Paths @ Jean-Michel BESNARD's LinkedIn.

Identify the accounts most vulnerable to dictionary attacks.

PassTester is a tool for finding user passwords that are most vulnerable to dictionary attacks. The aim is to prompt the users concerned to choose a more secure password.

• Comment peut-on évaluer la résistance des mots de passe utilisateurs aux attaques par dictionnaire lors d'un audit de sécurité ? @ Aurélien BOURDOIS's LinkedIn :fr:.

Input NT/LM hashes in hex format, one per line

The intention with this site is to help you get rid of easy to crack passwords. We have a huge collection of easy to break passwords that are looked up with a one-way hashed version of the password.

The ldap2json script allows you to extract the whole LDAP content of a Windows domain into a JSON file.

• Dumping your LDAP to a JSON file with ldap2json.py @ Podalirius' YouTube.

Secure infrastructure in minutes. Hardening Active Directory and Office 365.

• Harden @ GitHub.
• Hardening AD : Sécuriser vos infrastructures avec HardenAD @ Hamza Kondah's LinkedIn :fr:.
• bonnes pratiques en termes de configurations et durcissements autour de l'Active Directory @ Laurent M.'s LinkedIn :fr:.

Trying to tame the three-headed dog. Rubeus is a C# toolset for raw Kerberos interaction and abuses.

A little tool to play with Windows security.

• mimikatz @ Blog de Gentil Kiwi :fr:.
• Pass the Hash With Mimikatz: Compromise Hashes With Ease @ StationX.

BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory or Azure environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory or Azure environment.

• BloodHound @ GitHub.
• Installation de BloodHound via Docker @ IT-Connect :fr:.
• Identifiez les faiblesses de votre Active Directory avec BloodHound @ IT-Connect :fr:.

Active Directory data collector for BloodHound written in Rust. 🦀

RustHound generates users, groups, computers, OUs, GPOs, containers, and domain JSON files that can be analyzed with BloodHound.

Snaffler is a tool for pentesters and red teamers to help find delicious candy needles (creds mostly, but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment).

• Cybersécurité : les erreurs courantes de configuration réseau @ Silicon (fr).
• Analysez vos partages de fichiers Active Directory avec Snaffler pour protéger vos données @ IT-Connect :fr:.

An ADCS Exploitation Automation Tool Weaponizing Certipy and Coercer.

ADCSKiller is a Python-based tool designed to automate the process of discovering and exploiting Active Directory Certificate Services (ADCS) vulnerabilities. It leverages features of Certipy and Coercer to simplify the process of attacking ADCS infrastructure. Please note that the ADCSKiller is currently in its first drafts and will undergo further refinements and additions in future updates for sure.

#1 Active Directory security assessment community tool

Active Directory, Azure AD (now called Entra ID), and Okta vulnerabilities can give attackers virtually unrestricted access to your organization’s network and resources. Semperis built Purple Knight—a free AD, Azure AD, and Okta security assessment tool—to help you discover indicators of exposure (IoEs) and indicators of compromise (IoCs) in your hybrid AD environment. Download Purple Knight and dramatically reduce your AD attack surface today.

PowerHuntShares is an audit script designed in inventory, analyze, and report excessive privileges configured on Active Directory domains.

PowerHuntShares is PowerShell tool designed to help cybersecurity teams and penetration testers better identify, understand, attack, and remediate SMB shares in the Active Directory environments they protect.

Sources:

• Qui n'a jamais galéré dans son infrastructure AD pour retrouver les partages SMB ouverts ? @ Kondah Hamza's X :fr:.
• PowerHuntShares : Analysez facilement les partages réseau de votre domaine Active Directory @ IT-Connect :fr:.

Get Active Directory Security at 80% in 20% of the time.

PingCastle is an Active Directory vunerability and misconfiguration scanner.

PingCastle @ GitHub.

TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts.

Web interface to change and reset password in an LDAP directory. Self Service Password is a PHP application that allows users to change their password in an LDAP directory.

The application can be used on standard LDAPv3 directories (OpenLDAP, OpenDS, ApacheDS, Sun Oracle DSEE, Novell, etc.) and also on Active Directory.

LDAP Tool Box project

Because even LDAP administrators need help

FusionDirectory is only a web interface in front of Directory using LDAP v3 protocol. Thanks to this, the user only see the informations stored inside the directory not the container, attributes names or other technical informations which could complexify informations and configuration management

Resara Server Community Edition is an open source Linux domain controller and file server solution based on Samba4. It is incredibly easy-to-use and requires no Linux expertise to setup or maintain. Please download and try for yourself! Get involved!

Centrify Express is a comprehensive suite of free Active Directory-based integration solutions for authentication, single sign-on, remote access, file-sharing, monitoring The #1 Choice for Active Directory Integration and cloud security for cross-platform systems. It is the quickest and most proven solution for integrating UNIX, Linux and Mac systems with Windows, and delivers more functionality and more to upgrade to when compared to other free offerings.