Tools of The Trade
List of Tools Used in AD Penetration Testing
[PowerView](https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1)/
[SharpView](https://github.com/dmchell/SharpView)
[BloodHound](https://github.com/BloodHoundAD/BloodHound) |
[SharpHound](https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors)
[BloodHound.py](https://github.com/fox-it/BloodHound.py)
[Kerbrute](https://github.com/ropnop/kerbrute)
[Impacket toolkit](https://github.com/SecureAuthCorp/impacket)
[Responder](https://github.com/lgandx/Responder)
[Inveigh.ps1](https://github.com/Kevin-Robertson/Inveigh/blob/master/Inveigh.ps1)
[C# Inveigh (InveighZero)](https://github.com/Kevin-Robertson/Inveigh/tree/master/Inveigh)
[rpcclient](https://www.samba.org/samba/docs/current/man-html/rpcclient.1.html)
[CrackMapExec (CME)](https://github.com/byt3bl33d3r/CrackMapExec)ython
[Rubeus](https://github.com/GhostPack/Rubeus)
[GetUserSPNs.py](https://github.com/SecureAuthCorp/impacket/blob/master/examples/GetUserSPNs.py)
[Hashcat](https://hashcat.net/hashcat/)
[enum4linux](https://github.com/CiscoCXSecurity/enum4linux)
[enum4linux-ng](https://github.com/cddmp/enum4linux-ng)
[ldapsearch](https://linux.die.net/man/1/ldapsearch)
[windapsearch](https://github.com/ropnop/windapsearch)
[DomainPasswordSpray.ps1](https://github.com/dafthack/DomainPasswordSpray)
[LAPSToolkit](https://github.com/leoloobeek/LAPSToolkit)
[smbmap](https://github.com/ShawnDEvans/smbmap)
[psexec.py](https://github.com/SecureAuthCorp/impacket/blob/master/examples/psexec.py)
[wmiexec.py](https://github.com/SecureAuthCorp/impacket/blob/master/examples/wmiexec.py)
[Snaffler](https://github.com/SnaffCon/Snaffler)
[smbserver.py](https://github.com/SecureAuthCorp/impacket/blob/master/examples/smbserver.py)
[setspn.exe](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/cc731241(v=ws.11))
[Mimikatz](https://github.com/ParrotSec/mimikatz)
[secretsdump.py](https://github.com/SecureAuthCorp/impacket/blob/master/examples/secretsdump.py)
[evil-winrm](https://github.com/Hackplayers/evil-winrm)
[mssqlclient.py](https://github.com/SecureAuthCorp/impacket/blob/master/examples/mssqlclient.py)
[noPac.py](https://github.com/Ridter/noPac)
[rpcdump.py](https://github.com/SecureAuthCorp/impacket/blob/master/examples/rpcdump.py)
[Printnightmare CVE-2021-1675.py](https://github.com/cube0x0/CVE-2021-1675/blob/main/CVE-2021-1675.py)
[ntlmrelayx.py](https://github.com/SecureAuthCorp/impacket/blob/master/examples/ntlmrelayx.py)
[PetitPotam.py](https://github.com/topotam/PetitPotam)
[gettgtpkinit.py](https://github.com/dirkjanm/PKINITtools/blob/master/gettgtpkinit.py)
[getnthash.py](https://github.com/dirkjanm/PKINITtools/blob/master/getnthash.py)
[adidnsdump](https://github.com/dirkjanm/adidnsdump)
[gpp-decrypt](https://github.com/t0thkr1s/gpp-decrypt)
[GetNPUsers.py](https://github.com/SecureAuthCorp/impacket/blob/master/examples/GetNPUsers.py)
[lookupsid.py](https://github.com/SecureAuthCorp/impacket/blob/master/examples/lookupsid.py)
[ticketer.py](https://github.com/SecureAuthCorp/impacket/blob/master/examples/ticketer.py)
[raiseChild.py](https://github.com/SecureAuthCorp/impacket/blob/master/examples/raiseChild.py)
[Active Directory Explorer](https://docs.microsoft.com/en-us/sysinternals/downloads/adexplorer)
[PingCastle](https://www.pingcastle.com/documentation/)
[Group3r](https://github.com/Group3r/Group3r)
[ADRecon](https://github.com/adrecon/ADRecon)Last updated