| 3proxy-win32 |
0.8.13 |
Tiny free proxy server. |
|
| adape-script |
43.4d0b9ff |
Active Directory Assessment and Privilege Escalation Script. |
|
| adpeas |
1.3.0.r14.gbda3e0c |
winPEAS, but for Active Directory. |
|
| agafi |
1.1 |
A gadget finder and a ROP-Chainer tool for x86 platforms. |
|
| analyzepesig |
0.0.0.5 |
Analyze digital signature of PE file. |
|
| antiransom |
5 |
A tool capable of detect and stop attacks of Ransomware using honeypots. |
|
| atstaketools |
0.1 |
This is an archive of various @Stake tools that help perform vulnerability scanning and analysis, information gathering, password auditing, and forensics. |
|
| backorifice |
1.0 |
A remote administration system which allows a user to control a computer across a tcpip connection using a simple console or GUI application. |
|
| breads |
131.2d97bcc |
BREaking Active Directory Security; focused on enumerating and attacking Active Directory environments through LDAP and SMB protocols. |
|
| browselist |
1.4 |
Retrieves the browse list ; the output list contains computer names, and the roles they play in the network. |
|
| brute12 |
1 |
A tool designed for auditing the cryptography container security in PKCS12 format. |
|
| brutus |
2 |
One of the fastest, most flexible remote password crackers you can get your hands on. |
|
| cachedump |
1.1 |
A tool that demonstrates how to recover cache entry information: username and hashed password (called MSCASH). |
|
| certi |
6.6cfa656 |
Active Directory Certificate Services (ADCS) abuser. impacket copy of Certify. |
|
| certipy |
5.0.3.r14.ga80fe7c |
Active Directory Certificate Services enumeration and abuse. |
|
| chrome-decode |
0.1 |
Chrome web browser decoder tool that demonstrates recovering passwords. |
|
| chromensics |
1.0 |
A Google chrome forensics tool. |
|
| conpass |
0.1.1 |
Password spraying in AD environment avoing account locking. |
|
| crackmapexec-pingcastle |
9.16340d2 |
NetExec & CrackMapExec module that execute PingCastle on a remote machine. |
|
| dark-dork-searcher |
1.0 |
Dark-Dork Searcher. |
|
| darkarmour |
4.f10228a |
Store and execute an encrypted windows binary from inside memory, without a single bit touching disk. |
|
| de4dot |
2090.b7d5728 |
.NET deobfuscator and unpacker. |
|
| de4dotex |
3.2.3.r0.g3355328 |
.NET deobfuscator and unpacker. |
|
| directorytraversalscan |
1.0.1.0 |
Detect directory traversal vulnerabilities in HTTP servers and web applications. |
|
| dnspy |
6.1.8 |
.NET debugger and assembly editor. |
|
| donpapi |
V1.2.0.r40.g61db37a |
Dumping revelant information on compromised targets without AV detection with DPAPI. |
|
| dotpeek |
2021.3.3 |
Free .NET Decompiler and Assembly Browser. |
|
| dumpacl |
0.1 |
Dumps NTs ACLs and audit settings. |
|
| dumpusers |
1.0 |
Dumps account names and information even though RestrictAnonymous has been set to 1. |
|
| eraser |
6.2.0.2992 |
Windows tool which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns. |
|
| etherchange |
1.1 |
Can change the Ethernet address of the network adapters in Windows. |
|
| etherflood |
1.1 |
Floods a switched network with Ethernet frames with random hardware addresses. |
|
| extractbitlockerkeys |
1.2.r19.g524c128 |
Script to automatically extract the bitlocker recovery keys from a domain. |
|
| filefuzz |
1.0 |
A binary file fuzzer for Windows with several options. |
|
| finduncommonshares |
3.2.r10.g665eb4c |
Python script allowing to quickly find uncommon shares in vast Windows Domains. |
|
| fport |
2.0 |
Identify unknown open ports and their associated applications. |
|
| fred |
0.1.1 |
Cross-platform M$ registry hive editor. |
|
| fuzztalk |
1.0.0.0 |
An XML driven fuzz testing framework that emphasizes easy extensibility and reusability. |
|
| gene |
78.faf8cc0 |
Signature Engine for Windows Event Logs. |
|
| ghostpack |
123.20a5f0a |
Compiled Binaries for Ghostpack (.NET v4.8.1). |
|
| gplist |
1.0 |
Lists information about the applied Group Policies. |
|
| gpowned |
19.a85bcf6 |
GPOs manipulation tool. |
|
| grabitall |
1.1 |
Performs traffic redirection by sending spoofed ARP replies. |
|
| gsd |
1.1 |
Gives you the Discretionary Access Control List of any Windows NT service you specify as a command line option. |
|
| gtalk-decode |
0.1 |
Google Talk decoder tool that demonstrates recovering passwords from accounts. |
|
| handle |
0.1 |
An small application designed to analyze your system searching for global objects related to running process and display information for every found object, like tokens, semaphores, ports, files,.. |
|
| hekatomb |
107.bdd53cf |
Extract and decrypt all credentials from all domain computers using DPAPI. |
|
| hollows-hunter |
0.4.1.1 |
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches). |
|
| hookanalyser |
3.4 |
A hook tool which can be potentially helpful in reversing applications and analyzing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer. |
|
| httpbog |
1.0.0.0 |
A slow HTTP denial-of-service tool that works similarly to other attacks, but rather than leveraging request headers or POST data Bog consumes sockets by slowly reading responses. |
|
| httprecon |
7.3 |
Tool for web server fingerprinting, also known as http fingerprinting. |
|
| httprint-win32 |
301 |
A web server fingerprinting tool (Windows binaries). |
|
| hyperion-crypter |
2.3.1 |
A runtime encrypter for 32-bit and 64-bit portable executables. |
|
| ikeprobe |
0.1 |
Determine vulnerabilities in the PSK implementation of the VPN server. |
|
| intercepter-ng |
1.0 |
A next generation sniffer including a lot of features: capturing passwords/hashes, sniffing chat messages, performing man-in-the-middle attacks, etc. |
|
| inzider |
1.2 |
This is a tool that lists processes in your Windows system and the ports each one listen on. |
|
| juicy-potato |
53.744d321 |
A sugared version of RottenPotatoNG, with a bit of juice. |
|
| justdecompile |
22018 |
The decompilation engine of JustDecompile. |
|
| kekeo |
2.2.0_20211214 |
A little toolbox to play with Microsoft Kerberos in C. |
|
| kerbcrack |
1.3d3 |
Kerberos sniffer and cracker for Windows. |
|
| klogger |
1.0 |
A keystroke logger for the NT-series of Windows. |
|
| ldapmonitor |
1.4.r12.g498e048 |
Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration! |
|
| lethalhta |
2.5602402 |
Lateral Movement technique using DCOM and HTA. |
|
| lolbas |
192.d148d27 |
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts). |
|
| malwareanalyser |
3.3 |
A freeware tool to perform static and dynamic analysis on malware. |
|
| mbenum |
1.5.0 |
Queries the master browser for whatever information it has registered. |
|
| memimager |
1.0 |
Performs a memory dump using NtSystemDebugControl. |
|
| mimikatz |
2.2.0_20220919 |
A little tool to play with Windows security. |
|
| mingsweeper |
1.00 |
A network reconnaissance tool designed to facilitate large address space,high speed node discovery and identification. |
|
| modifycerttemplate |
7.4c35708 |
Aid operators in modifying ADCS certificate templates so that a created vulnerable state can be leveraged for privilege escalation. |
|
| mrkaplan |
1.1.1 |
Help red teamers to stay hidden by clearing evidence of execution. |
|
| mssqlrelay |
11.bd764b9 |
Microsoft SQL Relay is an offensive tool for auditing and abusing Microsoft SQL (MSSQL) services. |
|
| msvpwn |
65.328921b |
Bypass Windows' authentication via binary patching. |
|
| nbname |
1.0 |
Decodes and displays all NetBIOS name packets it receives on UDP port 137 and more! |
|
| nbtenum |
3.3 |
A utility for Windows that can be used to enumerate NetBIOS information from one host or a range of hosts. |
|
| netbus |
1.6 |
NetBus remote administration tool |
|
| netexec-pingcastle |
9.16340d2 |
NetExec & CrackMapExec module that execute PingCastle on a remote machine. |
|
| netripper |
84.c763bd0 |
Smart traffic sniffing for penetration testers. |
|
| netstumbler |
0.4.0 |
Well-known wireless AP scanner and sniffer. |
|
| nirsoft |
1.23.30 |
Unique collection of small and useful freeware utilities. |
|
| nishang |
0.7.6 |
Using PowerShell for Penetration Testing. |
|
| ntds-decode |
0.1 |
This application dumps LM and NTLM hashes from active accounts stored in an Active Directory database. |
|
| orakelcrackert |
1.00 |
This tool can crack passwords which are encrypted using Oracle's latest SHA1 based password protection algorithm. |
|
| osslsigncode |
699.c23f92c |
A small tool that implements part of the functionality of the Microsoft tool signtool.exe. |
|
| pafish |
193.b497899 |
A demonstration tool that employs several techniques to detect sandboxes and analysis environments in the same way as malware families do. |
|
| pe-bear |
0.7.1 |
A freeware reversing tool for PE files. |
|
| pe-sieve |
0.4.1.1 |
Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches). |
|
| periscope |
3.2 |
A PE file inspection tool. |
|
| petools |
1.9.762 |
Portable executable (PE) manipulation toolkit. |
|
| pextractor |
0.18b |
A forensics tool that can extract all files from an executable file created by a joiner or similar. |
|
| php-vulnerability-hunter |
1.4.0.20 |
An whitebox fuzz testing tool capable of detected several classes of vulnerabilities in PHP web applications. |
|
| pingcastle |
3.4.1.38 |
Active Directory scanning tool. |
|
| pmap |
1.10 |
Passively discover, scan, and fingerprint link-local peers by the background noise they generate (i.e. their broadcast and multicast traffic). |
|
| pmdump |
1.2 |
A tool that lets you dump the memory contents of a process to a file without stopping the process. |
|
| powercloud |
21.0928303 |
Deliver powershell payloads via DNS TXT via CloudFlare using PowerShell. |
|
| powerlessshell |
115.2a87166 |
Run PowerShell command without invoking powershell.exe. |
|
| powerops |
32.13fe55b |
PowerShell Runspace Portable Post Exploitation Tool aimed at making Penetration Testing with PowerShell "easier". |
|
| powershdll |
72.62cfa17 |
Run PowerShell with rundll32. Bypass software restrictions. |
|
| ppee |
1.12 |
A Professional PE file Explorer for reversers, malware researchers and those who want to statically inspect PE files in more details. |
|
| pre2k |
24.ff51b3b |
Query for existence of pre-windows 2000 computer objects which can be leveraged to gain a foothold in a target domain. |
|
| promiscdetect |
1.0 |
Checks if your network adapter(s) is running in promiscuous mode, which may be a sign that you have a sniffer running on your computer. |
|
| pstoreview |
1.0 |
Lists the contents of the Protected Storage. |
|
| pwdump |
7.1 |
Extracts the binary SAM and SYSTEM file from the filesystem and then the hashes. |
|
| pygpoabuse |
34.107c348 |
RCE via GPO scheduled tasks. |
|
| python2-minidump |
19.749e6da |
Python library to parse and read Microsoft minidump file format. |
|
| python2-minikerberos |
17.e7e8d0a |
Kerberos manipulation library in pure Python. |
|
| radiography |
2 |
A forensic tool which grabs as much information as possible from a Windows system. |
|
| rasenum |
1.0 |
A small program which lists the information for all of the entries in any phonebook file (.pbk). |
|
| regreport |
1.6 |
Windows registry forensic analysis tool. |
|
| regview |
1.3 |
Open raw Windows NT 5 Registry files (Windows 2000 or higher). |
|
| resourcehacker |
5.1.8 |
Resource compiler and decompiler for Windows® applications. |
|
| roadlib |
433.128627b |
Azure AD and O365 exploration framework. |
|
| roadoidc |
433.128627b |
Azure AD and O365 exploration framework. |
|
| roadrecon |
433.128627b |
Azure AD and O365 exploration framework. |
|
| roadtx |
433.128627b |
Azure AD and O365 exploration framework. |
|
| rpak |
1.0 |
A collection of tools that can be useful for doing attacks on routing protocols. |
|
| rpcsniffer |
7.9fab095 |
Sniffs WINDOWS RPC messages in a given RPC server process. |
|
| rpctools |
1.0 |
Contains three separate tools for obtaining information from a system that is running RPC services |
|
| sccmhunter |
v1.1.10.r3.gaa9fa44 |
Identifying, profiling, and attacking SCCM related assets in an Active Directory domain. |
|
| setowner |
1.1 |
Allows you to set file ownership to any account, as long as you have the "Restore files and directories" user right. |
|
| shad0w |
387.d35b9dc |
A modular C2 framework designed to successfully operate on mature environments. |
|
| shed |
2.0.0 |
.NET runtime inspector. |
|
| sigspotter |
1.0 |
A tool that search in your HD to find which publishers has been signed binaries in your PC. |
|
| sipscan |
0.1 |
A sip scanner. |
|
| skype-dump |
0.1 |
This is a tool that demonstrates dumping MD5 password hashes from the configuration file in Skype. |
|
| smbrelay |
3 |
SMB / HTTP to SMB replay attack toolkit. |
|
| snitch |
1.2 |
Turn back the asterisks in password fields to plaintext passwords. |
|
| snowman |
0.1.3 |
A native code to C/C++ decompiler, see the examples of generated code. |
|
| snscan |
1.05 |
A Windows based SNMP detection utility that can quickly and accurately identify SNMP enabled devices on a network. |
|
| spade |
114 |
A general-purpose Internet utility package, with some extra features to help in tracing the source of spam and other forms of Internet harassment. |
|
| sqldict |
2.1 |
A dictionary attack tool for SQL Server. |
|
| sqlping |
4 |
SQL Server scanning tool that also checks for weak passwords using wordlists. |
|
| sqlpowerinjector |
1.2 |
Application created in .Net 1.1 that helps the penetration tester to find and exploit SQL injections on a web page. |
|
| streamfinder |
1.2 |
Searches for Alternate Data Streams (ADS). |
|
| sub7 |
2.2 |
A remote administration tool. No further comments ;-) |
|
| superscan |
4.1 |
Powerful TCP port scanner, pinger, resolver. |
|
| sysinternals-suite |
6.4 |
Sysinternals tools suite. |
|
| targetedkerberoast |
27.ebed079 |
Kerberoast with ACL abuse capabilities. |
|
| uacme |
295.43d1b12 |
Defeating Windows User Account Control. |
|
| unsecure |
1.2 |
Bruteforces network login masks. |
|
| upnp-pentest-toolkit |
1.1 |
UPnP Pentest Toolkit for Windows. |
|
| wce |
1.41beta |
A security tool to list logon sessions and add, change, list and delete associated credentials (ex.: LM/NT hashes, plaintext passwords and Kerberos tickets). |
|
| wifichannelmonitor |
1.70 |
A utility for Windows that captures wifi traffic on the channel you choose, using Microsoft Network Monitor capture driver. |
|
| windivert |
2.2.0 |
A user-mode packet capture-and-divert package for Windows. |
|
| windows-binaries |
20.7d272da |
A colleciton of pentesting Windows binaries. |
|
| windows-privesc-check |
181.9f304fd |
Standalone Executable to Check for Simple Privilege Escalation Vectors on Windows Systems. |
|
| windowsspyblocker |
4.38.0 |
Block spying and tracking on Windows. |
|
| winfo |
2.0 |
Uses null sessions to remotely try to retrieve lists of and information about user accounts, workstation/interdomain/server trust accounts, shares (also hidden), sessions, logged in users, and password/lockout policy, from Windows NT/2000/XP. |
|
| winhex |
20.4 |
Hex Editor and Disk Editor. |
|
| winpwn |
411.cba1769 |
Automation for internal Windows Penetrationtest / AD-Security. |
|
| winrelay |
2.0 |
A TCP/UDP forwarder/redirector that works with both IPv4 and IPv6. |
|
| wpsweep |
1.0 |
A simple ping sweeper, that is, it pings a range of IP addresses and lists the ones that reply. |
|
| wups |
1.4 |
An UDP port scanner for Windows. |
|
| x-scan |
3.3 |
A general network vulnerabilities scanner for scanning network vulnerabilities for specific IP address scope or stand-alone computer by multi-threading method, plug-ins are supportable. |
|
| x64dbg |
2025.07.04 |
An open-source x64/x32 debugger for windows. |
|