First public release.
passwolf is a single console command — passwolf change, passwolf reset, and passwolf policy — that implements every documented and undocumented Windows method for changing or resetting an Active Directory account password or hash over SAMR, Netlogon, LSA, Kerberos kpasswd, and LDAP, and for reading the effective password policy.
Highlights:
- The AES SAMR change (opnum 73) and AES cleartext reset info levels (UserInternal7) that impacket lacks and that a Windows Server 2025 DC requires.
- Strict change-versus-reset separation, pass-the-hash, Kerberos bind (
-k), and the LDAP path over sealed 389 without an LDAPS certificate. - Precise NTSTATUS decoding with text, JSON, and rich output formats.
Validated live against Windows Server 2022 (build 20348) and Server 2025 (build 26100).
Install: uv tool install git+https://github.com/StrongWind1/PassWolf
Docs: https://strongwind1.github.io/PassWolf/