Tools which we need for AD Enum and escalating it
- PowerView/SharpView :-
- BlodHound :- GUI to get more details about the users and how to enumerate further
- SharpHound :- GUI to get more details about the users and how to enumerate further
- BloodHound.py :- Python version for BloodHound
- Kerbrute :- Written in Go that uses Kerberos Pre-Authentication to enumerate Active Directory accounts, perform password spraying, and brute-forcing.
- Impacket toolkit :- Tools written in Python for interacting with network protocols. The suite of tools contains various scripts for enumerating and attacking Active Directory.
- Responder :- Responder is a purpose-built tool to poison LLMNR, NBT-NS, and MDNS, with many different functions.
- Inveigh.ps1 :- PowerShell tool for performing various network spoofing and poisoning attacks.
- C# Inveigh (InveighZero) :- The C# version of Inveigh with a semi-interactive console for interacting with captured data such as username and password hashes
- rpcinfo
- rpcclient
- CrackMapExec (CME)
- Rubeus
- GetUserSPNs.py
- Hashcat
- enum4linux
- enum4linux-ng
- ldapsearch
- windapsearch
- DomainPasswordSpray.ps1
- LAPSToolkit
- smbmap
- psexec.py
- wmiexec.py
- Snaffler
- smbserver.py
- setspn.exe
- Mimikatz
- secretsdump.py
- evil-winrm
- mssqlclient.py
- noPac.py
- rpcdump.py
- CVE-2021-1675.py
- ntlmrelayx.py
- PetitPotam.py
- gettgtpkinit.py
- getnthash.py
- adidnsdump
- gpp-decrypt
- GetNPUsers.py
- lookupsid.py
- ticketer.py
- raiseChild.py
- Active Directory Explorer
- PingCastle
- Group3r
- ADRecon