横向移动 ======================================== 域 ---------------------------------------- - `adidnsdump `_ Active Directory Integrated DNS dump tool - `BloodHound `_ Six Degrees of Domain Admin - `PlumHound `_ Bloodhound for Blue and Purple Teams - `windapsearch `_ Python script to enumerate users, groups and computers from a Windows domain through LDAP queries - `ldapdomaindump `_ Active Directory information dumper via LDAP - `Kerberoast `_ a series of tools for attacking MS Kerberos implementations - `ADRecon `_ Active Directory Recon - `Creds `_ Some usefull Scripts and Executables for Pentest & Forensics - `Lithnet Password Protection for Active Directory `_ Active Directory password filter featuring breached password checking and custom complexity rules - `ASREPRoast `_ Project that retrieves crackable hashes from KRB5 AS-REP responses for users without kerberoast preauthentication enabled. LDAP ---------------------------------------- - `SharpHound3 `_ Data Collector for the BloodHound Project 容器 ---------------------------------------- - `CDK `_ an open-sourced container penetration toolkit, offering stable exploitation in different slimmed containers without any OS dependency 微软系产品利用 ---------------------------------------- - `LyncSniper `_ A tool for penetration testing Skype for Business and Lync deployments - `MSOLSpray `_ A password spraying tool for Microsoft Online accounts (Azure/O365) - `MailSniper `_ MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms Azure AD ---------------------------------------- - `ROADtools `_ Azure AD exploration framework Exchange ---------------------------------------- - `ruler `_ A tool to abuse Exchange services - `MailSniper `_ - `PrivExchange `_ Exchange your privileges for Domain Admin privs by abusing Exchange PowerShell ---------------------------------------- - `PowerShellMafia `_ 内网信息收集 ---------------------------------------- - `nbtscan `_ NetBIOS scanning tool - `SharpShares `_ Quick and dirty binary to list network share information from all machines in the current domain and if they're readable - `WinShareEnum `_ Windows Share Enumerator - `HackBrowserData `_ 全平台的浏览器数据导出工具 Kerberos ---------------------------------------- - `Rubeus `_ - `kerbrute `_ A tool to perform Kerberos pre-auth bruteforcing - `kerberoast `_ A series of tools for attacking MS Kerberos implementations 自动化审计 ---------------------------------------- - `Infection Monkey `_ Data center Security Testing Tool 绕过 ---------------------------------------- - `SysWhispers `_ AV/EDR evasion via direct system calls - `SysWhispers2 `_ AV/EDR evasion via direct system calls - `Dumpert `_ LSASS memory dumper using direct system calls and API unhooking 内网扫描 ---------------------------------------- - `InScan `_ 边界打点后的自动化渗透工具 - `fscan `_ 一款内网综合扫描工具,方便一键自动化、全方位漏扫扫描。