⚡ Active Directory & Kerberos
BloodHound CE
Graph-based AD attack path finder. Maps privilege escalation routes through the domain.
github.com →
Rubeus
Kerberos abuse Swiss Army knife — AS-REP Roasting, Kerberoasting, Pass-the-Ticket, S4U abuse.
github.com →
Impacket
Python collection of network protocols. secretsdump, psexec, wmiexec, GetNPUsers, DCSync and more.
github.com →
Certipy
AD Certificate Services (ADCS) attack framework. ESC1–ESC13 enumeration and exploitation.
github.com →
PKINITtools
Tools for Kerberos PKINIT abuse — UnPAC-the-hash, Shadow Credentials attacks.
github.com →
PowerView
PowerShell AD recon tool. Enumerate users, groups, ACLs, GPOs, trusts and more without RSAT.
github.com →
🔍 Enumeration & Scanning
NetExec (nxc)
Network execution tool for SMB/LDAP/MSSQL/FTP. Enumerate, spray, and dump credentials at scale.
github.com →
Nmap
Network mapper — port scanning, service detection, OS fingerprinting, and NSE scripting engine.
nmap.org →
Kerbrute
Fast Kerberos-based user enumeration and password spraying — without triggering traditional lockouts.
github.com →
Adalanche
AD attack path visualizer — alternative to BloodHound with real-time analysis and browser UI.
github.com →
💥 Exploitation
Metasploit
The world's most used penetration testing framework — exploit modules, payloads, auxiliary, post.
metasploit.com →
CrackMapExec
SMB/LDAP/MSSQL post-exploitation and lateral movement — predecessor to NetExec.
github.com →
Mimikatz
Extract plaintexts passwords, hashes, PINs, Kerberos tickets from Windows memory. Classic must-have.
github.com →
🏰 C2 & Post-Exploitation
Cobalt Strike
Commercial adversary simulation platform. Beacons, malleable C2 profiles, and team server for red ops.
cobaltstrike.com →
Empire
Post-exploitation framework with PowerShell, Python, and C# agents. Full C2 with stager generation.
github.com →
Havoc
Modern C2 framework with Demon agent — evasion-focused with sleep obfuscation and OPSEC features.
github.com →
🪄 Custom Spells (My Tools)