#windows

hoaxshell
sponsor
hoaxshell

Windows reverse shell payload generator and handler that abuses the http(s) protocol.

Watson
Watson

Enumerate missing KBs and suggest exploits for useful privilege escalation vulnerabilities.

Donut
Donut

Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files.

Seatbelt
Seatbelt

Performs security oriented safety checks relevant from offensive/defensive security perspectives.

Invoke-ACLPwn
Invoke-ACLPwn

Automates the discovery and pwnage of ACLs in Active Directory that are unsafe configure.

LocalPotato
LocalPotato

Another local Windows privilege escalation using a new potato technique.

Moriarty
Moriarty

Designed to enumerate missing KBs, detect various vulnerabilities, and suggest potential.

ShuckNT
ShuckNT

Dowgrade, convert, dissect and shuck authentication token based on Data Encryption Standard.

WinFiHack
WinFiHack

Windows WiFi brute forcing utility without the requirement of external dependencies.

Quasar
Quasar

Remote administration tool for Windows.

pupy
pupy

Opensource, cross-platform C2 and post-exploitation framework written in python and C.

WinPmem
WinPmem

The Windows memory acquisition tool.

SharPersist
SharPersist

Windows persistence toolkit written in C#.

Commando VM
Commando VM

Fully customizable Windows-based pentesting virtual machine distribution.

HEKATOMB
HEKATOMB

Connects to LDAP directory to retrieve all computers and users informations.

Certipy
Certipy

Active Directory Certificate Services enumeration and abuse.

evil-winrm
evil-winrm

The ultimate WinRM shell for hacking/pentesting.

HardeningKitty
HardeningKitty

Checks and hardens your Windows configuration.

PersistenceSniper
PersistenceSniper

Hunt persistences implanted in Windows machines.

Locksmith
Locksmith

Detect and fix common misconfigurations in Active Directory Certificate Services.

RustHound
RustHound

Active Directory data collector for BloodHound written in Rust.

spraykatz
spraykatz

Credentials gathering tool automating remote procdump and parse of lsass process.

WINspect
WINspect

Powershell-based Windows security auditing toolbox.

BloodHound
BloodHound

Six Degrees of Domain Admin.

MobSF
MobSF

All-in-one mobile application pentesting, malware analysis and security assessment framework.

ctftool
ctftool

Interactive CTF exploration tool.

Prenum
Prenum

The perils of the pre-Windows 2000 compatible access group in a Windows domain.

LOLBAS
LOLBAS

Living Off The Land Binaries, Scripts and Libraries.

RegStrike
RegStrike

RegStrike is a .reg payload generator.

HTTP-revshell
HTTP-revshell

Powershell reverse shell using HTTP/S protocol with AMSI bypass and Proxy Aware.

enum4linux-ng
enum4linux-ng

A Windows/Samba enumeration tool with additional features like JSON/YAML export.

DripLoader
DripLoader

Evasive shellcode loader for bypassing injection detection.

Hash Muncher
Hash Muncher

Grab NetNTLMv2 hashes using ETW with administrative rights on Windows.

Invoke-ADEnum
Invoke-ADEnum

Automate Active Directory Enumeration using PowerView.

NanoDump
NanoDump

A flexible tool that creates a minidump of the LSASS process.

GodPotato
GodPotato

Privilege escalation tool for Windows.

LDAP Password Hunter
LDAP Password Hunter

Password Hunter in active directory.

mimikittenz
mimikittenz

A post-exploitation powershell tool for extracting juicy info from memory.

FindUncommonShares
FindUncommonShares

Quickly find uncommon shares in vast Windows domains.

Invoke-TmpDavFS
Invoke-TmpDavFS

Memory Backed Powershell WebDav Server.

PowerShdll
PowerShdll

Run PowerShell with rundll32 in order to bypass software restrictions.

PSByPassCLM
PSByPassCLM

Bypass for PowerShell Constrained Language Mode.

Invoke-BSOD
Invoke-BSOD

For when you want a computer to be done - without admin!.

Invoke-WCMDump
Invoke-WCMDump

PowerShell script to dump Windows credentials from the Credential Manager.

windows-privesc-check
windows-privesc-check

Standalone executable to check for simple privilege escalation vectors.

PowerSploit
PowerSploit

A PowerShell Post-Exploitation Framework.

WMEye
WMEye

Post exploitation tool that uses WMI event filter and MSBuild execution for lateral movement.

NTLMRecon
NTLMRecon

Enumerate information from NTLM authentication enabled web endpoints.

WinPwnage
WinPwnage

UAC bypass, Elevate, Persistence methods.

PipeViewer
PipeViewer

A tool that shows detailed information about named pipes in Windows.

ADRecon
ADRecon

Gather information about the Active Directory and generates a report.

UserEnum
UserEnum

Domain user enumeration tool.

pypykatz
pypykatz

Mimikatz implementation in pure Python.

Responder
Responder

Responder is a LLMNR, NBT-NS and MDNS poisoner.

Snaffler
Snaffler

A tool to help at finding delicious candy needles in a bunch of horrible boring haystacks.

RidRelay
RidRelay

Enumerate usernames on a domain where you have no creds by using SMB relay.

jackdaw
jackdaw

Gather gather gather.

enum4Linux
enum4Linux

Enumerate data from Windows and Samba hosts.

ShadowSpray
ShadowSpray

Spray shadow credentials across an entire domain.

RDP Scraper
RDP Scraper

Enumerates users based off RDP Screenshots.

l0phtcrack
l0phtcrack

Crack Windows passwords from hashes.

mimikatz
mimikatz

A little tool to play with Windows security.

Ophcrack
Ophcrack

Windows password cracker based on rainbow tables.

Cain and Abel
Cain and Abel

Password recovery tool for Microsoft Operating Systems.

mssqlproxy
mssqlproxy

Perform lateral movement in restricted environments through a compromised MSSQL Server.

windows-kernel-exploits
windows-kernel-exploits

A list of Windows kernel exploits.

WES-NG
WES-NG

Windows Exploit Suggester - Next Generation.

Windows Exploit Suggester
Windows Exploit Suggester

Compares target patch levels against the Microsoft vulnerability DB to detect missing patches.

WinPwn
WinPwn

Automation for internal Windows pentest / AD-Security.

SharpImpersonation
SharpImpersonation

A User Impersonation tool - via Token or Shellcode injection.

ADRT
ADRT

Active Directory Report Tool.

SweetPotato
SweetPotato

A collection of various Windows privilege escalation techniques from service accounts to SYSTEM.

SharpHose
SharpHose

Asynchronous password spraying tool for Windows environments.

windapsearch
windapsearch

Enumerate users, groups and computers from a Windows domain through LDAP queries.

Rubeus
Rubeus

Rubeus is a toolkit for Kerberos interaction and abuses.

linWinPwn
linWinPwn

Automates a number of Active Directory enumeration and vulnerability.

Coercer
Coercer

Automatically coerce a Windows server to authenticate on an arbitrary machine.

SQLRecon
SQLRecon

A C# MS-SQL toolkit designed for offensive reconnaissance and post-exploitation.

PEASS-ng
PEASS-ng

Privilege Escalation Awesome Scripts SUITE.

Burp NTLM Challenge Decoder
Burp NTLM Challenge Decoder

Burp extension to decode NTLM SSP headers and extract domain/host information.

msldap
msldap

LDAP library for auditing Microsoft Active Directory.

ADAPE Script
ADAPE Script

Active Directory assessment and privilege escalation script.

SSH PuTTY login bruteforcer
SSH PuTTY login bruteforcer

A wrapper script which uses PuTTY to perform SSH login bruteforce attacks.

SMBploit
SMBploit

Offensive tool to scan & exploit vulnerabilities in Windows over SMB using Metasploit.

ADReaper
ADReaper

Enumerate an Active Directory environment with LDAP queries.

ADenum
ADenum

Find misconfiguration through LDAP to exploit weaknesses with Kerberos.