#windows
39 posts
AccessChk
Sysinternals tool to check permissions on files, services, and registry keys for privilege escalation
BloodHound
Active Directory relationship mapping and attack path visualization tool
Certipy
Active Directory Certificate Services enumeration and exploitation tool
CrackMapExec
Swiss army knife for pentesting Windows/Active Directory environments
EfsPotato
Windows privilege escalation tool exploiting EFS service for token impersonation
Enum4linux
Linux tool for enumerating Windows/Samba shares, users, and groups via SMB
Evil-WinRM
Windows Remote Management shell for penetration testing with pass-the-hash support
impacket-GetNPUsers
AS-REP Roasting tool to extract hashes for accounts with Kerberos pre-auth disabled
impacket-GetUserSPNs
Kerberoasting tool to request and extract service ticket hashes for offline cracking
impacket-lookupsid
SID brute-forcing tool to enumerate domain users and groups via RPC
impacket-mssqlclient
MSSQL client for interacting with Microsoft SQL servers using Windows authentication
impacket-psexec
Remote command execution tool using SMB/RPC for lateral movement in Windows environments
impacket-secretsdump
Extracts credentials and secrets from Windows systems including SAM, LSA, and NTDS.dit
impacket-smbserver
Sets up a quick SMB server for file transfers during penetration testing
impacket-wmiexec
Remote command execution using WMI for stealthy lateral movement without writing to disk
InviShell
Bypasses PowerShell security features like logging and AMSI for stealthy script execution
JuicyPotato
Windows privilege escalation tool exploiting SeImpersonatePrivilege via COM server abuse
Kerbrute
Kerberos brute-forcing tool for AD username enumeration and password spraying
Mimikatz
Windows credential extraction tool for dumping passwords, hashes, and Kerberos tickets
nbtscan
NetBIOS name scanner for discovering Windows hosts and their NetBIOS information
net rpc
Samba utility for managing Windows remote resources including password changes and group membership
Netsh
Windows network configuration tool used for port forwarding and firewall management
Plink
PuTTY command-line SSH client for port forwarding and tunneling from Windows
Powercat
PowerShell implementation of netcat for reverse shells and file transfers
PowerUp
PowerShell privilege escalation tool that checks for common Windows misconfigurations
PowerUpSQL
PowerShell toolkit for attacking SQL Server instances in Active Directory environments
PowerView
PowerShell tool for Active Directory enumeration and domain reconnaissance
PrintSpoofer
Windows privilege escalation tool exploiting SeImpersonatePrivilege via print spooler
rdesktop
Open-source RDP client for connecting to Windows Remote Desktop services from Linux
Responder
LLMNR/NBT-NS/mDNS poisoner for capturing NTLMv2 hashes on the network
rpcclient
Samba RPC client for enumerating users, groups, and shares on Windows systems
Rubeus
C# Kerberos abuse toolkit for AS-REP roasting, Kerberoasting, and ticket manipulation
SharpHound
BloodHound data collector that gathers Active Directory relationship data
Shellter
Dynamic shellcode injection tool for AV evasion by injecting payloads into legitimate PE files
smbclient
SMB client for accessing and interacting with Windows file shares from Linux
SMBMap
SMB share enumeration tool for listing shares, permissions, and accessing files
Windows Exploit Suggester
Identifies potential privilege escalation vulnerabilities based on Windows systeminfo output
WinPEAS
Windows Privilege Escalation Awesome Script for automated enumeration of escalation vectors
xfreerdp
FreeRDP client for connecting to Windows Remote Desktop with pass-the-hash support