10.9. Lateral movement¶

10.9.1. Domain¶

adidnsdump Active Directory Integrated DNS dump tool
BloodHound Six Degrees of Domain Admin
PlumHound Bloodhound for Blue and Purple Teams
windapsearch Python script to enumerate users, groups and computers from a Windows domain through LDAP queries
ldapdomaindump Active Directory information dumper via LDAP
Kerberoast a series of tools for attacking MS Kerberos implementations
ADRecon Active Directory Recon
Creds Some usefull Scripts and Executables for Pentest & Forensics
Lithnet Password Protection for Active Directory Active Directory password filter featuring breached password checking and custom complexity rules
ASREPRoast Project that retrieves crackable hashes from KRB5 AS-REP responses for users without kerberoast preauthentication enabled.

CDK an open-sourced container penetration toolkit, offering stable exploitation in different slimmed containers without any OS dependency

LyncSniper A tool for penetration testing Skype for Business and Lync deployments
MSOLSpray A password spraying tool for Microsoft Online accounts (Azure/O365)
MailSniper MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms

ruler A tool to abuse Exchange services
MailSniper
PrivExchange Exchange your privileges for Domain Admin privs by abusing Exchange

nbtscan NetBIOS scanning tool
SharpShares Quick and dirty binary to list network share information from all machines in the current domain and if they’re readable
WinShareEnum Windows Share Enumerator
HackBrowserData platform-wide browser data export tool

InScan Automated Penetration Tool After Boundary Dotting
fscan is a comprehensive intranet scanning tool, which is convenient for one-click automation and all-round missed scanning.