Leo4j

Amnesiac

Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with lateral movement within Active Directory environments

Invoke-ADEnum

Automate Active Directory Enumeration

Invoke-SessionHunter

Retrieve and display information about active user sessions on remote computers. No admin privileges required.

Invoke-SMBRemoting

Interactive Shell and Command Execution over Named-Pipes (SMB)

Find-LocalAdminAccess

Check the Domain for Local Admin Access

JRecon

A tool to automate Active Directory Enumeration

Invoke-WMIRemoting

Command Execution or Pseudo-Shell over WMI

Token-Impersonation

Make or Steal a Token

CheckSMBSigning

Checks for SMB signing disabled on all hosts in the network

Tools

Invoke-RunAsSystem

A simple script to elevate current session to SYSTEM (needs to be run as Administrator)

Invoke-s4u2self

A tool that abuses s4u2self to gain access to remote hosts

Invoke-ShadowHunter

Automate accounts takeover by abusing GenericWrite/GenericAll rights to add Shadow Credentials

JMove

Lateral Movement within Windows environments

PassSpray

Domain Password Spray

Invoke-GrabTheHash

Get the NTLM Hash for the User or Machine Account TGT held in your current session

Invoke-ShareHunter

Enumerate the Domain for Readable and Writable Shares

JBreach

CheckWebDAVStatus

Checks for WebDAV Service Status Enabled on all hosts in the network

PsMapExec

A PowerShell tool that takes strong inspiration from CrackMapExec.

TGT_Monitor

Monitor for TGTs

Validate-Credentials

Validate Domain Credentials

File-Server

A simple TCP file server

Ask4Creds

Prompt User for credentials