A curated toolkit of utilities, executables, PowerShell scripts, DLLs, and reference notes gathered to support Active Directory research, red teaming lab work, and defensive testing in isolated environments.
This repository contains offensive security tools and potentially dangerous binaries. Use only in environments you own or where you have explicit written authorization. Do not run these tools on production systems, customer networks, or any environment where you lack permission. Follow all applicable laws, organizational policies, and responsible disclosure practices.
Run everything in a safe, isolated lab (e.g., air-gapped VMs, snapshots you can revert) and verify file integrity (hashes, vendor/source) before execution.
- dlls/
- libeay32.dll
- PowerShdll_x64.dll
- PowerShdll_x86.dll
- SeBackupPrivilegeCmdLets.dll
- SeBackupPrivilegeUtils.dll
- ssleay32.dll
- EXE/
- BetterSafetyKatz.exe
- bypass-clm.exe
- DefenderSwitch.exe
- Farmer.exe
- Fertiliser.exe
- GoldenGMSA.exe
- HarvestCrop.exe
- Hello.exe
- Hello_Bypass.exe
- hfs.exe
- LaZagne.exe
- Loader.exe
- MDE_Enum.exe
- mimidrv.sys
- mimikatz.exe
- mimilib.dll
- MS-RPRN.exe
- nc64.exe
- NimExec.exe
- Power_Bypass.exe
- RawCopy.exe
- RawCopy64.exe
- Rubeus.exe
- SafetyKatz.exe
- SandboxDefender.exe
- sessionresume_eqkwLQWs
- sqlcmd.exe
- SQLRecon.exe
- Sysmon.exe
- Sysmon64.exe
- Transcription_Bypass.exe
- Watson.exe
- Whisker.exe
- PowerShell/
- ADACLScan.ps1
- adconnect.ps1
- ASREPRoast.ps1
- CIPolicyParser.ps1
- defender.ps1
- DomainPasswordSpray.ps1
- EnableAllTokenPrivs.ps1
- Envrandomizer.ps1
- ExpandDefenderSig.ps1
- Find-PSRemotingLocalAdminAccess.ps1
- Find-WMILocalAdminAccess.ps1
- Get-LAPSPermissions.ps1
- Get-MSSQLLinkPasswords.psm1
- Import-ActiveDirectory.ps1
- Inveigh.ps1
- Invoke-ADSDPropagation.ps1
- Invoke-DCSync.ps1
- Invoke-EDRChecker.ps1
- Invoke-Encode.ps1
- Invoke-GMSAPasswordReader.ps1
- Invoke-HoneypotBuster.ps1
- Invoke-Mimi.ps1
- Invoke-Mimikatz.ps1
- Invoke-Mimikatz_old.ps1
- Invoke-noPac.ps1
- Invoke-Phant0m.ps1
- Invoke-PowerShellTcp.ps1
- Invoke-PowerShellTcpEx.ps1
- Invoke-PowerShellTcpOneLine.ps1
- Invoke-PowerShellTcp_Old.ps1
- Invoke-SDPropagator.ps1
- Invoke-SDPropagator.ps1.1
- Invoke-SessionHunter.ps1
- Invoke-SharpDPAPI.ps1
- Invoke-SqlServer-Persist-StartupSp.psm1
- jaws-enum.ps1
- Nikhil_rev.ps1
- Old_PowerView.ps1
- powercat.ps1
- PowerGPOAbuse.ps1
- Powermad.ps1
- PowerUpSQL.ps1
- PowerUp_Old.ps1
- PowerView.ps1
- Pre2kSpray.ps1
- PrivescCheck.ps1
- PSUpload.ps1
- RACE.ps1
- ServerUntrustAccount.ps1
- SessionGopher.ps1
- Set-DCShadowPermissions.ps1
- Set-TokenPrivilege.ps1
- SharpHound.ps1
- winPEAS.ps1
- Python/
- addcomputer.py
- atexec.py
- attrib.py
- badsuccessor.py
- changepasswd.py
- dacledit.py
- dcomexec.py
- describeTicket.py
- dpapi.py
- DumpNTLMInfo.py
- esentutl.py
- exchanger.py
- fgpp.py
- filetime.py
- findDelegation.py
- Get-GPPPassword.py
- GetADComputers.py
- GetADUsers.py
- getArch.py
- GetLAPSPassword.py
- GetNPUsers.py
- getnthash.py
- getPac.py
- gets4uticket.py
- getST.py
- getTGT.py
- gettgtpkinit.py
- GetUserSPNs.py
- goldenPac.py
- httpattack.py
- karmaSMB.py
- keylistattack.py
- kintercept.py
- lookupsid.py
- machine_role.py
- mimikatz.py
- mqtt_check.py
- mssqlclient.py
- mssqlinstance.py
- net.py
- netview.py
- ntfs-read.py
- ntlmrelayx.py
- owneredit.py
- ping.py
- ping6.py
- psexec.py
- pywhisker.py
- raiseChild.py
- rbcd.py
- rdp_check.py
- reg.py
- registry-read.py
- regsecrets.py
- renameMachine.py
- rpcdump.py
- rpcmap.py
- sambaPipe.py
- samrdump.py
- secretsdump.py
- services.py
- smbclient.py
- smbexec.py
- smbserver.py
- sniff.py
- sniffer.py
- split.py
- ticketConverter.py
- ticketer.py
- tstool.py
- wmiexec.py
- wmipersist.py
- wmiquery.py
- txt/
- Amsi.txt
- sbloggingbypass.txt
- Research & learning: quick access to binaries and scripts commonly referenced in AD research and red-team demos.
- Lab work: reproduce scenarios in isolated test domains to learn detection and mitigation.
- Defensive development: defenders can use these artifacts (in a safe lab) to validate detections, telemetry, and alerting logic.
This repository is provided AS IS for research, education, and defensive testing only. The maintainers are not responsible for misuse. By using these materials you agree to comply with applicable laws and ethical guidelines. Consider adding a specific license file (e.g., MIT, or a responsible-use / prohibited-use clause) that matches your intent.