30 open-source projects similar to ghostpack/certify, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Certify alternative.
Rubeus is a comprehensive Kerberos attack toolkit for Active Directory environments, written in C#. It provides a full suite of operations for manipulating Kerberos tickets, exploiting delegation configurations, and performing credential attacks against Windows domains. The toolkit enables ticket extraction from logon sessions and memory, with real-time monitoring via Event Tracing for Windows. It supports forging golden and silver tickets with arbitrary privileges, as well as the creation of forged delegation contexts. Delegation attacks include abuse of constrained and unconstrained delegat
CrackMapExec is a network penetration testing framework and automated security scanner designed to assess security postures across large IP ranges. It functions as a multi-protocol security scanner and network protocol auditor used to identify vulnerabilities and misconfigurations. The tool provides capabilities for Active Directory auditing to enumerate users and permissions, as well as post-exploitation enumeration to gather system metadata and discover lateral movement paths. It includes a framework for credential spraying and harvesting across various network services. The system utilize
SpoolSample -> Responder w/NetNTLM Downgrade -> NetNTLMv1 -> NTLM -> Kerberos Silver Ticket
PowerShell toolkit for auditing Active Directory Certificate Services (AD CS).
Repo for ADACLScan.ps1 - Your number one script for ACL's in Active Directory
BloodHound is a graph-based security analysis tool designed to map trust relationships and attack vectors within Active Directory environments. It functions as an attack path mapper and risk assessment system that uses graph theory to identify hidden relationships and paths leading to high-privilege accounts. The tool specializes in network attack surface mapping and privilege escalation pathfinding. It quantifies security risks by measuring the reliability of attack paths to critical targets, allowing for the prioritization of vulnerability elimination. The system provides capabilities for
This project is an offensive security toolkit and development framework for creating memory-safe malware, network scanners, and payload generators. It provides a structured approach to developing exploits, shellcode, and remote access tools. The framework distinguishes itself through the use of no-standard-library environments to generate minimal standalone machine code and shellcode. It also supports the compilation of high-performance logic into WebAssembly for the creation of deceptive web interfaces used in social engineering. Capability areas cover automated vulnerability discovery via
This project is a curated collection of frameworks, libraries, and toolsets designed for social engineering and public data gathering. It aggregates specialized software and educational materials used to perform human-centric attacks during professional security engagements. The directory provides resources for gathering and visualizing open source intelligence to identify sensitive information leaks. It also includes a collection of methods and software for executing phishing campaigns to harvest credentials and session cookies. The repository further covers educational materials focused on
This project is a red teaming knowledge base and offensive security playbook designed to simulate adversary behavior. It serves as a comprehensive collection of technical guides and tactics for executing red team operations. The repository provides detailed instructions for Active Directory exploitation, including Kerberos abuse and domain privilege escalation. It covers defense evasion through API unhooking and payload obfuscation, as well as Windows internals research involving the manipulation of kernel objects and system memory. The capability surface extends to network penetration testi
Commando VM is a Windows-based penetration testing distribution and offensive security virtual machine. It serves as a toolset manager for deploying and maintaining a curated collection of security tools, scripts, and configurations designed for security auditing, red teaming, and adversary simulation. The project automates the provisioning of a specialized workstation by using PowerShell scripts and a modular repository to orchestrate the installation of offensive security software. It utilizes a community-driven package manager to handle dependency resolution and binary installations, ensur
GHunt is a Google account investigator and open-source intelligence framework designed to retrieve publicly available information and metadata associated with Google accounts. It functions as an OSINT data extractor and offensive security framework used to identify user identities and uncover hidden metadata. The tool extracts public profile data from various Google services and exports the findings into structured JSON formats. This allows for the collection and analysis of digital footprints to support security research and reconnaissance.
Nishang is a PowerShell-based offensive security framework designed for red teaming and penetration testing on Windows targets. It functions as a post-exploitation toolkit and payload generator to automate attacks and manage remote targets. The project provides specialized capabilities for bypassing security controls, such as disabling the Antimalware Scan Interface and employing in-memory execution to avoid disk-based detection. It includes a variety of stealthy command and control mechanisms, utilizing non-standard channels like DNS TXT records, ICMP traffic, and webmail for communication a
Tools for fingerprinting and exploiting Amazon cloud infrastructures
Enumerate the permissions associated with AWS credential set
Stormspotter creates an “attack graph” of the resources in an Azure subscription. It enables red teams and pentesters to visualize the attack surface and pivot opportunities within a tenant, and supercharges your defenders to quickly orient and prioritize incident response work.
credential dump using forshaw technique using SeTrustedCredmanAccessPrivilege
1Remote is a portable remote desktop client that manages and launches remote sessions across multiple protocols from a single unified interface. It organizes servers using a flexible tagging system and stores all configuration in structured JSON files for easy backup and transfer between machines. The application supports launching RDP, SSH, VNC, Telnet, and other remote connections, and allows users to replace default protocol handlers with custom external programs that accept command-line arguments. It includes a bulk server editor for applying uniform changes to addresses, credentials, or