Internal Pentest Tools
A comprehensive list of tools used for Active Directory attacks, lateral movement, and privilege escalation.
Impacket
ExploitationA collection of Python classes for working with network protocols. Essential for AD attacks (secretsdump, psexec, wmiexec).
Installation
pip install impacketpip install impacketBloodHound
ReconnaissanceUses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment.
Installation
# Download from GitHub# Download from GitHubCrackMapExec
Post-ExploitationA swiss army knife for pentesting networks. Enumerates logged on users, spiders SMB shares, executes psexec, and more.
Installation
pip install crackmapexecpip install crackmapexecResponder
Man-in-the-MiddleA LLMNR, NBT-NS and MDNS poisoner. It will answer to specific NBT-NS (NetBIOS Name Service) queries based on their name suffix.
Installation
git clone https://github.com/lgandx/Respondergit clone https://github.com/lgandx/ResponderMimikatz
Credential DumpingA tool to extract plaintexts passwords, hash, PIN code and kerberos tickets from memory.
Installation
# Download binary (Windows)# Download binary (Windows)Rubeus
ExploitationC# toolset for raw Kerberos interaction and abuses.
Installation
# Compile from source# Compile from sourcePowerView
EnumerationPowerShell tool to gain network situational awareness on Windows domains.
Installation
Import-Module PowerView.ps1Import-Module PowerView.ps1Evil-WinRM
Remote AccessThe ultimate WinRM shell for hacking/pentesting. Great for persistent shell access.
Installation
gem install evil-winrmgem install evil-winrmLigolo-ng
PivotingAn advanced, simple, and lightweight tunneling/pivoting tool that uses a TUN interface.
Installation
# Download release# Download releaseCertipy
ExploitationTool for Active Directory Certificate Services (ADCS) enumeration and abuse.
Installation
pip install certipy-adpip install certipy-ad