The list below is known tools that have been tested.
If you find a new tool please use the newTools.md file.
If there is a major change to a tool in this list document it in majorChanges.md.
https://lolbas-project.github.io/#
List of tools for execution, AWL bypassing, downloading, dumping
Signed or created by Microsoft so should be on all systems
GTFOBins is a curated list of Unix binaries that can be used to
bypass local security restrictions in misconfigured systems.
LOLBAS but for file types. Good for finding means of execution or compression.
https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet
List of tools and methods for AD take overs
Includes some Windows privexc stuff
https://github.com/swisskyrepo/PayloadsAllTheThings
Tons of webapp tools and methods
https://github.com/byt3bl33d3r/CrackMapExec
SMB or RDP (non-interactive) code execution
Has tons of modules (https://github.com/byt3bl33d3r/CrackMapExec/tree/master/cme/modules)
Can be used with password or NTLM
runfinger.py can be used to check for SMBv1 and siging quickly
Can be used to dump ntds.bit from DC
https://github.com/BloodHoundAD/BloodHound
Collectors map AD environments with standard user access
Graphically navigate AD
Discover AD misconfigurations
https://github.com/hausec/Bloodhound-Custom-Queries
Add extra useful queries into BloodHound
https://github.com/FortyNorthSecurity/EyeWitness
Takes screenshots of websites