PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

Trying to tame the three-headed dog.

Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.

.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers

PingCastle - Get Active Directory Security at 80% in 20% of the time

C# and Impacket implementation of PrintNightmare CVE-2021-1675/CVE-2021-34527

Run PowerShell with rundll32. Bypass software restrictions.

SharpSploit is a .NET post-exploitation library written in C#

Directory Services Internals (DSInternals) PowerShell Module and Framework

KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).

PowerShell Runspace Post Exploitation Toolkit

PowerForensics provides an all in one platform for live disk forensic analysis

SharpUp is a C# port of various PowerUp functionality.

SafetyKatz is a combination of slightly modified version of @gentilkiwi's Mimikatz project and @subtee's .NET PE Loader

SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.

SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by…

RunasCs - Csharp and open version of windows builtin runas.exe

Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, effectively adding "Shadow Credentials" to the target account.

OfensivePipeline allows you to download and build C# tools, applying certain modifications in order to improve their evasion for Red Team exercises.

SharpWMI is a C# implementation of various WMI functionality.

SharpDump is a C# port of PowerSploit's Out-Minidump.ps1 functionality.

Cobalt Strike Shellcode Generator

Salsa Tools - ShellReverse TCP/UDP/ICMP/DNS/SSL/BINDTCP/Shellcode/SILENTTRINITY and AV bypass, AMSI patched

Arsenal Image Mounter mounts the contents of disk images as complete disks in Microsoft Windows.

OpSec-safe Powershell runspace from within C# (aka SharpPick) with AMSI, Constrained Language Mode and Script Block Logging disabled at startup

Detect and respond to Cobalt Strike beacons using ETW.

Bypass for PowerShell Constrained Language Mode

Use SE_BACKUP_NAME/SeBackupPrivilege to access objects you shouldn't have access to

DEPRECATED SharpRoast is a C# port of various PowerView's Kerberoasting functionality.

Prefetch Explorer Command Line