This is my reference sheet for tools and stuff I may need to look up when doing an AD pentest. If you find this interesting, feel free to browse. If you don’t, well… hi.
If you find something missing, please let me know!
- Nmap (with ALL the flags)
- Firefox (for checking out all those websites that may pop up)
- whatweb (to check out what the website is running on)
- nikto (a full-blown vuln-scan against websites)
- responder (pick up some hashes while I’m here)
- WinPEAS (who knows, might lead somewhere)
- crackmapexec (see where the same login applies)
- PHP webshells (if there’s a box that can interpret it, noice)
- Powershell-Empire (I really only worked with this one so far)
- Starkiller to go with Empire
- SilentTrinity (maybe? I dunno, I keep hearing about it)