Windows

linWinPwnopen in new window
- Good reference point for helpful options for script-based tools running off of Linux
CrackMapExecopen in new window
- A little bit of everything (anything that can be ripped?), but geared towards AD
- Docs: https://mpgn.gitbook.io/crackmapexec/
mfasweepopen in new window
- Attempts to log in to various Microsoft services using a provided set of credentials + identify if MFA is enabled
smbmapopen in new window
- Windows/Samba enum from a Linux host
Snaffleropen in new window
- Search for juicy files in SMB shares
enum4linuxopen in new window
- Enumerate data from Windows and Samba hosts
enum4linux-ngopen in new window
- Rewrite of enum4linux in Python that can output YAML or JSON
Standard-ish Linux utilities:
- smbclientopen in new window
  - FTP-like Lan Manager client program
- rpcclientopen in new window
  - Tool for executing client side MS-RPC functions
- nmblookupopen in new window
  - NetBIOS over TCP/IP client used to lookup NetBIOS names
rdpscanopen in new window
- Scan for "BlueKeep" vuln (CVE-2019-0708)
- Analysis by Zero Day Initiative: hereopen in new window
- Do note that exploitation is very finicky and can lead to BSOD if performed incorrectly. Use any exploits with caution.
PowerHuntSharesopen in new window
- Look for SMB shares with excessive privileges

# Windows