Active Directory

SharpHound

BloodHound data collector for AD attack paths.

adbloodhound

sharphound — terminal

$ SharpHound.exe -c All

What it does

SharpHound gathers Active Directory relationships — sessions, ACLs, and group membership — for analysis in BloodHound to reveal attack paths to Domain Admin. It's the collection half of BloodHound.

Source

https://github.com/BloodHoundAD/SharpHound ↗

More Active Directory tools

CrackMapExecSwiss-army knife for AD network post-exploitation.ImpacketPython toolkit of network-protocol scripts.GetNPUsers.pyAS-REP roasting via Impacket.enum4linux-ngSMB and Windows enumeration.

Need hosted scanning instead of local tooling?

Run a scan in the browser →