UNDER Construction
This repo is based off of https://github.com/Flangvik/SharpCollection, it similiarly completes nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion as a daily cron Github Action.
To download the tools you want select the Actions Tab, select the tool build, scroll down to artifact, download the file which will be a .zip file containing your executable.
You probably should not download and run random binariers off the internet. These tools are intented for labs, CTFs, VMs, HackTheBox, TryHackMe, and similiar non-production systems.
- Ensure artifact is uploaded for all tools
- Make sure all tools actually run
- Fix tools that don't confirm to standard build process
- Publish helper tool written to automate C# Build yaml files
- Create build action for multiple .NET versions
- Specify CPU architecture
If you fork this repo and make it private you may incur costs from total Github actions minutes exceeding free tier.
| Tools \ .NET Framework | Artifact Built |
|---|---|
| ADCollector | ✔️ |
| ADCSPwn | ✔️ |
| ADSearch | ✔️ |
| ADFSDump | ✔️ |
| AtYourService | ✔️ |
| BetterSafetyKatz | ✔️ |
| Certify | ✔️ |
| EDD | ✔️ |
| ForgeCert | ✔️ |
| DeployPrinterNightmare | ✔️ |
| Grouper2 | ❌ |
| InveighZero | ✔️ |
| LockLess | ✔️ |
| PurpleSharp | ✔️ |
| Rubeus | ✔️ |
| SafetyKatz | ✔️ |
| SauronEye | ✔️ |
| SearchOutlook | ✔️ |
| Seatbelt | ✔️ |
| Sharp-SMBExec | ✔️ |
| SharpAllowedToAct | ✔️ |
| SharpAppLocker | ✔️ |
| SharpBlock | ✔️ |
| SharpBypassUAC | ✔️ |
| SharpChisel | ✔️ |
| SharpChrome | ✔️ |
| SharpChromium | ✔️ |
| SharpCloud | ✔️ |
| SharpCOM | ✔️ |
| SharpCrashEventLog | ✔️ |
| SharpDir | ✔️ |
| SharpDoor | ❌ |
| SharpDPAPI | ✔️ |
| SharpDump | ✔️ |
| SharpEDRChecker | ✔️ |
| SharpExec | ✔️ |
| SharPersist | ❌ |
| SharpFiles | ❌ |
| SharpGPOAbuse | ✔️ |
| SharpHandler | ✔️ |
| SharpHose | ✔️ |
| SharpHound3 | ✔️ |
| SharpKatz | ✔️ |
| SharpLaps | ✔️ |
| SharpMapExec | ✔️ |
| SharpMiniDump | ✔️ |
| SharpMove | ✔️ |
| SharpPrinter | ✔️ |
| SharpNoPSExec | ✔️ |
| SharpRDP | ✔️ |
| SharpReg | ✔️ |
| SharpSecDump | ✔️ |
| SharpShares | ✔️ |
| SharpSphere | ✔️ |
| SharpSpray | ✔️ |
| SharpStay | ✔️ |
| SharpSvc | ✔️ |
| SharpSniper | ✔️ |
| SharpTask | ✔️ |
| SharpUp | ✔️ |
| SharpView | ✔️ |
| SharpWMI | ✔️ |
| SharpWebServer | ✔️ |
| SharpWifiGrabber | ✔️ |
| SharpZeroLogon | ❌ |
| Shhmon | ✔️ |
| SqlClient | ✔️ |
| StandIn | ✔️ |
| StickyNotesExtract | ✔️ |
| SweetPotato | ✔️ |
| ThunderFox | ✔️ |
| TruffleSnout | ✔️ |
| Watson | ✔️ |
| winPEAS | ✔️ |
| WMIReg | ✔️ |
@Flangvik for compiling the list of tools and the repo idea
- ADCollector - C# tool to quickly extract valuable information from the Active Directory environment @dev-2null
- ADCSPwn - C# tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service. @bats3c
- ADSearch - C# tool to help query AD via the LDAP protocol @tomcarver16 (Only NET 4.7)
- ADFSDump - A C# tool to dump all sorts of goodies from AD FS. @FireEye
- AtYourService - C# .NET Assembly for Service Enumeration @mitchmoser
- BetterSafetyKatz - Fork of SafetyKatz dynamically fetches the latest Mimikatz, runtime patching signatures and PE loads Mimikatz into memory. @Flangvik
- Certify - C# tool to enumerate and abuse misconfigurations in Active Directory Certificate Services (AD CS). @harmj0y @tifkin_
- EDD - Enumerate Domain Data is designed to be similar to PowerView but in .NET @FortyNorthSecurity
- ForgeCert - uses a stolen CA certificate + private key to forge certificates for arbitrary users. @tifkin_
- DeployPrinterNightmare - C# tool for installing a shared network printer abusing the PrinterNightmare bug to allow other network machines easy privesc @Flangvik
- Grouper2 - C# tool to help find security-related misconfigurations in Active Directory Group Policy. @mikeloss
- LockLess - Allows for the copying of locked files. @GhostPack
- PurpleSharp - C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monitored Windows environments. @mvelazc0
- Rubeus - C# toolset for raw Kerberos interaction and abuses. @GhostPack
- SafetyKatz - Combination of slightly modified version of @gentilkiwi's Mimikatz project and @subTee's .NET PE Loader. @GhostPack
- SauronEye - C# search tool find specific files containing specific keywords (.doc, .docx, .xls, .xlsx). @_vivami
- SearchOutlook - C# tool to search through a running instance of Outlook for keywords @RedLectroid
- Seatbelt - Performs a number of security oriented host-survey "safety checks". @GhostPack
- Sharp-SMBExec - A native C# conversion of Kevin Robertsons Invoke-SMBExec powershell script @checkymander
- SharpAllowedToAct - C# implementation of a computer object takeover through Resource-Based Constrained Delegation (msDS-AllowedToActOnBehalfOfOtherIdentity) @pkb1s
- SharpAppLocker - C# port of the Get-AppLockerPolicy PS cmdlet with extended features @Flangvik
- SharpBlock - A method of bypassing EDR's active projection DLL's by preventing entry point exection. @CCob
- SharpBypassUAC - C# tool for UAC bypasses @rodzianko
- SharpChisel - C# Chisel Wrapper. @shantanu561993
- SharpChrome - Chrome-specific implementation of SharpDPAPI capable of cookies and logins decryption/triage. @GhostPack
- SharpChromium - C# Project to retrieve Chromium data, such as cookies, history and saved logins. @djhohnstein
- SharpCloud - Simple C# for checking for the existence of credential files related to AWS, Microsoft Azure, and Google Compute. @chrismaddalena
- SharpCrashEventLog - C# port of LogServiceCrash @slyd0g @limbenjamin
- SharpCOM - C# port of Invoke-DCOM @424f424f
- SharpDir - C# tool to search both local and remote file systems for files. @jnqpblc
- SharpDoor - C# tool to allow multiple RDP (Remote Desktop) sessions by patching termsrv.dll file. @infosecn1nja
- SharpDPAPI - C# port of some Mimikatz DPAPI functionality. @GhostPack
- SharpDump - SharpDump is a C# port of PowerSploit's Out-Minidump.ps1 functionality. @GhostPack
- SharpEDRChecker - C# tool to check for the presence of known defensive products such as AV's, EDR's and logging tools @PwnDexter
- [SharPersist] (https://github.com/fireeye/SharPersist) - C# persistence toolkit.
- SharpExec - SharpExec is an offensive security C# tool designed to aid with lateral movement. @anthemtotheego
- SharpFiles - C# tool to search for files based on SharpShares output. @fullmetalcache
- SharpGPOAbuse - SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO). @FSecureLABS
- SharpHandler - C# tool for stealing/duping handles to LSASS @Jean_Maes_1994
- SharpHose - Asynchronous Password Spraying Tool in C# for Windows Environments . @ustayready
- SharpHound3 - C# Rewrite of the BloodHound Ingestor. @BloodHoundAD
- SharpKatz - PURE C# port of significant MimiKatz functionality such as logonpasswords, dcsync, etc. @b4rtik
- SharpLaps - A C# tool to retrieve LAPS passwords from LDAP @pentest_swissky
- SharpMapExec - C# version of @byt3bl33d3r's tool CrackMapExec @cube0x0
- SharpMiniDump - C# tool to Create a minidump of the LSASS process from memory @b4rtik
- SharpNoPSExec - C# tool allowing file less command execution for lateral movement. @juliourena
- SharpMove - C# tool for performing lateral movement techniques @0xthirteen
- SharpPrinter - C# tool for discovering Printers on an network @424f424f
- SharpRDP - C# Remote Desktop Protocol Console Application for Authenticated Command Execution @0xthirteen
- SharpReg - C# tool to interact with the Remote Registry service api. @jnqpblc
- SharpSecDump - C# port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py @G0ldenGunSec
- SharpShares - Enumerate all network shares in the current domain. @djhohnstein
- SharpSphere - C# SharpSphere has the ability to interact with the guest operating systems of virtual machines managed by vCenter. @jkcoote & @grzryc
- SharpSpray - C# tool to perform a password spraying attack against all users of a domain using LDAP. @jnqpblc
- SharpStay - .NET project for installing Persistence. @0xthirteen
- SharpSearch - C# Project to quickly filter through a file share for targeted files for desired information. @djhohnstein
- SharpSvc - C# tool to interact with the SC Manager API. @jnqpblc (Only NET 4.7)
- SharpSniper - SharpSniper is a simple tool to find the IP address of these users so that you can target their box. @hunniccyber
- SharpTask - C# tool to interact with the Task Scheduler service api. @jnqpblc
- SharpUp - C# port of various PowerUp functionality. @GhostPack
- SharpView - C# implementation of harmj0y's PowerView. @tevora-threat
- SharpWMI - C# implementation of various WMI functionality. @GhostPack
- SharpWebServer - A Red Team oriented simple HTTP & WebDAV server written in C# with functionality to capture Net-NTLM hashes. @mariuszbit
- SharpWifiGrabber - Sharp Wifi Password Grabber retrieves in clear-text the Wi-Fi Passwords from all WLAN Profiles saved on a workstation. @r3n_hat
- SharpZeroLogon - C# port of CVE-2020-1472 , a.k.a. Zerologon. @buffaloverflow
- Shhmon - Neutering Sysmon via driver unload. @Shhmon
- SqlClient - C# .NET mssql client for accessing database data through beacon. @FortyNorthSecurity
- StandIn - C# based small AD post-compromise toolkit. @FuzzySec
- StickyNotesExtract - C# tool that extracts data from the Windows Sticky Notes database. @V1V1
- SweetPotato - Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019 . @CCob
- ThunderFox - C# Retrieves data (contacts, emails, history, cookies and credentials) from Thunderbird and Firefox. @V1V1
- TruffleSnout - C# based iterative AD discovery toolkit for offensive operators. @dsnezhkov
- Watson - Enumerate missing KBs and suggest exploits for useful Privilege Escalation vulnerabilities . @rasta-mouse
- winPEAS - PEASS - Privilege Escalation Awesome Scripts (winPEAS). @carlospolop
- WMIReg - C# PoC to interact with local/remote registry hives through WMI. @airzero24