Nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.
Is your favorite tool missing? Feel free to open an issue or DM me on X @Flangvik Please note that Cobalt Strike's execute-assembly only accepts binaries compiled with the "Any CPU" configuration.
Should I blindly deploy any of these binaries during real-life engagements? F*ck no, always look through anything that you deploy on a client machine or network. Eg https://github.com/dnSpyEx/dnSpy Deploying anything blindly from this repo should be reserved for Lab environments, VM's , HackTheBox, detection mapping, and so forth.
Each night at 03:00 AM, the Azure DevOps pipeline checks for new commits to all repositories master branch. Branches with changes will be automatically fetched and compiled with different framework targets as well as architectures, before being pushed to this repo.
The pipeline can be found here: https://dev.azure.com/FlangvikDev/SharpRelease
Legend: ✔️ = Actively built | ❌ = Not built |
⚠️ = Pipeline exists but all steps disabledTools marked with
*have special notes — see footnotes below the table.Some tools target specific framework versions: Certify, KrbRelay, KrbRelayUp, ShadowSpray target v4.7.2. ADCollector targets v4.6.1.
| Tools \ .NET Framework | NET 4.0 | NET 4.5 | NET 4.7 |
|---|---|---|---|
ADCollector ¹ |
❌ | ❌ | ✔️ |
| ADCSPwn | ✔️ | ✔️ | ✔️ |
| ADFSDump | ✔️ | ✔️ | ✔️ |
| ADSearch | ❌ | ❌ | ✔️ |
AtYourService ² |
✔️ | ✔️ | ✔️ |
| BadAssMacros | ❌ | ✔️ | ✔️ |
| BetterSafetyKatz | ✔️ | ✔️ | ✔️ |
Certify ³ |
❌ | ❌ | ✔️ |
CheeseTools ⁴ |
❌ | ❌ | ✔️ |
| DeployPrinterNightmare | ✔️ | ✔️ | ✔️ |
| EDD | ✔️ | ✔️ | ✔️ |
Evasor ² |
✔️ | ✔️ | ✔️ |
| Farmer | ❌ | ❌ | ✔️ |
| ForgeCert | ❌ | ✔️ | ✔️ |
| GMSAPasswordReader | ❌ | ❌ | ✔️ |
| Group3r | ❌ | ✔️ | ✔️ |
| Grouper2 | ✔️ | ✔️ | ✔️ |
| Internal-Monologue | ✔️ | ✔️ | ✔️ |
| InveighZero | |||
KrbRelay ³ |
❌ | ❌ | ✔️ |
KrbRelayUp ³ |
❌ | ❌ | ✔️ |
| LockLess | ✔️ | ✔️ | ✔️ |
| Moriarty | ❌ | ✔️ | ✔️ |
| PassTheCert | ✔️ | ✔️ | ✔️ |
| PurpleSharp | ❌ | ✔️ | ✔️ |
| Rubeus | ✔️ | ✔️ | ✔️ |
| RunasCs | ✔️ | ✔️ | ✔️ |
| SafetyKatz | ✔️ | ✔️ | ✔️ |
| SauronEye | ❌ | ❌ | ✔️ |
Scout ⁷ |
✔️ | ✔️ | ✔️ |
| SearchOutlook | ✔️ | ✔️ | ✔️ |
| Seatbelt | ✔️ | ❌ | ✔️ |
ShadowSpray ³ |
❌ | ❌ | ✔️ |
| Sharp-SMBExec | ✔️ | ✔️ | ✔️ |
| SharpADWS | ❌ | ❌ | ✔️ |
| SharpAllowedToAct | ✔️ | ✔️ | ✔️ |
| SharpAppLocker | ❌ | ✔️ | ✔️ |
SharpBlock ⁵ |
✔️ | ✔️ | ❌ |
| SharpBypassUAC | ✔️ | ✔️ | ✔️ |
| SharpChisel | ✔️ | ✔️ | ✔️ |
| SharpChrome | ✔️ | ✔️ | ✔️ |
| SharpChromium | ✔️ | ✔️ | ✔️ |
| SharpCloud | ✔️ | ✔️ | ✔️ |
| SharpCOM | ✔️ | ✔️ | ✔️ |
| SharpCookieMonster | ✔️ | ✔️ | ✔️ |
| SharpCrashEventLog | ✔️ | ✔️ | ✔️ |
| SharpDir | ✔️ | ✔️ | ✔️ |
SharpDoor ⁶ |
✔️ | ✔️ | ✔️ |
| SharpDPAPI | ✔️ | ✔️ | ✔️ |
| SharpDump | ✔️ | ✔️ | ✔️ |
| SharpEDRChecker | ✔️ | ✔️ | ✔️ |
| SharpExec | ✔️ | ✔️ | ✔️ |
| SharPersist | ✔️ | ✔️ | ✔️ |
| SharpFiles | ✔️ | ✔️ | ✔️ |
| SharpFinder | ✔️ | ✔️ | ✔️ |
| SharpGPOAbuse | ✔️ | ✔️ | ✔️ |
| SharpHandler | ✔️ | ✔️ | ✔️ |
| SharpHose | ❌ | ✔️ | ✔️ |
| SharpHound | ❌ | ❌ | ✔️ |
| SharpKatz | ✔️ | ✔️ | ✔️ |
| SharpKiller | ❌ | ✔️ | ✔️ |
| SharpLaps | ✔️ | ✔️ | ✔️ |
| SharpMapExec | ✔️ | ✔️ | ✔️ |
| SharpMiniDump | ✔️ | ✔️ | ✔️ |
| SharpMove | ✔️ | ✔️ | ✔️ |
| SharpNoPSExec | ❌ | ❌ | ✔️ |
| SharpPrinter | ❌ | ✔️ | ✔️ |
| SharpRDP | ❌ | ✔️ | ✔️ |
| SharpReg | ✔️ | ✔️ | ✔️ |
| SharpSCCM | ❌ | ❌ | ✔️ |
| SharpSecDump | ✔️ | ✔️ | ✔️ |
| SharpShares | ✔️ | ✔️ | ✔️ |
| SharpSphere | ❌ | ✔️ | ✔️ |
| SharpSpray | ✔️ | ✔️ | ✔️ |
| SharpStay | ✔️ | ✔️ | ✔️ |
| SharpSuccessor | ✔️ | ✔️ | ✔️ |
| SharpSvc | ❌ | ❌ | ✔️ |
| SharpSniper | ✔️ | ✔️ | ✔️ |
| SharpSQLPwn | ✔️ | ✔️ | ✔️ |
| SharpTask | ✔️ | ✔️ | ✔️ |
| SharpTokenFinder | ❌ | ✔️ | ✔️ |
| SharpUp | ✔️ | ✔️ | ✔️ |
| SharpView | ❌ | ✔️ | ✔️ |
| SharpWMI | ✔️ | ✔️ | ✔️ |
| SharpWebServer | ✔️ | ✔️ | ✔️ |
| SharpWifiGrabber | ✔️ | ✔️ | ✔️ |
| SharpWSUS | ✔️ | ✔️ | ✔️ |
| SharpZeroLogon | ✔️ | ✔️ | ✔️ |
| Shhmon | ✔️ | ✔️ | ✔️ |
| Snaffler | ❌ | ✔️ | ❌ |
| SqlClient | ✔️ | ✔️ | ✔️ |
| StandIn | ✔️ | ✔️ | ✔️ |
| StickyNotesExtract | ✔️ | ✔️ | ✔️ |
| SweetPotato | ❌ | ✔️ | ✔️ |
| ThunderFox | ✔️ | ✔️ | ✔️ |
| TruffleSnout | ❌ | ✔️ | ✔️ |
| TokenStomp | ✔️ | ✔️ | ✔️ |
| Watson | ✔️ | ✔️ | ✔️ |
| winPEAS | ❌ | ✔️ | ✔️ |
| WMIReg | ✔️ | ✔️ | ✔️ |
| Whisker | ❌ | ❌ | ✔️ |
- ADCollector — Targets .NET Framework v4.6.1 specifically (mapped to NET 4.7 column)
- AtYourService, Evasor — No AnyCPU builds, only x64/x86 platforms
- Certify, KrbRelay, KrbRelayUp, ShadowSpray — Target .NET Framework v4.7.2 specifically
- CheeseTools — Pipeline exists but has never had a successful build
- SharpBlock — Only builds NET 4.0 and NET 4.5; NET 4.7 steps are disabled. No AnyCPU builds (x64/x86 only)
- SharpDoor — Only publishes x64 binaries (compiled via PowerShell script)
- Scout — The original repository has been removed. Binaries included are outdated and no longer maintained
InveighZero
⚠️ — Pipeline has all build steps disabled and is non-functional. Existing binaries in the repo are from previous builds.
Links for all these amazing tools are below :)
- ADCollector - C# tool to quickly extract valuable information from the Active Directory environment @dev-2null
- ADCSPwn - C# tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service. @bats3c
- ADSearch - C# tool to help query AD via the LDAP protocol @tomcarver16 (Only NET 4.7)
- ADFSDump - A C# tool to dump all sorts of goodies from AD FS. @FireEye
- AtYourService - C# .NET Assembly for Service Enumeration @mitchmoser
- BadAssMacros - C# based automated malicous macro generator @Flangvik
- BetterSafetyKatz - Fork of SafetyKatz dynamically fetches the latest Mimikatz, runtime patching signatures and PE loads Mimikatz into memory. @Flangvik
- Certify - C# tool to enumerate and abuse misconfigurations in Active Directory Certificate Services (AD CS). @harmj0y @tifkin_
- CheeseTools - Self-developed tools for lateral movement/code execution @klezVirus
- EDD - Enumerate Domain Data is designed to be similar to PowerView but in .NET @FortyNorthSecurity
- Evasor - A tool to be used in post-exploitation phase for assessing and evading AV @CyberArk
- Farmer - Collecting NetNTLM hashes in a Windows domain via a local WebDAV server @domchell
- ForgeCert - Uses a stolen CA certificate + private key to forge certificates for arbitrary users. @tifkin_
- GMSAPasswordReader - Reads the password blob from a GMSA account. @rvazarkar
- DeployPrinterNightmare - C# tool for installing a shared network printer abusing the PrinterNightmare bug to allow other network machines easy privesc @Flangvik
- Grouper2 - C# tool to help find security-related misconfigurations in Active Directory Group Policy. @mikeloss
- Group3r - C# tool to find vulnerabilities in AD Group Policy, but do it better than Grouper2 did. @mikeloss
- Internal-Monologue - Retrieves NTLM Hashes without touching LSASS @elad_shamir
- KrbRelay - C# Framework for Kerberos relaying @cube0x0
- KrbRelayUp - Universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced @dec0ne
- LockLess - Allows for the copying of locked files. @GhostPack
- Moriarty - Enumerate missing KBs, detect various vulnerabilities, and suggest potential exploits for Privilege Escalation in Windows
- PassTheCert - Proof-of-Concept tool to authenticate to an LDAP/S server with a certificate through Schannel. @AlmondOffSec
- PurpleSharp - C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monitored Windows environments. @mvelazc0
- Rubeus - C# toolset for raw Kerberos interaction and abuses. @GhostPack
- RunasCs - Csharp and open version of windows builtin runas.exe. @splinter_code
- SafetyKatz - Combination of slightly modified version of @gentilkiwi's Mimikatz project and @subTee's .NET PE Loader. @GhostPack
- SauronEye - C# search tool find specific files containing specific keywords (.doc, .docx, .xls, .xlsx). @_vivami
- Scout - A .NET assembly for performing recon against hosts on a network . @jaredhaight (Repo removed — binaries are outdated)
- SearchOutlook - C# tool to search through a running instance of Outlook for keywords @RedLectroid
- Seatbelt - Performs a number of security oriented host-survey "safety checks". @GhostPack
- ShadowSpray - A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.
- Sharp-SMBExec - A native C# conversion of Kevin Robertsons Invoke-SMBExec powershell script @checkymander
- SharpADWS - Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS). @wh0amitz
- SharpAllowedToAct - C# implementation of a computer object takeover through Resource-Based Constrained Delegation (msDS-AllowedToActOnBehalfOfOtherIdentity) @pkb1s
- SharpAppLocker - C# port of the Get-AppLockerPolicy PS cmdlet with extended features @Flangvik
- SharpBlock - A method of bypassing EDR's active projection DLL's by preventing entry point exection. @CCob
- SharpBypassUAC - C# tool for UAC bypasses @rodzianko
- SharpChisel - C# Chisel Wrapper. @shantanu561993
- SharpChrome - Chrome-specific implementation of SharpDPAPI capable of cookies and logins decryption/triage. @GhostPack
- SharpChromium - C# Project to retrieve Chromium data, such as cookies, history and saved logins. @djhohnstein
- SharpCloud - Simple C# for checking for the existence of credential files related to AWS, Microsoft Azure, and Google Compute. @chrismaddalena
- SharpCOM - C# port of Invoke-DCOM @424f424f
- SharpCookieMonster - C# tool for extracting browser cookies @m0rv4i
- SharpCrashEventLog - C# port of LogServiceCrash @slyd0g @limbenjamin
- SharpDir - C# tool to search both local and remote file systems for files. @jnqpblc
- SharpDoor - C# tool to allow multiple RDP (Remote Desktop) sessions by patching termsrv.dll file. @infosecn1nja
- SharpDPAPI - C# port of some Mimikatz DPAPI functionality. @GhostPack
- SharpDump - SharpDump is a C# port of PowerSploit's Out-Minidump.ps1 functionality. @GhostPack
- SharpEDRChecker - C# tool to check for the presence of known defensive products such as AV's, EDR's and logging tools @PwnDexter
- SharPersist - C# persistence toolkit.
- SharpExec - SharpExec is an offensive security C# tool designed to aid with lateral movement. @anthemtotheego
- SharpFiles - C# tool to search for files based on SharpShares output. @fullmetalcache
- SharpFinder - Searches for files matching specific criteria on readable shares within the domain
- SharpGPOAbuse - SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO). @FSecureLABS
- SharpHandler - C# tool for stealing/duping handles to LSASS @Jean_Maes_1994
- SharpHose - Asynchronous Password Spraying Tool in C# for Windows Environments . @ustayready
- SharpHound - C# 2022 version of the BloodHound 4.x Ingestor. @BloodHoundAD
- SharpKatz - PURE C# port of significant MimiKatz functionality such as logonpasswords, dcsync, etc. @b4rtik
- SharpKiller - Lifetime AMSI bypass by @ZeroMemoryEx ported to .NET Framework 4.8 @S1lky_1337
- SharpLaps - A C# tool to retrieve LAPS passwords from LDAP @pentest_swissky
- SharpMapExec - C# version of @byt3bl33d3r's tool CrackMapExec @cube0x0
- SharpMiniDump - C# tool to Create a minidump of the LSASS process from memory @b4rtik
- SharpNoPSExec - C# tool allowing file less command execution for lateral movement. @juliourena
- SharpMove - C# tool for performing lateral movement techniques @0xthirteen
- SharpPrinter - C# tool for discovering Printers on an network @424f424f
- SharpRDP - C# Remote Desktop Protocol Console Application for Authenticated Command Execution @0xthirteen
- SharpReg - C# tool to interact with the Remote Registry service api. @jnqpblc
- SharpSecDump - C# port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py @G0ldenGunSec
- SharpSCCM - C# utility for interacting with SCCM @_Mayyhem
- SharpShares - Enumerate all network shares in the current domain. @djhohnstein
- SharpSphere - C# SharpSphere has the ability to interact with the guest operating systems of virtual machines managed by vCenter. @jkcoote & @grzryc
- SharpSpray - C# tool to perform a password spraying attack against all users of a domain using LDAP. @jnqpblc
- SharpStay - .NET project for installing Persistence. @0xthirteen
- SharpSuccessor - C# tool for exploiting the BadSuccessor / dMSA privilege escalation vulnerability
- SharpSvc - C# tool to interact with the SC Manager API. @jnqpblc (Only NET 4.7)
- SharpSniper - SharpSniper is a simple tool to find the IP address of these users so that you can target their box. @hunniccyber
- SharpSQLPwn - C# tool to identify and exploit weaknesses within MSSQL instances in Active Directory environments. @lefayjey
- SharpTask - C# tool to interact with the Task Scheduler service api. @jnqpblc
- SharpTokenFinder - C# implementation of TokenFinder. Steal M365 access tokens from Office Desktop apps
- SharpUp - C# port of various PowerUp functionality. @GhostPack
- SharpView - C# implementation of harmj0y's PowerView. @tevora-threat
- SharpWMI - C# implementation of various WMI functionality. @GhostPack
- SharpWebServer - A Red Team oriented simple HTTP & WebDAV server written in C# with functionality to capture Net-NTLM hashes. @mariuszbit
- SharpWifiGrabber - Sharp Wifi Password Grabber retrieves in clear-text the Wi-Fi Passwords from all WLAN Profiles saved on a workstation. @r3n_hat
- SharpWSUS - C# tool for lateral movement through WSUS. @naborstudio
- SharpZeroLogon - C# port of CVE-2020-1472 , a.k.a. Zerologon. @buffaloverflow
- Shhmon - Neutering Sysmon via driver unload. @Shhmon
- Snaffler - C# tool for pentesters to help find delicious candy. @l0ss and @Sh3r4
- SqlClient - C# .NET mssql client for accessing database data through beacon. @FortyNorthSecurity
- StandIn - C# based small AD post-compromise toolkit. @FuzzySec
- StickyNotesExtract - C# tool that extracts data from the Windows Sticky Notes database. @V1V1
- SweetPotato - Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019 . @CCob
- ThunderFox - C# Retrieves data (contacts, emails, history, cookies and credentials) from Thunderbird and Firefox. @V1V1
- TruffleSnout - C# based iterative AD discovery toolkit for offensive operators. @dsnezhkov
- TokenStomp - C# implementation of the token privilege removal flaw discovered by @GabrielLandau / Elastic. @Mrtn9
- Watson - Enumerate missing KBs and suggest exploits for useful Privilege Escalation vulnerabilities . @rasta-mouse
- winPEAS - PEASS - Privilege Escalation Awesome Scripts (winPEAS). @carlospolop
- WMIReg - C# PoC to interact with local/remote registry hives through WMI. @airzero24
- Whisker - Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute. @elad_shamir