Windows
Browse 119 windows tools
FEATURED
Compares target's patch levels against Microsoft vulnerability database and detects missing patches.
Compares target's patch levels against Microsoft vulnerability database and detects missing patches.
Abusing SCF files to gather user hashes from an unauthenticated writable Windows-based file share.
Abusing SCF files to gather user hashes from an unauthenticated writable Windows-based file share.
A repository providing guidance on collecting security-relevant Windows event logs using Windows Event Forwarding (WEF).
A repository providing guidance on collecting security-relevant Windows event logs using Windows Event Forwarding (WEF).
An automated script that configures Active Directory domains using customizable XML configuration files.
An automated script that configures Active Directory domains using customizable XML configuration files.
A comprehensive Windows command-line reference guide for security professionals, system administrators, and incident responders.
A comprehensive Windows command-line reference guide for security professionals, system administrators, and incident responders.
Windows Event Log Analyzer with logon timeline generator and noise reduction for fast forensics.
Windows Event Log Analyzer with logon timeline generator and noise reduction for fast forensics.
A pure Python parser for Windows Event Log (.evtx) files that enables cross-platform forensic analysis of Windows system events.
A pure Python parser for Windows Event Log (.evtx) files that enables cross-platform forensic analysis of Windows system events.
CyLR is a Live Response Collection tool for quickly and securely collecting forensic artifacts from hosts with NTFS file systems.
CyLR is a Live Response Collection tool for quickly and securely collecting forensic artifacts from hosts with NTFS file systems.
Windows event log fast forensics timeline generator and threat hunting tool.
Windows event log fast forensics timeline generator and threat hunting tool.
A command-line tool for analyzing and extracting detailed information from Windows Portable Executable (PE) files.
A command-line tool for analyzing and extracting detailed information from Windows Portable Executable (PE) files.
A next generation version of enum4linux with enhanced features for enumerating information from Windows and Samba systems.
A next generation version of enum4linux with enhanced features for enumerating information from Windows and Samba systems.
Enhances Windows OS security through system modifications and settings adjustments.
Enhances Windows OS security through system modifications and settings adjustments.
Cheat sheet with common enumeration and attack methods for Windows Active Directory.
Cheat sheet with common enumeration and attack methods for Windows Active Directory.
A Windows context menu integration tool that scans files and folders for malware patterns, crypto signatures, and malicious documents using Yara rules and PEID signatures.
A Windows context menu integration tool that scans files and folders for malware patterns, crypto signatures, and malicious documents using Yara rules and PEID signatures.
TikiTorch is a process injection tool that executes code within the address space of other processes using various injection techniques.
TikiTorch is a process injection tool that executes code within the address space of other processes using various injection techniques.
GrokEVT is a tool for reading Windows event log files and converting them to a human-readable format.
GrokEVT is a tool for reading Windows event log files and converting them to a human-readable format.
An open-source tool that automates the detection and analysis of DLL hijacking vulnerabilities in Windows applications, providing detailed reports and remediation guidance.
An open-source tool that automates the detection and analysis of DLL hijacking vulnerabilities in Windows applications, providing detailed reports and remediation guidance.
A discontinued project for Windows system administration that has been archived due to the author's dissatisfaction with the Windows operating system.
A discontinued project for Windows system administration that has been archived due to the author's dissatisfaction with the Windows operating system.
A comprehensive cheat sheet for Windows and Linux terminals and command lines, covering essential commands and syntax for various tasks.
A comprehensive cheat sheet for Windows and Linux terminals and command lines, covering essential commands and syntax for various tasks.
A script that validates Group Policy Object audit settings required for proper Microsoft Defender for Endpoint functionality.
A script that validates Group Policy Object audit settings required for proper Microsoft Defender for Endpoint functionality.
A library for accessing and parsing Extensible Storage Engine (ESE) Database Files used by Microsoft applications like Windows Search, Exchange, and Active Directory for forensic analysis purposes.
A library for accessing and parsing Extensible Storage Engine (ESE) Database Files used by Microsoft applications like Windows Search, Exchange, and Active Directory for forensic analysis purposes.
Tool for analyzing Windows Recycle Bin INFO2 file
A process scanning tool that detects and dumps malicious implants, shellcodes, hooks, and memory patches in running processes.
A process scanning tool that detects and dumps malicious implants, shellcodes, hooks, and memory patches in running processes.
