Windows
Browse 248 windows tools
FEATURED
A comprehensive repository of payloads and bypass techniques for web application security testing and penetration testing across multiple platforms and attack vectors.
BlueTeam.Lab provides Terraform and Ansible scripts to deploy an orchestrated detection laboratory for testing attacks and forensic artifacts in a SOC-like Windows environment.
A collection of PowerShell modules for artifact gathering and reconnaissance of Windows-based endpoints.
A Windows-based workflow automation and case management application that integrates with CrowdStrike Falcon APIs to streamline security operations and incident response processes.
KFSensor is an advanced Windows honeypot system for detecting hackers and worms by simulating vulnerable system services.
A powerful tool for extracting passwords and performing various Windows security operations.
A comprehensive utility that shows what programs are configured to run during system bootup or login, and when you start various built-in Windows applications.
PowerUp aims to be a clearinghouse of common Windows privilege escalation vectors that rely on misconfigurations.
CimSweep is a suite of CIM/WMI-based tools for incident response and hunting operations on Windows systems without the need to deploy an agent.
Compares target's patch levels against Microsoft vulnerability database and detects missing patches.
Abusing SCF files to gather user hashes from an unauthenticated writable Windows-based file share.
A repository providing guidance on collecting security-relevant Windows event logs using Windows Event Forwarding (WEF).
An automated script that configures Active Directory domains using customizable XML configuration files.
A comprehensive Windows command-line reference guide for security professionals, system administrators, and incident responders.
Windows Event Log Analyzer with logon timeline generator and noise reduction for fast forensics.
A pure Python parser for Windows Event Log (.evtx) files that enables cross-platform forensic analysis of Windows system events.
CyLR is a Live Response Collection tool for quickly and securely collecting forensic artifacts from hosts with NTFS file systems.
Windows event log fast forensics timeline generator and threat hunting tool.
A command-line tool for analyzing and extracting detailed information from Windows Portable Executable (PE) files.
A next generation version of enum4linux with enhanced features for enumerating information from Windows and Samba systems.
Enhances Windows OS security through system modifications and settings adjustments.
Cheat sheet with common enumeration and attack methods for Windows Active Directory.
A Windows context menu integration tool that scans files and folders for malware patterns, crypto signatures, and malicious documents using Yara rules and PEID signatures.
