CrackMapExec
A post-exploitation tool for pentesting Active Directory
CrackMapExec
A post-exploitation tool for pentesting Active Directory
Data verified Jun 2026
ADYour product here. Reach security decision-makers.Launch a campaignCrackMapExec Description
It's a post-exploitation tool (e.g. Veil-Pillage, smbexec) It's meant to be the 'glue' between exploitation frameworks when pentesting Active Directory It's fully concurrent: you're able to connect, authenticate etc.. to multiple hosts at the same time It has an internal database which is used to store credentials and track users with Administrative privileges It's functionality is based on several other tools and libraries (a list of them are in the Github repo's README) It's opsec safe: everything is either run in memory, enumerated over the network using WinAPI calls or executed using built-in windows tools/features. Part 1, will cover the basics such as using credentials, dumping credentials, executing commands and using the
CrackMapExec FAQ
Common questions about CrackMapExec including features, pricing, alternatives, and user reviews.
CrackMapExec is A post-exploitation tool for pentesting Active Directory. It is a Security Operations solution designed to help security teams with Post Exploitation.
CrackMapExec is a free Security Operations tool. This makes it accessible for organizations of all sizes, from startups to enterprises. Visit https://byt3bl33d3r.github.io/getting-the-goods-with-crackmapexec-part-1.html for download and installation instructions.
Popular alternatives to CrackMapExec include:
1.Fortra Cobalt Strike - Threat emulation tool for adversary simulations and red team operations (Commercial)
2.Core Security Cobalt Strike - Post-exploitation threat emulation platform for red team operations. (Commercial)
3.Core Security Outflank Security Tooling - Red team toolkit for EDR evasion, initial access, and post-exploitation. (Commercial)
4.Core Security Bundles and Suites - Bundled offensive security suites combining pen testing, red teaming, and VM. (Commercial)
5.GraphSpy - GraphSpy is a browser-based post-exploitation tool for Azure Active Directory and Office 365 environments that enables token management, reconnaissance, and interaction with Microsoft 365 services. (Free)
Compare all CrackMapExec alternatives at https://cybersectools.com/alternatives/crackmapexec
CrackMapExec is for security teams and organizations that need Post Exploitation. It's particularly suitable for small to medium-sized teams looking for cost-effective solutions. Other Security Operations tools can be found at https://cybersectools.com/categories/security-operations
Have more questions? Browse our categories or search for specific tools.
