ENNAENNA

PingCastle

馃敟 Offensive OpsC#

PingCastle performs rapid Active Directory security assessments by analyzing domain configuration, trust relationships, user accounts, group policies, and delegation settings. It produces a comprehensive risk score across four categories: stale objects, privileged accounts, trust relationships, and anomalies. PingCastle identifies password policy weaknesses, dangerous delegations, abandoned admin accounts, SMB signing issues, and dozens of other AD security concerns. Reports are generated as interactive HTML with remediation priorities. It runs without elevated privileges and completes assessments in minutes even on large domains.

2.8kstars
341forks
56issues
Updated 13d ago
+I use this
View on GitHubOfficial Website

Installation

$ git clone https://github.com/netwrix/pingcastle.git

Use Cases

  • Rapid Active Directory security health assessment
  • Identifying dangerous trust relationships and delegations
  • Generating executive risk reports for AD environments
  • Finding stale objects and abandoned privileged accounts

Tags

active-directorysecurity-assessmentrisk-scoringdomain-auditmisconfigurationcisododhipaamimikatznistping-castlepingcastlereporting-toolsecuritysoxstig

Details

Category
馃敟 Offensive Ops
Language
C#
Platforms
馃獰windows

Links

GitHub Repository

github.com/netwrix/pingcastle

Official Website

www.pingcastle.com

Releases

github.com/netwrix/pingcastle/releases

Issues

github.com/netwrix/pingcastle/issues

Sponsored

Your ad here

Reach security professionals and developers - ads@en-na.com

Used in 1 Workflow

馃攽

Active Directory Password Audit

Advanced7 steps 路 4-8 hours

Community Reviews

Alternatives & Comparisons

BloodHound

Go

Active Directory attack path mapping. Visualizes privilege escalation paths using graph theory.

Compare PingCastle vs BloodHound

CrackMapExec

Python

Swiss army knife for pentesting Active Directory. SMB, LDAP, MSSQL, WinRM enumeration and exploitation.

Compare PingCastle vs CrackMapExec

NetExec

Python

Network execution tool - the maintained successor to CrackMapExec. SMB, LDAP, WinRM, SSH, MSSQL, and more.

Compare PingCastle vs NetExec

SharpHound

C#

Official BloodHound data collector. Enumerates Active Directory objects, sessions, ACLs, and trusts for graph analysis.

Compare PingCastle vs SharpHound

More in Offensive Ops

Mythic

Go

Collaborative, multi-platform C2 framework. Docker-based with web UI, multiple agent types, and plugin architecture.

c2red-teammulti-operator

Havoc

C/C++

Modern C2 framework. Qt-based GUI, BOF support, custom agents, and a Cobalt Strike-inspired workflow.

c2red-teamgui

Rubeus

C#

C# toolset for raw Kerberos interaction and abuse. AS-REP roasting, Kerberoasting, ticket manipulation, delegation attacks.

kerberosactive-directoryroasting

Certipy

Python

Active Directory Certificate Services (AD CS) abuse tool. Find and exploit certificate template misconfigurations.

active-directorycertificatesadcs

Coercer

Python

Automatically find and exploit Windows authentication coercion vulnerabilities. PetitPotam, PrinterBug, and more.

authentication-coercionntlm-relaypetitpotam

SharpHound

C#

Official BloodHound data collector. Enumerates Active Directory objects, sessions, ACLs, and trusts for graph analysis.

active-directoryenumerationbloodhound