GhostPack - SpecterOps

Open-source Tools

GhostPack

GhostPack is a renowned collection of offensive security tools written primarily in C# for Windows and Active Directory environments. These tools assist security professionals in penetration testing, red teaming, and security auditing, covering everything from Kerberos attacks to credential extraction and privilege escalation.

https://docs.specterops.io/ghostpack-docs/Rubeus-mdx/overview – C# toolset for raw Kerberos interaction and abuses
https://docs.specterops.io/ghostpack-docs/Certify.wik-mdx/overview – Identifies and exploits misconfigurations in Active Directory Certificate Services (AD CS) environments.
https://docs.specterops.io/ghostpack-docs/SharpDPAPI-mdx/overview – C# toolkit for interacting with Windows Data Protection aPI (DPAPI).
https://github.com/GhostPack/SafetyKatz – Combination of a modified Mimikatz with @subTeeâ€™s .NET PE Loader for in-memory credential extraction with OPSEC considerations.
https://docs.specterops.io/ghostpack-docs/Seatbelt-mdx/overview – C# project that performs security-oriented host-survey â€œsafety checksâ€ on Windows systems.
https://docs.specterops.io/ghostpack-docs/SharpUp-mdx/overview – C# port of PowerUp functionality for enumerating common Windows privilege escalation vectors.
https://docs.specterops.io/ghostpack-docs/SharpWMI-mdx/overview – C# implementation of various WMI functionality that provides offensive security practitioners with a native toolkit for Windows Management Instrumentation operations.
https://github.com/GhostPack/ForgeCert – Forge certificates for arbitrary users using stolen CA certificates and private keys. Create persistent backdoors via certificate abuse.
https://github.com/GhostPack/KeeThief – Methods for attacking KeePass 2.X databases, including extracting encryption key material from memory and master keys.
https://github.com/GhostPack/Lockless – Allows copying of locked files without triggering file locks. Useful for exfiltrating files that are normally inaccessible.
https://github.com/GhostPack/SharpDump – C# port of PowerSploitâ€™s Out-Minidump.ps1 for dumping process memory, particularly useful for LSASS dumping.
https://github.com/GhostPack/PSPKIAudit – PowerShell toolkit for Active Directory Certificate Services auditing based on the PSPKI toolkit.
https://github.com/GhostPack/DeepPass – Password extraction and analysis utilities for security assessments.
https://github.com/GhostPack/RAGnarok – A Retrieval-Augmented Generation (RAG) chatbot proof-of-concept powered by Nemesis for offensive security operations.
https://github.com/GhostPack/RestrictedAdmin – Tools and research around Windows Restricted Admin mode and related security mechanisms.

Download on GitHub

Join the conversation

Learn from others and share your story on the BloodHoundGang Slack Community

More info