Pentest Toolbox Additions 2017

Last year, I wrote a short blog post about tools I had added to my pentesting toolbox. I’ve decided to make this type of article a yearly tradition. In this post, I highlight some of the useful tools I’ve started to use this past year.Domain Password Audit Tool
First, I will shamefully promote a tool I wrote myself that will generate password usage statistics on an active directory domain.Just how many people are using that weak password of “Winter2017” or “Password1”? Are your domain admins using the same password between their low-privileged and high-privileged accounts? Are the easily cracked LM hashes being stored on your domain controller?Now you know with the Domain Password Audit Tool (DPAT), check out a full demo video here:

Leave a Reply