weakpass
DSInternals
Our great sponsors
weakpass | DSInternals | |
---|---|---|
1 | 16 | |
350 | 1,513 | |
- | - | |
3.4 | 6.8 | |
about 1 year ago | 2 months ago | |
JavaScript | C# | |
GNU General Public License v3.0 only | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
weakpass
We haven't tracked posts mentioning weakpass yet.
Tracking mentions began in Dec 2020.
DSInternals
-
Manipulating User Passwords with Mimikatz
Note**:** The same can be done using the DSInternals Set-SamAccountPasswordHash command.
-
Finding Weak Passwords in AD
To find out, you can use the DSInternals command Test-PasswordQuality. It will extract the password hashes for all your user accounts and compare them against the password hashes for a dictionary of weak passwords.
-
Security Cadence: Passphrases
Load DSInternals Powershell Module (Install-Module DSInternals -Force OR https://github.com/MichaelGrafnetter/DSInternals
-
Auto Generate a String array I can then use in a "foreach" loop
FYI, there's a PS module you can use to check passwords. Here's a link to some info about that: https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Get-ADReplAccount.md
- Active Directory Audit - PingCastle?
What are some alternatives?
wpa2-wordlists - A collection of wordlists dictionaries for password cracking
hashtopolis - Hashtopolis - distributed password cracking with Hashcat
Password Compat - Compatibility with the password_* functions that ship with PHP 5.5
ADRecon - ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.
dumb-password-rules - A compilation of sites with dumb password rules.
adfsmfa - MFA for ADFS 2022/2019/2016/2012r2
Minimalistic-offensive-security-tools - A repository of tools for pentesting of restricted and isolated environments.
PowerSploit - PowerSploit - A PowerShell Post-Exploitation Framework
ad-password-protection - Active Directory password filter featuring breached password checking and custom complexity rules
Whaler - Program to reverse Docker images into Dockerfiles
BloodHound - Six Degrees of Domain Admin
PwnedPasswordsDLL - Open source solution to check prospective AD passwords against previously breached passwords