LogoAISecKit
  • Search
  • Collection
  • Category
  • Tag
  • Blog
  • Pricing
  • Submit
LogoAISecKit

Newsletter

Join the Community

Subscribe to our newsletter for the latest news and updates

LogoAISecKit

Curated directory of 1700+ AI tools, models, frameworks, MCP servers, and cybersecurity resources

GitHub
Product
  • Search
  • Collection
  • Category
  • Tag
Resources
  • Blog
  • Pricing
  • Submit
Company
  • About Us
  • Privacy Policy
  • Terms of Service
  • Sitemap
Copyright © 2026 All Rights Reserved.
Sponsored Resources
  1. Home
  2. Category
  3. SoaPy
icon of SoaPy

SoaPy

SoaPy is a Proof of Concept tool for conducting offensive interaction with Active Directory Web Services from Linux hosts.

Visit Website
image for SoaPy
Visit Website

Introduction

SoaPy

SoaPy is a Proof of Concept (PoC) tool designed for offensive interactions with Active Directory Web Services (ADWS) from Linux systems. It allows security professionals to perform stealthy enumeration and targeted exploitation on Active Directory environments.

Key Features:
  • Custom Python Implementations: Implements Microsoft protocols like NNS, NMF, and NBFSE for ADWS interaction.
  • Stealthy Enumeration: Conduct reconnaissance over a proxy into internal Active Directory environments.
  • Targeted Exploitation:
    • ServicePrincipalName writing for Kerberoasting.
    • DON’T_REQ_PREAUTH flag manipulation for ASREP-Roasting.
    • Write to msDs-AllowedToActOnBehalfOfOtherIdentity for Resource-Based Constrained Delegation attacks.
Benefits:
  • Flexibility and Control: Offers a range of options for enumerating LDAP objects and writing certain attributes.
  • Comprehensive Tools: Includes commands for user, computer, and group enumeration, along with advanced operations for targeted attacks.
Highlights:
  • Open-source tool hosted on GitHub, enabling contributions and enhancements from the community.
  • Focused on enabling security audits and penetration testing efforts against ADWS.
Back

Information

  • Publisher
    AISecKit
  • Websitegithub.com
  • Published date2025/04/28

Categories

  • Penetration Testing
  • Security Research
  • Exploitation Frameworks

Tags

  • Exploit Development
  • Red Team Testing

More Products

image of Phantom
DevSecOps ToolsPenetration TestingVulnerability Scanners
Visit Website
icon of Phantom

Phantom

A browser extension for SRC vulnerability mining, collecting sensitive information and suspicious clues from web pages.

Security AuditingOpen SourceIncident ResponseVulnerability ScanningAPI Security+1
E
Penetration TestingSecurity Training PlatformsAI Security Monitoring
Visit Website
icon of Exploiting AI

Exploiting AI

An introductory class on understanding AI security risks and mitigation strategies.

Prompt InjectionGenerative AIRed Team TestingData Poisoning
P
Input Validation & FilteringSecurity ResearchPrompt Injection Defense
Visit Website
icon of PINT Benchmark

PINT Benchmark

A benchmark for prompt injection detection systems, providing a neutral way to evaluate their performance.

Prompt InjectionModel RobustnessSecurity Auditing