pentest-active-directory
Assess Active Directory identity attack paths including roasting, relay, and delegation abuse.
About this skill
The `pentest-active-directory` skill is designed to systematically identify and validate privilege escalation and movement paths within an Active Directory environment. It simulates real-world identity-based attacks like Kerberoasting, NTLM relay, and various forms of delegation abuse to uncover security weaknesses. The skill operates under strict ethical guidelines, requiring explicit authorization and adherence to industry standards like PTES, OWASP WSTG, NIST SP 800-115, and MITRE ATT&CK. Its primary use is to generate detailed security findings in a canonical format, complete with reproducible Proof-of-Concept notes, and to map out potential attack chains. It supports a dry-run mode for pre-execution validation and requires explicit `--i-have-authorization` for live execution against targets. The skill outputs deterministic artifacts, including findings and attack path data, which can be consumed by other security tools or reporting mechanisms.
Best use case
This skill is primarily used by cybersecurity professionals, penetration testers, and security auditors during Active Directory vulnerability assessments or red team engagements. It helps to proactively identify critical identity-related weaknesses and potential privilege escalation vectors within an organization's AD infrastructure, enabling them to harden defenses before real attackers exploit them.
Assess Active Directory identity attack paths including roasting, relay, and delegation abuse.
Detailed JSON reports outlining identified Active Directory attack paths, privilege escalation opportunities, and specific security findings with reproducible Proof-of-Concept notes.
Practical example
Example input
Perform an active directory pentest on the 'corp.example.com' domain, using the provided `scope.json` and targeting a specific domain controller `dc01.corp.example.com`. Generate output files in a 'reports' directory.
Example output
The skill would generate `ad-findings.json` detailing vulnerabilities like vulnerable services for Kerberoasting, `ad-attack-paths.json` illustrating potential privilege escalation routes, and `ad-report.json` summarizing the assessment, all within the specified output directory.
When to use this skill
- During an authorized penetration test focused on Active Directory security.
- When conducting a comprehensive security audit of an Active Directory environment.
- To identify and map potential privilege escalation and lateral movement paths within AD.
- As part of a red team exercise to simulate real-world identity attacks against AD.
When not to use this skill
- Without explicit, written authorization from the target Active Directory owner.
- In a production environment without prior testing and a clear understanding of potential impacts.
- For general network reconnaissance unrelated to Active Directory identity attack paths.
- If you lack the necessary legal permissions or ethical considerations for security testing.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/pentest-active-directory/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How pentest-active-directory Compares
| Feature / Agent | pentest-active-directory | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | medium | N/A |
Frequently Asked Questions
What does this skill do?
Assess Active Directory identity attack paths including roasting, relay, and delegation abuse.
How difficult is it to install?
The installation complexity is rated as medium. You can find the installation instructions above.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
AI Agents for Coding
Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.
AI Agents for Startups
Explore AI agent skills for startup validation, product research, growth experiments, documentation, and fast execution with small teams.
AI Agent for Product Research
Browse AI agent skills for product research, competitive analysis, customer discovery, and structured product decision support.
SKILL.md Source
# Pentest Active Directory ## Stage - PTES: 6 - MITRE: TA0006, TA0008 ## Objective Map and validate AD privilege escalation and movement paths. ## Required Workflow 1. Validate scope before any active action and reject out-of-scope targets. 2. Run only authorized checks aligned to PTES, OWASP WSTG, NIST SP 800-115, and MITRE ATT&CK. 3. Write findings in canonical finding_schema format with reproducible PoC notes. 4. Honor dry-run mode and require explicit --i-have-authorization for live execution. 5. Export deterministic artifacts for downstream skill consumption. ## Execution ```bash python skills/pentest-active-directory/scripts/active_directory.py --scope scope.json --target <target> --input <path> --output <path> --format json --dry-run ``` ## Outputs - `ad-findings.json` - `ad-attack-paths.json` - `ad-report.json` ## References - `references/tools.md` - `skills/autonomous-pentester/shared/scope_schema.json` - `skills/autonomous-pentester/shared/finding_schema.json` ## Legal and Ethical Notice ```text WARNING AUTHORIZED USE ONLY This skill executes real security testing tools against live targets. Use only with written authorization. ```
Related Skills
pentest-c2-operator
Set up authorized C2 simulation workflows and measure defensive detection outcomes.
pentest-auth-bypass
Test authentication and session management controls for bypass and account takeover scenarios.
pentest-api-attacker
Test APIs against OWASP API Security Top 10 including discovery, auth abuse, and protocol-specific checks.
nmap-pentest-scans
Plan and orchestrate authorized Nmap host discovery, port and service enumeration, NSE profiling, and reporting artifacts for in-scope targets.
HIPAA Compliance for AI Agents
Generate HIPAA compliance checklists, risk assessments, and audit frameworks for healthcare organizations deploying AI agents.
Data Governance Framework
Assess, score, and remediate your organization's data governance posture across 6 domains.
Cybersecurity Risk Assessment
You are a cybersecurity risk assessment specialist. When the user needs a security audit, threat assessment, or compliance review, follow this framework.
afrexai-cybersecurity-engine
Complete cybersecurity assessment, threat modeling, and hardening system. Use when conducting security audits, threat modeling, penetration testing, incident response, or building security programs from scratch. Works with any stack — zero external dependencies.
Compliance & Audit Readiness Engine
Your AI compliance officer. Guides startups and scale-ups through SOC 2, ISO 27001, GDPR, HIPAA, and PCI DSS — from zero to audit-ready. No consultants needed.
Compliance Audit Generator
Run internal compliance audits against major frameworks without hiring a consultant.
AI Safety Audit
Comprehensive AI safety and alignment audit framework for businesses deploying AI agents. Built around the UK AI Security Institute Alignment Project standards (2026), EU AI Act requirements, and NIST AI RMF.
clickhouse-github-forensics
Query GitHub event data via ClickHouse for supply chain investigations, actor profiling, and anomaly detection. Use when investigating GitHub-based attacks, tracking repository activity, analyzing actor behavior patterns, detecting tag/release tampering, or reconstructing incident timelines from public GitHub data. Triggers on GitHub supply chain attacks, repo compromise investigations, actor attribution, tag poisoning, or "query github events".