[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-76402":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":15,"subscribersCount":15,"size":15,"stars1d":16,"stars7d":17,"stars30d":18,"stars90d":15,"forks30d":15,"starsTrendScore":19,"compositeScore":20,"rankGlobal":10,"rankLanguage":10,"license":21,"archived":22,"fork":22,"defaultBranch":23,"hasWiki":24,"hasPages":22,"topics":25,"createdAt":10,"pushedAt":10,"updatedAt":38,"readmeContent":39,"aiSummary":40,"trendingCount":15,"starSnapshotCount":15,"syncStatus":41,"lastSyncTime":42,"discoverSource":43},76402,"AdStrike","capture0x\u002FAdStrike","capture0x","AI-powered modular Active Directory red-team framework for authorized penetration testing, AD enumeration, attack-path analysis,   Kerberos\u002FADCS workflows, reporting, operator automation, and MCP server integration.","",null,"Python",266,52,5,0,16,40,221,48,5.17,"MIT License",false,"main",true,[26,27,28,29,30,31,32,33,34,35,36,37],"active-directory","active-directory-exploitation","active-directory-security","ad-agent","ad-attack","ad-attack-paths","adtool","adtoolkit","kerberos","ntlm","redteam-agent","redteam-tools","2026-06-12 02:03:41","\u003Cdiv align=\"center\">\n\n\u003Cimg src=\"\u002Fassets\u002Fscreenshots\u002F22.png\" alt=\"AdStrike banner\" width=\"900\">\n\n\u003Ch1>AdStrike &mdash; \u003Ccode>v5.0 «AdStrike»\u003C\u002Fcode>\u003C\u002Fh1>\n\u003Cp>\u003Cstrong>AI Powered Professional Active Directory Attack Framework\u003C\u002Fstrong>\u003C\u002Fp>\n\n[![Python](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FPython-3.10%2B-blue?style=flat-square&logo=python)](https:\u002F\u002Fpython.org)\n[![Platform](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FPlatform-Kali%20%7C%20Parrot-brightgreen?style=flat-square&logo=linux)](https:\u002F\u002Fwww.kali.org)\n[![Menu](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FMenu-56%20entries-purple?style=flat-square)](modules\u002F)\n[![Phases](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FKill--Chain-8%20Phases-red?style=flat-square)]()\n[![Primitives](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FTradecraft-400%2B%20Primitives-orange?style=flat-square)]()\n[![License](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLicense-GPLv3-yellow?style=flat-square)](LICENSE)\n[![Creator](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FCreator-tmrswrr-cyan?style=flat-square)](https:\u002F\u002Fgithub.com\u002Fcapture0x)\n\n**Authorized use only. Do not run this tool against systems without explicit written permission.**\n\nRelease status: beta\u002Fresearch build. Menu and import health checks pass; individual modules still depend on target state, credentials, network reachability, and installed third-party tools.\n\n\u003Cimg src=\"assets\u002Fscreenshots\u002F1.png\" alt=\"AdStrike main menu\" width=\"900\">\n\n\u003C\u002Fdiv>\n\n---\n\n## Overview\n\nAdStrike is a modular, terminal-based Active Directory attack framework. It helps operators move through discovery, enumeration, exploitation, credential access, lateral movement, persistence, and reporting while keeping session state in one place.\n\nThe framework stores target details, credentials, Kerberos state, findings, executed commands, and output paths in a shared session. Modules can reuse that context instead of forcing the operator to re-enter the same data repeatedly.\n\nCore capabilities:\n\n- 56 interactive menu entries: 50 attack modules, 4 utilities, 2 management functions\n- 9 kill-chain phase groups, from reconnaissance through advanced operations\n- Kerberos-aware workflows for NTLM-disabled and LDAP-signing-enforced environments\n- Smart Analyst for parsing output and ranking next actions\n- Optional AdStrike Agent for AI-assisted planning or tool orchestration\n- Report generation in HTML, Markdown, and JSON\n- Wrappers for common AD tooling such as Impacket, NetExec, Certipy, Kerbrute, BloodHound, PowerView, Rubeus, and related utilities\n\n---\n\n## Screenshots\n\n| AD Enumeration | BloodHound Helper |\n|---|---|\n| ![AD enumeration](assets\u002Fscreenshots\u002F3.png) | ![BloodHound helper](assets\u002Fscreenshots\u002F4.png) |\n\n| AdStrike Agent | Smart Analyst |\n|---|---|\n| ![AdStrike Agent](assets\u002Fscreenshots\u002F5.png) | ![Smart Analyst](assets\u002Fscreenshots\u002F7.png) |\n\n---\n\n## Agent Demo\n\n\u003Cdiv align=\"center\">\n\n\u003Cvideo src=\"https:\u002F\u002Fgithub.com\u002Fuser-attachments\u002Fassets\u002F151e5fb2-3d55-42a4-bd36-1f6b5c0be95b\" controls autoplay loop muted width=\"900\">\u003C\u002Fvideo>\n\nAdStrike Agent in action — AI-assisted planning and full-auto tool orchestration against a live Active Directory target.\u003Cbr>\nThe agent autonomously selects modules, adapts to discovered evidence, and chains attack steps end-to-end.\n\n\u003C\u002Fdiv>\n\n---\n\n## Quick Start\n\n```bash\ngit clone https:\u002F\u002Fgithub.com\u002Fcapture0x\u002FAdStrike.git\ncd AdStrike\nchmod +x install.sh run.sh\nbash install.sh\nbash run.sh\n```\n\nDo not run `install.sh` or `run.sh` with `sudo`. The installer creates repo-local files such as `adrt_venv\u002F`, `.env`, and `output\u002F`; running as root can leave those files root-owned.\n\nIf you already ran it with `sudo`, fix ownership once:\n\n```bash\nsudo chown -R \"$(id -un):$(id -gn)\" .\n```\n\n---\n\n## Requirements\n\n| Item | Requirement |\n|---|---|\n| OS | Kali Linux 2024+ or Parrot OS recommended |\n| Python | 3.10 or higher |\n| Privileges | Normal user for the framework; root only for tools that require packet capture or privileged network actions |\n| Network | Reachability to in-scope AD services, commonly 88, 389, 443, 445, 636, 5985 |\n\nKey external tools:\n\n```text\nimpacket-scripts    nxc \u002F netexec       bloodhound-python    certipy-ad\nevil-winrm          kerbrute            responder            ldap-utils\nhashcat             john                nmap \u002F masscan       krb5-user\ndnstool.py          dig                 ldapsearch\n```\n\nMost dependencies are installed by `install.sh`. Some optional tools are installed or repaired by `scripts\u002Frepair_tools.sh` when possible.\n\n---\n\n## Configuration\n\nThe installer copies `.env.example` to `.env`. Edit `.env` before an engagement:\n\n```env\nDC_IP=10.10.10.10\nDC_FQDN=dc1.corp.local\nDOMAIN=corp.local\nBASE_DN=DC=corp,DC=local\nUSERNAME=user\nPASSWORD=\nNT_HASH=\nUSE_KERBEROS=false\nKRB5_CCACHE=\nATTACKER_IP=10.10.14.5\nATTACKER_IFACE=tun0\nENGAGEMENT_NAME=Corp-Internal-2026\nADSTRIKE_SHOW_SECRETS=false\n```\n\nYou can also enter these values interactively from the Session Manager. The session carries them across modules automatically.\n\nNever commit real engagement data. Keep `.env`, `output\u002F`, ticket files, hashes, dumps, reports, and captured loot private and redacted.\n\nUseful environment flags:\n\n| Variable | Default | Purpose |\n|---|---:|---|\n| `ADSTRIKE_SHOW_SECRETS` | `false` | Mask passwords, hashes, and loot in logs and reports unless explicitly enabled |\n| `ADSTRIKE_NO_ANIMATION` | unset | Disable startup animation for cleaner logs or slow terminals |\n| `ADSTRIKE_PORT_CHECK` | unset | Force quick nmap AD port check during session setup |\n| `TGT_AUTO_RENEW` | `true` | Keep Kerberos renewal behavior enabled where supported |\n| `ADSTRIKE_OPSEC` | `normal` | Agent mode override: `loud`, `normal`, or `stealth` |\n| `ADSTRIKE_BH_HOST` | unset | BloodHound\u002FAgent hostname override |\n| `ADSTRIKE_BH_DOMAIN` | unset | BloodHound\u002FAgent domain override |\n| `ADSTRIKE_BH_IP` | unset | BloodHound\u002FAgent DC IP override |\n| `ANTHROPIC_API_KEY` | unset | Optional Claude backend key for AdStrike Agent |\n\n---\n\n## Usage\n\nStart the interactive menu:\n\n```bash\nbash run.sh\n```\n\nRecommended first-run flow:\n\n```text\n[55] Session Manager  -> configure target and credentials\n[56] Tool Checker     -> verify external tools and module imports\n[10] AD Enumeration   -> collect baseline LDAP\u002FSMB\u002FGPO data\n[52] Smart Analyst    -> parse output and rank next steps\n[54] Generate Report  -> export findings and evidence\n```\n\nDirect module execution:\n\n```bash\npython -m venv venv     \nsource venv\u002Fbin\u002Factivate\npython3 main.py --module 10\npython3 main.py --module 56 --no-banner\npython3 main.py --session output\u002Fsession.json --no-banner\n```\n\nHealth check:\n\n```bash\npython3 -m py_compile main.py\npython3 main.py --check\n```\n\nCurrent local health check:\n\n```text\nMenu numbering is contiguous and unique\nModule health OK: 54\u002F54\n```\n\n---\n\n## Module Map\n\n| Phase | Menu Range | Area |\n|---|---:|---|\n| 0 | 1-2 | Reconnaissance |\n| 1 | 3-9 | Initial access |\n| 2 | 10-16 | Enumeration |\n| 3 | 17-27 | Privilege escalation |\n| 4 | 28-32 | Lateral movement |\n| 5 | 33-36 | Credential access |\n| 6 | 37-42 | Persistence |\n| 7 | 43-46 | Cloud \u002F hybrid |\n| 8 | 47-50 | Advanced operations |\n| Utilities | 51-56 | Agent, Analyst, Kerberos Manager, reporting, sessions, tool checking |\n\n### Reconnaissance\n\n| # | Module | Coverage |\n|---|---|---|\n| 1 | Recon & OSINT | DNS, WHOIS, email harvest, certificate transparency |\n| 2 | Network Discovery | nmap, masscan, nbtscan, netdiscover, IPv6 scanning |\n\n### Initial Access\n\n| # | Module | Coverage |\n|---|---|---|\n| 3 | Initial Access (No Creds) | NTLM capture, relay, ARP, DHCPv6, RID cycling |\n| 4 | CVE \u002F AD Exploits | NoPac, PrintNightmare, Zerologon |\n| 5 | AMSI \u002F Defense Evasion | AMSI bypass, CLM bypass, AppLocker, obfuscation |\n| 6 | EDR \u002F AV Evasion | NanoDump, MockingJay, RWXfinder, BOF, syscalls |\n| 7 | UAC Bypass | fodhelper, eventvwr, CMSTP, token impersonation |\n| 8 | Pre2K & Timeroasting | Pre-Win2K accounts, MS-SNTP hash, MAQ abuse |\n| 9 | WSUS Attack | WSUS HTTP spoofing, pywsus, SYSTEM execution |\n\n### Enumeration\n\n| # | Module | Coverage |\n|---|---|---|\n| 10 | AD Enumeration | LDAP, SMB, GPO, DNS, trusts, SPNs, LAPS, delegation |\n| 11 | PowerView Enumeration | PowerView cmdlet reference and execution |\n| 12 | BloodHound Helper | SOAPHound, RustHound, ADExplorer, Neo4j queries |\n| 13 | File & Share Hunter | Snaffler, SYSVOL, GPP, spider_plus |\n| 14 | NetExec \u002F NXC Suite | SMB, LDAP, MSSQL, WinRM, RDP |\n| 15 | User Hunting | SessionHunter, UserHunter, PSRemoting admin checks |\n| 16 | ADIDNS Abuse | Wildcard DNS, WPAD, record injection, DNSAdmins |\n\n### Privilege Escalation\n\n| # | Module | Coverage |\n|---|---|---|\n| 17 | Local Privilege Escalation | PowerUp, KrbRelayUp, Potato attacks, JEA |\n| 18 | Kerberos Attacks | AS-REP roast, Kerberoast, PtT, OPtH, tickets, PKINIT |\n| 19 | Rubeus Toolkit | TGT, TGS, roasting, PTT, S4U, monitor mode |\n| 20 | Shadow Credentials | msDS-KeyCredentialLink, pywhisker, PKINIT |\n| 21 | RBCD Full Chain | Powermad, S4U2Proxy, altservice, Bronze Bit |\n| 22 | ACL \u002F ACE Abuse | GenericAll, WriteDACL, ForceChangePassword, AddMember |\n| 23 | Certificate Abuse (ADCS) | ESC1-ESC13, Certipy, CertSync, CA enumeration |\n| 24 | RODC Attacks | PRP abuse, Key List Attack, RODC Golden Ticket |\n| 25 | Golden Certificate | CA key theft, UnPAC, PassTheCert |\n| 26 | UnPAC \u002F PassTheCert | Targeted Kerberoast, UnPAC, PassTheCert, SPN-Jack |\n| 27 | JEA Attacks | JEA bypass, PSReadLine history, CLM escape |\n\n### Lateral Movement\n\n| # | Module | Coverage |\n|---|---|---|\n| 28 | Lateral Movement | PSExec, WMIExec, SMBExec, DCOM, Evil-WinRM, WinRS |\n| 29 | Coercion Attacks | PrinterBug, PetitPotam, DFSCoerce, relay paths |\n| 30 | MSSQL Abuse | xp_cmdshell, PowerUpSQL, linked servers, UNC capture |\n| 31 | Password Attacks | Spray, Kerbrute, credential stuffing, relay capture |\n| 32 | SCCM \u002F MECM Abuse | NAA credential theft, relay, client push, AdminService |\n\n### Credential Access\n\n| # | Module | Coverage |\n|---|---|---|\n| 33 | Credential Dumping | LSASS, SAM, NTDS, lsassy, nanodump, pypykatz |\n| 34 | DPAPI & Credential Vault | dploot, SharpDPAPI, LaZagne, KeeThief, browsers |\n| 35 | DCSync \u002F DCShadow | Domain hash dumping and rogue DC operations |\n| 36 | Shadow Copies Abuse | VSS, NTDS.dit, SAM, SYSTEM hive extraction |\n\n### Persistence\n\n| # | Module | Coverage |\n|---|---|---|\n| 37 | Domain Persistence | Golden\u002FSilver tickets, AdminSDHolder, NPPSPY, TTL group membership |\n| 38 | Local Persistence | SharPersist, WMI subscriptions, registry, startup |\n| 39 | GPO Abuse | GPO creation, linking, scheduled task execution, hijack |\n| 40 | DNSAdmins Abuse | DLL injection through DNS service configuration |\n| 41 | Trust Attacks | TrustKey, SID History, PAM trust, cross-forest escalation |\n| 42 | AD Misc Abuse | Backup Operators, Skeleton Key, Exchange RBAC, DSRM |\n\n### Cloud \u002F Hybrid\n\n| # | Module | Coverage |\n|---|---|---|\n| 43 | Azure AD \u002F Entra ID | AADConnect, PTA, PHS, PRT, token theft |\n| 44 | Entra Hybrid Attacks | MSOL DCSync, Device Code flow, PTA injection |\n| 45 | gMSA Attacks | Enumeration, hash extraction, pass-the-hash, shadow credentials |\n| 46 | ADFS & Golden SAML | Token signing certificate, Golden SAML, AADInternals |\n\n### Advanced Operations\n\n| # | Module | Coverage |\n|---|---|---|\n| 47 | Exploit Chains | Pre-built full attack paths |\n| 48 | C2 Integration | Sliver, Havoc, Metasploit, Cobalt Strike payload delivery |\n| 49 | Loot Parser & Analyzer | Parse, deduplicate, score, and export loot |\n| 50 | AD Advanced Playbook | WDAC, MDE\u002FMDI, WMI filters, trusts, deception |\n\n### Utilities\n\n| # | Utility | Purpose |\n|---|---|---|\n| 51 | AdStrike Agent (AI) | Optional AI-assisted planner\u002Forchestrator |\n| 52 | Smart Analyst | Parse output, build an attack plan, optionally execute steps |\n| 53 | Kerberos Manager | TGT, PTT, S4U, ccache, kirbi, krb5.conf management |\n| 54 | Generate Report | HTML, Markdown, and JSON reporting |\n| 55 | Session Manager | Save, load, switch, and clear sessions |\n| 56 | Tool Checker | Verify external tools and module imports |\n\n---\n\n## Output\n\nRuntime files are written under `output\u002F`:\n\n| Path | Purpose |\n|---|---|\n| `output\u002Fsession.json` | Persisted session state |\n| `output\u002Fsession_*.log` | Launcher logs from `run.sh` |\n| `output\u002Fenum\u002F` | LDAP, SMB, GPO, and enumeration artifacts |\n| `output\u002Fbloodhound\u002F` | BloodHound collections and related data |\n| `output\u002Faudit\u002Fcapability_audit.json` | Tool Checker and module health snapshot |\n| `output\u002Fagent_logs\u002F` | AdStrike Agent Markdown\u002FJSON run logs |\n| `output\u002Fagent_runtime\u002F` | Kerberos config, ccache, hashes, and temporary agent artifacts |\n| `output\u002Freports\u002F` | Generated reports |\n\nReview and redact everything in `output\u002F` before sharing.\n\n---\n\n## Automatic Target Discovery\n\nDuring first-run session setup, entering a DC IP triggers a fast discovery pass:\n\n1. LDAP rootDSE query to derive `DOMAIN`, `BASE_DN`, and `DC_FQDN` when available.\n2. NetExec SMB fallback when LDAP does not reveal the domain.\n3. Optional quick nmap check of common AD ports.\n\nForce the port check:\n\n```bash\nADSTRIKE_PORT_CHECK=true bash run.sh\n```\n\nIf a DC FQDN is discovered, AdStrike prints an `\u002Fetc\u002Fhosts` line for environments where DNS resolution is unreliable. If clock skew is detected, it prints a time-sync hint before Kerberos-heavy workflows.\n\n---\n\n## Kerberos and NTLM-Disabled Environments\n\nFor targets where NTLM is disabled or unreliable, use:\n\n```text\n[18] Kerberos Attacks -> [A] NTLM-Disabled Attack Workflow\n```\n\nThis workflow can:\n\n- Generate target-specific `krb5.conf`\n- Add the DC FQDN mapping guidance\n- Request a TGT with Impacket\n- Set `KRB5CCNAME` and `KRB5_CONFIG`\n- Enable Kerberos mode for later modules\n- Print ready-to-use Kerberos commands for NetExec, Impacket, BloodHound, and Evil-WinRM\n\nCommon Kerberos checks:\n\n```bash\ndate\nklist\ncat \"$KRB5_CONFIG\"\necho \"$KRB5CCNAME\"\n```\n\n---\n\n\n## AdStrike Agent\n\nAdStrike Agent is optional. Manual modules do not require AI.\nWant to try just the agent? → **[github.com\u002Fcapture0x\u002FAdAgent](https:\u002F\u002Fgithub.com\u002Fcapture0x\u002FAdAgent)**\n\nSupported backends:\n\n| Backend | Use Case | Requirement |\n|---|---|---|\n| Ollama | Local \u002F private \u002F offline lab usage | `ollama serve`, local model, Python `requests` |\n| Claude | API-backed reasoning | `ANTHROPIC_API_KEY`, internet \u002F API access |\n\nOllama example:\n\n```bash\nollama serve\nollama pull mistral\nbash run.sh\n# choose [51] AdStrike Agent (AI)\n# choose Backend [1] Ollama\n```\n\nClaude example:\n\n```bash\nexport ANTHROPIC_API_KEY=\"sk-ant-...\"\nbash run.sh\n# choose [51] AdStrike Agent (AI)\n# choose Backend [2] Claude\n```\n\nAgent modes:\n\n| Mode | Meaning |\n|---|---|\n| Full Auto | Agent executes tool calls and adapts to evidence |\n| Plan Only | Agent produces a prioritized plan without executing tools |\n\nOPSEC modes:\n\n| Mode | Meaning |\n|---|---|\n| Loud | Fast lab\u002FCTF mode |\n| Normal | Balanced internal pentest mode; default |\n| Stealth | More conservative native-first behavior where possible |\n\n---\n\n## Performance \u002F GPU Acceleration\n\n### Why the Ollama agent may feel slow\n\nThe agent uses a rule engine for most decisions (no LLM call). Rounds that require LLM input call Ollama locally. If Ollama runs on CPU instead of GPU, each call takes 15–30 seconds instead of 2–5 seconds.\n\nVerify which processor Ollama is using:\n\n```bash\nollama ps\n# PROCESSOR column should show \"GPU\", not \"100% CPU\"\n```\n\n---\n\n### Fix: Ollama not detecting the GPU (Kali \u002F systemd)\n\nOn some Kali Linux setups the `ollama` systemd service starts before CUDA libraries are on the library path, so `GPULayers:[]` appears in the logs and inference falls back to CPU.\n\n**Step 1 — add CUDA environment variables to the service:**\n\n```bash\nsudo nano \u002Fetc\u002Fsystemd\u002Fsystem\u002Follama.service\n```\n\nAdd these three lines inside the `[Service]` block:\n\n```ini\nEnvironment=\"CUDA_VISIBLE_DEVICES=0\"\nEnvironment=\"LD_LIBRARY_PATH=\u002Fusr\u002Flocal\u002Flib\u002Follama\u002Fcuda_v12:\u002Fusr\u002Flib\u002Fx86_64-linux-gnu\"\nEnvironment=\"OLLAMA_GPU_OVERHEAD=0\"\n```\n\nFull `[Service]` block example after the edit:\n\n```ini\n[Service]\nExecStart=\u002Fusr\u002Flocal\u002Fbin\u002Follama serve\nUser=ollama\nGroup=ollama\nRestart=always\nRestartSec=3\nEnvironment=\"PATH=...\"\nEnvironment=\"CUDA_VISIBLE_DEVICES=0\"\nEnvironment=\"LD_LIBRARY_PATH=\u002Fusr\u002Flocal\u002Flib\u002Follama\u002Fcuda_v12:\u002Fusr\u002Flib\u002Fx86_64-linux-gnu\"\nEnvironment=\"OLLAMA_GPU_OVERHEAD=0\"\n```\n\n**Step 2 — reload and restart:**\n\n```bash\nsudo systemctl daemon-reload\nsudo systemctl restart ollama\n```\n\n**Step 3 — confirm GPU is in use:**\n\n```bash\nollama ps\n# Expected: PROCESSOR = GPU (or a percentage, not \"100% CPU\")\n```\n\n> **Note:** The CUDA path `\u002Fusr\u002Flocal\u002Flib\u002Follama\u002Fcuda_v12` is created by the official Ollama Linux installer. If you installed Ollama a different way, adjust the path to match where `libcublas.so.12` lives on your system.\n\n---\n\n### Recommended Ollama model for speed vs quality\n\n| Model | VRAM | Speed | Tool-call quality |\n|---|---|---|---|\n| `qwen2.5-coder:7b` | ~5 GB | Medium | Best for AD agent |\n| `llama3.2:3b` | ~2 GB | Fastest | Good for low-VRAM machines |\n| `mistral:latest` | ~4.5 GB | Medium | Decent fallback |\n\nPull a model:\n\n```bash\nollama pull qwen2.5-coder:7b\n```\n\n---\n\n## Repair and Troubleshooting\n\nCheck installed tools and module imports:\n\n```bash\npython3 main.py --module 56 --no-banner\n```\n\nRepair missing tools where possible:\n\n```bash\nbash scripts\u002Frepair_tools.sh --check\nbash scripts\u002Frepair_tools.sh -y\n```\n\nScoped repairs:\n\n```bash\nbash scripts\u002Frepair_tools.sh --no-apt\nbash scripts\u002Frepair_tools.sh --no-pip\nbash scripts\u002Frepair_tools.sh --no-github\n```\n\nIf the virtual environment is missing:\n\n```bash\nbash install.sh\nsource adrt_venv\u002Fbin\u002Factivate\npython3 main.py --check\n```\n\nIf NetExec or Impacket fails, verify versions and rerun the repair script:\n\n```bash\nwhich nxc\nnxc --version\nwhich impacket-secretsdump\nbash scripts\u002Frepair_tools.sh -y\n```\n\nIf reports include sensitive values, confirm redaction is enabled:\n\n```env\nADSTRIKE_SHOW_SECRETS=false\n```\n\nThen review `.env`, `output\u002Fsession.json`, and generated reports manually before sharing.\n\n---\n\n## Documentation\n\nAdditional guide:\n\n- [AdStrike and Agent Guide](docs\u002FADSTRIKE_AND_AGENT_GUIDE.md)\n\nSecurity policy:\n\n- [SECURITY.md](SECURITY.md)\n\nLicense:\n\n- [GPLv3](LICENSE)\n\n---\n\n## Legal Disclaimer\n\nThis software is provided for authorized security testing, red team engagements, and educational purposes only.\n\nUse against systems without explicit written authorization from the system owner is illegal and may violate the Computer Fraud and Abuse Act (CFAA), the Computer Misuse Act (CMA), and equivalent laws in your jurisdiction.\n\nThe author accepts no liability for damage, data loss, service disruption, or legal consequences arising from misuse.\n\n---\n\n## Developer\n\n**tmrswrr** - GitHub: [capture0x](https:\u002F\u002Fgithub.com\u002Fcapture0x)\n\nMaintained for authorized offensive security research, lab validation, and professional red team operations.\n","AdStrike 是一个基于AI的模块化Active Directory红队框架，专为授权渗透测试、AD枚举、攻击路径分析、Kerberos\u002FADCS工作流、报告生成及操作员自动化设计。该项目采用Python编写，支持56个交互式菜单项和9个攻击链阶段，从侦察到高级操作全覆盖，并且能够智能解析输出以推荐下一步行动。它还提供了可选的AdStrike Agent用于AI辅助规划或工具编排。适用于需要对Windows域环境进行安全评估和技术演练的场景，如企业内部安全审计或攻防演练等。",2,"2026-06-11 03:55:03","CREATED_QUERY"]