View Issue Details

IDProjectCategoryView StatusLast Update
0007937Kali LinuxQueued Tool Additionpublic2022-12-08 11:28
ReporterProcessus Thief Assigned To 
Status acknowledgedResolutionopen 
Summary0007937: HEKATOMB - helps with post-exploitation on Active-Directory environment.

HEKATOMB is a python tool that helps with post-exploitation on Active-Directory environment.

The tool permits to connect to LDAP directory to retrieve all computers and users informations. then it will download all DPAPI blob of all users from all computers.
Finally, it will extract domain controller private key through RPC and uses it to decrypt all credentials.

If you want more info, here is the repo link :

The tool is already referenced on the the GitHub repo of Carlos Polop and on the PayloadsAllTheThings GitHub repo of Swissky.

Steps To Reproduce

For installation, just clone the repo and install requirements :

git clone
pip3 install -r requirements.txt

Additional Information

If you have any questions you can ask me : [email protected]




2022-09-30 13:56

administrator   ~0016862

@kali-team, please could this be packaged up.
@author, If you want to help the packaging process, you can check the documentation here ~

Processus Thief

Processus Thief

2022-10-04 12:23

reporter   ~0016911

@g0tm1k For packaging the tool, you can use the pip integration, it should help :

Processus Thief

Processus Thief

2022-12-08 11:28

reporter   ~0017226

I see that Kali 2022.4 was just released and Hekatomb is not added in it, do I have to do something else ?
Thanks :)

Issue History

Date Modified Username Field Change
2022-09-22 06:41 Processus Thief New Issue
2022-09-30 13:55 g0tmi1k Status new => acknowledged
2022-09-30 13:55 g0tmi1k Category New Tool Requests => Queued Tool Addition
2022-09-30 13:55 g0tmi1k Summary Add HEKATOMB tool to Kali Linux => HEKATOMB - helps with post-exploitation on Active-Directory environment.
2022-09-30 13:56 g0tmi1k Note Added: 0016862
2022-10-04 12:23 Processus Thief Note Added: 0016911
2022-12-08 11:28 Processus Thief Note Added: 0017226