Skip to main content
Vol. I · No. 1

The Identity at the Core

The Definitive Chronicle of Identity & Access Management

Breach: BREACH: Major healthcare provider confirms 2.3M patient records exposed via misconfigured SCIM endpointVulnerability: CVE-2026-31847: Critical RCE in FortiAuthenticator — CVSS 9.8 — Patch immediatelyBreach: BREACH: European fintech platform leaks OAuth tokens affecting 890K usersAdvisory: ADVISORY: CISA warns of active exploitation of SAML implementation flaws in enterprise SSO productsBreach: BREACH: Major healthcare provider confirms 2.3M patient records exposed via misconfigured SCIM endpointVulnerability: CVE-2026-31847: Critical RCE in FortiAuthenticator — CVSS 9.8 — Patch immediatelyBreach: BREACH: European fintech platform leaks OAuth tokens affecting 890K usersAdvisory: ADVISORY: CISA warns of active exploitation of SAML implementation flaws in enterprise SSO products

BREACH: Major healthcare provider confirms 2.3M patient records exposed via misconfigured SCIM endpoint

CVE-2026-31847: Critical RCE in FortiAuthenticator — CVSS 9.8 — Patch immediately

BREACH: European fintech platform leaks OAuth tokens affecting 890K users

IAM Toolkit

Battle-tested scripts, analyzers, and utilities built by Paulo for identity professionals

15
Tools Available
4,200+
Downloads
$2,840
Donations Received

♥ Support Identity at the Core

These tools are free to download. If they save you time, consider supporting the project so I can keep building and sharing.

Filter:
Featured Tool
PowerShellNew v2.1

AD Service Account Auditor

Comprehensive Active Directory service account discovery, classification, and hygiene reporting. Scans your entire AD forest, identifies stale/orphaned service accounts, maps dependencies, and generates actionable cleanup reports with risk scoring.

1,247 downloads4.9/5 ratingv2.1 · Updated Apr 2026
Download (Donate $10+)Download
# AD Service Account Auditor v2.1
# Identity at the Core Toolkit

Import-Module ActiveDirectory

function Get-StaleServiceAccounts {
  param(
    [int]$DaysInactive = 90,
    [string]$SearchBase,
    [switch]$IncludeDisabled
  )

  $cutoff = (Get-Date).AddDays(-$DaysInactive)

  # Discover all service accounts
  $svcAccounts = Get-ADUser -Filter {
    ServicePrincipalName -ne "$null"
  } -Properties LastLogonDate,
    PasswordLastSet, SPNs, Description

  # Risk scoring algorithm
  $svcAccounts | ForEach-Object {
    $risk = Calculate-RiskScore $_
    $_ | Add-Member RiskScore $risk
  }
}
Python

SCIM Endpoint Tester

Automated SCIM 2.0 compliance testing against any identity provider endpoint. Tests CRUD operations, filtering, pagination, and error handling.

623v1.3
Download
PowerShell

Entra ID Conditional Access Analyzer

Exports all Conditional Access policies, detects gaps, identifies conflicting rules, and generates a coverage matrix report.

891v2.0
Download
PythonNew

OAuth Token Inspector

Decode, validate, and analyze JWT/OAuth tokens. Checks signature, expiration, claims, and identifies misconfigurations in token issuance.

312v1.0
Download
Bash

SAML Assertion Debugger

Parse, decode, and validate SAML assertions and responses. Highlights common misconfigurations in NameID, AudienceRestriction, and signature validation.

445v1.5
Download
PowerShell

Group Policy Access Reporter

Maps AD group memberships to application access, generating a complete "who has access to what" report with nested group resolution.

534v1.8
Download
Python

Certificate Expiry Monitor

Scans your infrastructure for SSL/TLS and authentication certificates approaching expiry. Supports LDAPS, SAML signing certs, and mTLS endpoints.

278v1.2
Download

Need a Specific Tool?

Suggest a tool and if enough people request it, I'll build it