{"id":13845437,"url":"https://github.com/SecuProject/ADenum","last_synced_at":"2025-07-12T02:31:18.201Z","repository":{"id":44556500,"uuid":"299041732","full_name":"SecuProject/ADenum","owner":"SecuProject","description":"AD Enum is a pentesting tool that allows to find misconfiguration through the the protocol LDAP and exploit some of those weaknesses with kerberos.","archived":false,"fork":false,"pushed_at":"2023-07-04T09:00:17.000Z","size":166,"stargazers_count":275,"open_issues_count":5,"forks_count":55,"subscribers_count":7,"default_branch":"master","last_synced_at":"2024-06-06T20:05:22.096Z","etag":null,"topics":["enumeration","kerberos","ldap","pentesting","python"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/SecuProject.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2020-09-27T13:47:04.000Z","updated_at":"2024-05-26T16:14:38.000Z","dependencies_parsed_at":"2022-08-02T20:15:19.166Z","dependency_job_id":"b8020d6a-4feb-4410-a878-f2de6c601694","html_url":"https://github.com/SecuProject/ADenum","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SecuProject%2FADenum","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SecuProject%2FADenum/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SecuProject%2FADenum/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SecuProject%2FADenum/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/SecuProject","download_url":"https://codeload.github.com/SecuProject/ADenum/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":213940211,"owners_count":15660314,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["enumeration","kerberos","ldap","pentesting","python"],"created_at":"2024-08-04T17:03:24.369Z","updated_at":"2024-08-04T17:15:23.135Z","avatar_url":"https://github.com/SecuProject.png","language":"Python","funding_links":[],"categories":["Python"],"sub_categories":[],"readme":"# Active directory enumeration - `ADEnum.py`\n\n**ADEnum.py** is a pentesting tool that allows to find misconfiguration through the protocol LDAP and exploit some of those weaknesses with Kerberos.\n\n```text\n\n   █████╗ ██████╗     ███████╗███╗   ██╗██╗   ██╗███╗   ███╗\n  ██╔══██╗██╔══██╗    ██╔════╝████╗  ██║██║   ██║████╗ ████║\n  ███████║██║  ██║    █████╗  ██╔██╗ ██║██║   ██║██╔████╔██║\n  ██╔══██║██║  ██║    ██╔══╝  ██║╚██╗██║██║   ██║██║╚██╔╝██║\n  ██║  ██║██████╔╝    ███████╗██║ ╚████║╚██████╔╝██║ ╚═╝ ██║\n  ╚═╝  ╚═╝╚═════╝     ╚══════╝╚═╝  ╚═══╝ ╚═════╝ ╚═╝     ╚═╝\n\n\nusage: ADenum.py -d [domain] -u [username] -p [password]\n\nPentest tool that detect misconfig in AD with LDAP\n\noptions:\n  -h, --help          show this help message and exit\n  -d  [domain]        The name of domain (e.g. \"test.local\")\n  -u  [username]      The user name\n  -p  [password]      The user password\n  -ip [ipAddress]     The IP address of the server (e.g. \"1.1.1.1\")\n  -j                  Enable hash cracking (john)\n  -jp [path]          John binary path\n  -w  [wordList]      The path of the wordlist to be used john (Default: /usr/share/seclists/Passwords/Leaked-\n                      Databases/rockyou.txt\n  -v, --version       Show program's version number and exit\n  -s                  Use LDAP with SSL\n  -c, --NPUsersCheck  Check with GetNPUsers.py for ASREP Roastable\n```\n\n## Requirement\n\n- Impacket (\u003chttps://github.com/SecureAuthCorp/impacket\u003e)\n- John (\u003chttps://github.com/openwall/john\u003e)\n- Python 3\n- If you are using **debian** or **ubuntu**:\n\n\t```bash\n\t$ sudo apt-get install libsasl2-dev python-dev libldap2-dev libssl-dev\n\t```\n\n- If you are using  **kali**:\n\n\t```bash\n\t$ sudo apt-get install libsasl2-dev python2-dev libldap2-dev libssl-dev\n\t```\n- pip3:\n\n\t```bash\n\t$ pip3 install -r requirements.txt\n\t```\n\n## Features and Functionality\n\n### LDAP\n\n- Enum Domain Admin users\n- Enum Domain Controllers\n- Enum Domain users with Password Not Expire\n- Enum Domain users with old password\n- Enum Domain users with interesting description\n- Enum Domain users with not the default encryption\n- Enum Domain users with Protecting Privileged Domain Accounts\n- Enum Domain users with not default object Attributes\n\n### Kerberos\n\n- AS-REP Roastable\n- Kerberoastable\n- Password cracking with john  (krb5tgs and krb5asrep)\n\n## Demo\n\n[![asciicast](https://asciinema.org/a/362017.svg)](https://asciinema.org/a/362017?autoplay=1)\n\n## Microsoft Advanced Threat Analytics\n\nATA detects two suspicious events but does **not** trigger an **alert**:\n\n- The connection with the protocol LDAP without SSL\n- The Kerberoastable attack\n\nAs shown in this screenshot:\n\n![image/ATAdetection.png](image/ATAdetection.png)\n\n## Source\n\nDocumentation:\n\n- \u003chttps://labs.f-secure.com/blog/attack-detection-fundamentals-discovery-and-lateral-movement-lab-1/\u003e\n- \u003chttps://theitbros.com/ldap-query-examples-active-directory/\u003e\n- \u003chttps://docs.microsoft.com/en-us/advanced-threat-analytics/what-is-ata\u003e\n\nImpacket:\n\n- \u003chttps://github.com/SecureAuthCorp/impacket/blob/master/examples/GetNPUsers.py\u003e\n- \u003chttps://github.com/SecureAuthCorp/impacket/blob/master/examples/GetUserSPNs.py\u003e\n\n## Legal Disclaimer\n\n```text\nThis project is made for educational and ethical testing purposes only. Usage of this software for attacking targets without prior mutual consent is illegal.\nIt is the end user's responsibility to obey all applicable local, state and federal laws.\nDevelopers assume no liability and are not responsible for any misuse or damage caused by this program.\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FSecuProject%2FADenum","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FSecuProject%2FADenum","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FSecuProject%2FADenum/lists"}