{"id":25436666,"url":"https://github.com/gunzf0x/logonscriptsscanner","last_synced_at":"2026-04-18T17:31:23.311Z","repository":{"id":276915048,"uuid":"930715516","full_name":"gunzf0x/LogonScriptsScanner","owner":"gunzf0x","description":"Tool designed to detect Logon Scripts that could lead to Lateral Windows Movement","archived":false,"fork":false,"pushed_at":"2025-02-11T05:21:58.000Z","size":262,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-02-11T06:23:02.734Z","etag":null,"topics":["bash","bash-script","ethical-hacking","ethical-hacking-tools","logon-script","penetration-testing","pentesting","pentesting-tool","pentesting-tools","red-team","windows","windows-lateral-movement"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/gunzf0x.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-02-11T04:54:24.000Z","updated_at":"2025-02-11T05:24:29.000Z","dependencies_parsed_at":null,"dependency_job_id":"a927caa4-9361-451d-9e92-84100a1811a0","html_url":"https://github.com/gunzf0x/LogonScriptsScanner","commit_stats":null,"previous_names":["gunzf0x/logonscriptsscanner"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gunzf0x%2FLogonScriptsScanner","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gunzf0x%2FLogonScriptsScanner/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gunzf0x%2FLogonScriptsScanner/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gunzf0x%2FLogonScriptsScanner/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/gunzf0x","download_url":"https://codeload.github.com/gunzf0x/LogonScriptsScanner/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254264766,"owners_count":22041794,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bash","bash-script","ethical-hacking","ethical-hacking-tools","logon-script","penetration-testing","pentesting","pentesting-tool","pentesting-tools","red-team","windows","windows-lateral-movement"],"created_at":"2025-02-17T08:21:32.224Z","updated_at":"2026-04-18T17:31:23.305Z","avatar_url":"https://github.com/gunzf0x.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# LogonScriptsScanner\n\nA simple tool to analyze `NETLOGON` share and check if it can be abused to move laterally on Windows machines.\n\n---\n\n## Pre-requisites\n1. We need a valid user of an Active Directory domain and its credentials (password in plain text).\n2. This tools needs 4 other tools to work:\n\n- `bloodyAD`\n- `rpcclient`\n- `smbcacls`\n- `smbclient`\n\nTo install `bloodyAD` just execute in a terminal:\n\n```shell-session\n❯ sudo apt update -y\n❯ sudo apt-get install libkrb5-dev -y\n❯ pip3 install bloodyAD\n```\nor, under your own risk,\n```shell-session\n❯ pip3 install bloodyAD --break-system-packages\n```\n\nTo install `rpcclient`, `smbcacls` and `smbclient` execute in a terminal:\n```shell-session\nsudo apt update -y \u0026\u0026 sudo apt install smbclient -y\n```\n\n## Usage\nUse the credentials of a valid user in the domain to extract info about potential Logon Scripts that could lead to lateral movement:\n```shell-session\n❯ ./LogonScriptScanner.sh \u003cUSER\u003e \u003cPASSWORD\u003e \u003cDOMAIN\u003e \u003cIP\u003e\n```\n\nFor example:\n```shell-session\n❯ ./LogonScriptScanner.sh julio 'SecurePassJul!08' inlanefreight.local 10.129.71.7\n```\n\n![Example 1](images/LogonScriptsScanner_1.png)\n\n![Example 2](images/LogonScriptsScanner_2.png)\n\n\n---\n\n## Disclaimer\nUse this tool for ethical purposes only (:\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgunzf0x%2Flogonscriptsscanner","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgunzf0x%2Flogonscriptsscanner","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgunzf0x%2Flogonscriptsscanner/lists"}