{"id":17994921,"url":"https://github.com/p0dalirius/ldapmonitor","last_synced_at":"2025-04-12T15:36:37.257Z","repository":{"id":37943269,"uuid":"418137974","full_name":"p0dalirius/LDAPmonitor","owner":"p0dalirius","description":"Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration! ","archived":false,"fork":false,"pushed_at":"2024-06-18T11:33:55.000Z","size":4811,"stargazers_count":862,"open_issues_count":4,"forks_count":71,"subscribers_count":17,"default_branch":"master","last_synced_at":"2025-04-03T15:09:26.597Z","etag":null,"topics":["active-directory","csharp","ldap","monitor","pentest","powershell","python","tool"],"latest_commit_sha":null,"homepage":"https://podalirius.net/","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/p0dalirius.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"p0dalirius","patreon":"Podalirius"}},"created_at":"2021-10-17T13:19:57.000Z","updated_at":"2025-04-03T00:43:07.000Z","dependencies_parsed_at":"2023-11-28T14:30:07.684Z","dependency_job_id":"67ed2a42-da11-4d13-9bfa-79f8669ab815","html_url":"https://github.com/p0dalirius/LDAPmonitor","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/p0dalirius%2FLDAPmonitor","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/p0dalirius%2FLDAPmonitor/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/p0dalirius%2FLDAPmonitor/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/p0dalirius%2FLDAPmonitor/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/p0dalirius","download_url":"https://codeload.github.com/p0dalirius/LDAPmonitor/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248590380,"owners_count":21129802,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["active-directory","csharp","ldap","monitor","pentest","powershell","python","tool"],"created_at":"2024-10-29T20:17:11.987Z","updated_at":"2025-04-12T15:36:37.230Z","avatar_url":"https://github.com/p0dalirius.png","language":"C#","readme":"![](./.github/banner.png)\n\n\u003cp align=\"center\"\u003e\n    Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration!\n    \u003cbr\u003e\n    \u003cimg alt=\"GitHub downloads\" src=\"https://img.shields.io/github/downloads/p0dalirius/LDAPmonitor/total\"\u003e\n    \u003cimg alt=\"GitHub release (latest by date)\" src=\"https://img.shields.io/github/v/release/p0dalirius/LDAPmonitor\"\u003e\n    \u003ca href=\"https://twitter.com/intent/follow?screen_name=podalirius_\" title=\"Follow\"\u003e\u003cimg src=\"https://img.shields.io/twitter/follow/podalirius_?label=Podalirius\u0026style=social\"\u003e\u003c/a\u003e\n    \u003ca href=\"https://www.youtube.com/c/Podalirius_?sub_confirmation=1\" title=\"Subscribe\"\u003e\u003cimg alt=\"YouTube Channel Subscribers\" src=\"https://img.shields.io/youtube/channel/subscribers/UCF_x5O7CSfr82AfNVTKOv_A?style=social\"\u003e\u003c/a\u003e\n    \u003cbr\u003e\n\u003c/p\u003e\n\nWith this tool you can quickly see if your attack worked and if it changed LDAP attributes of the target object.\n\n![](./python/imgs/example.png)\n\n## Features\n\n| Feature | [Python (.py)](./python/) | [CSharp (.exe)](./csharp/) | [Powershell (.ps1)](./powershell/) |\n|---------|--------|--------|------------|\n| LDAPS support                                    | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |\n| Random delay in seconds between queries          | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |\n| Custom delay in seconds between queries          | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |\n| Save output to logfile                           | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |\n| Colored or not colored output with `--no-colors` | :heavy_check_mark: | :x:                | :x:                |\n| Custom page size for paged queries               | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |\n| Authenticate with user and password              | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |\n| Authenticate as current shell user               | :x:                | :heavy_check_mark: | :heavy_check_mark: |\n| Authenticate with LM:NT hashes                   | :heavy_check_mark: | :x:                | :x:                |\n| Authenticate with kerberos tickets               | :heavy_check_mark: | :x:                | :x:                |\n| Option to ignore user logon events               | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |\n| Custom search base                               | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |\n| Iterate over all naming contexts                 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |\n\n## Typical use cases\n\nHere is a few use cases where this tool can be useful:\n\n - Detect account lockout in real time\n   ![](./.github/lockout.png)\n\n - Check if your privilege escalation worked (with ntlmrelay's `--escalate-user` option)\n   ![](./.github/)\n\n - Detect when users are login in to know when to start a network poisoning.\n   ![](./.github/user_login.png)\n \n## Cross platform !\n\n### [In Python (.py)](./python/)\n\n![](./python/imgs/example.png)\n\n### [In CSharp (.exe)](./csharp/)\n\n![](./csharp/imgs/example.png)\n\n### [In Powershell (.ps1)](./powershell/)\n\n![](./powershell/imgs/example.png)\n\n## Demonstration\n\nhttps://user-images.githubusercontent.com/79218792/136900209-d2156d4c-d83d-4227-b51e-999ec99b2314.mp4\n\n## Limitations\n\nLDAP paged queries returns **pageSize** results per page, and it takes approximately 1 second to query a page. Therefore your monitoring refresh rate is **(number of LDAP objects // pageSize)** seconds. On most domain controllers **pageSize = 5000**.\n\n\n## Contributing\n\nPull requests are welcome. Feel free to open an issue if you want to add other features.\n","funding_links":["https://github.com/sponsors/p0dalirius","https://patreon.com/Podalirius"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fp0dalirius%2Fldapmonitor","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fp0dalirius%2Fldapmonitor","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fp0dalirius%2Fldapmonitor/lists"}