{"id":26119272,"url":"https://github.com/redteampentesting/adauth","last_synced_at":"2025-04-13T10:34:21.351Z","repository":{"id":278411139,"uuid":"935376769","full_name":"RedTeamPentesting/adauth","owner":"RedTeamPentesting","description":"Active Directory Authentication Library","archived":false,"fork":false,"pushed_at":"2025-04-11T14:43:38.000Z","size":87,"stargazers_count":60,"open_issues_count":0,"forks_count":3,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-04-11T14:49:09.661Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/RedTeamPentesting.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-02-19T10:49:51.000Z","updated_at":"2025-04-11T14:37:42.000Z","dependencies_parsed_at":"2025-04-11T14:32:01.960Z","dependency_job_id":"ea54358b-4298-4fc2-9ce1-edb4616a8a7f","html_url":"https://github.com/RedTeamPentesting/adauth","commit_stats":null,"previous_names":["redteampentesting/adauth"],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RedTeamPentesting%2Fadauth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RedTeamPentesting%2Fadauth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RedTeamPentesting%2Fadauth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RedTeamPentesting%2Fadauth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/RedTeamPentesting","download_url":"https://codeload.github.com/RedTeamPentesting/adauth/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248698953,"owners_count":21147563,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-03-10T12:25:52.306Z","updated_at":"2025-04-13T10:34:21.339Z","avatar_url":"https://github.com/RedTeamPentesting.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003ch1 align=\"center\"\u003e\u003cb\u003eadauth\u003c/b\u003e\u003c/h1\u003e\n  \u003cp align=\"center\"\u003e\u003ci\u003eActive Directory Authentication Library\u003c/i\u003e\u003c/p\u003e\n  \u003cp align=\"center\"\u003e\n    \u003ca href=\"https://github.com/RedTeamPentesting/adauth/releases/latest\"\u003e\u003cimg alt=\"Release\" src=\"https://img.shields.io/github/release/RedTeamPentesting/adauth.svg?style=for-the-badge\"\u003e\u003c/a\u003e\n    \u003ca href=\"https://pkg.go.dev/github.com/RedTeamPentesting/adauth\"\u003e\u003cimg alt=\"Go Doc\" src=\"https://img.shields.io/badge/godoc-reference-blue.svg?style=for-the-badge\"\u003e\u003c/a\u003e\n    \u003ca href=\"https://github.com/RedTeamPentesting/adauth/actions?workflow=Check\"\u003e\u003cimg alt=\"GitHub Action: Check\" src=\"https://img.shields.io/github/actions/workflow/status/RedTeamPentesting/adauth/check.yml?branch=main\u0026style=for-the-badge\"\u003e\u003c/a\u003e\n    \u003ca href=\"/LICENSE\"\u003e\u003cimg alt=\"Software License\" src=\"https://img.shields.io/badge/license-MIT-brightgreen.svg?style=for-the-badge\"\u003e\u003c/a\u003e\n    \u003ca href=\"https://goreportcard.com/report/github.com/RedTeamPentesting/adauth\"\u003e\u003cimg alt=\"Go Report Card\" src=\"https://goreportcard.com/badge/github.com/RedTeamPentesting/adauth?style=for-the-badge\"\u003e\u003c/a\u003e\n  \u003c/p\u003e\n\u003c/p\u003e\n\n\n**Warning: The API of this library is not yet stable. Expect breaking changes.**\n\n`adauth` is a Go library for active directory authentication. It can be used to\nquickly set up authentication options:\n\n```go\nvar (\n    ctx = context.Background()\n    authOpts = \u0026adauth.Options{}\n)\n\nauthOpts.RegisterFlags(pflag.CommandLine)\npflag.Parse()\n//     --aes-key hex key       Kerberos AES hex key\n//     --ccache file           Kerberos CCache file name (defaults to $KRB5CCNAME, currently unset)\n//     --dc string             Domain controller\n// -k, --kerberos              Use Kerberos authentication\n// -H, --nt-hash hash          NT hash ('NT', ':NT' or 'LM:NT')\n// -p, --password string       Password\n//     --pfx file              Client certificate and private key as PFX file\n//     --pfx-password string   Password for PFX file\n// -u, --user user@domain      Username ('user@domain', 'domain\\user', 'domain/user' or 'user')\n\n// Credentials for an arbitrary target:\ncreds, target, err := authOpts.WithTarget(ctx, \"smb\", pflag.Arg(0))\nif err != nil { /* error handling */ }\n\n\n// Only credentials are needed, no specific target:\ncreds, err := authOpts.NoTarget()\nif err != nil { /* error handling */ }\n\n// Credentials to authenticate to the corresponding DC:\ncreds, dc, err := authOpts.WithDCTarget(ctx, \"ldap\")\nif err != nil { /* error handling */ }\n```\n\nIt deduces as much information from the parameters as possible. For example,\nKerberos authentication is possible even when specifying the target via IP\naddress if reverse lookups are possible. Similarly, the domain can be omitted\nwhen the target hostname contains the domain.\n\nThe library also contains helper packages for LDAP, SMB and DCERPC, a Kerebros\nPKINIT implementation as well as helpers for creating and writing CCache files\n(see examples).\n\n## Features\n\n* Kerberos\n  * PKINIT\n  * UnPAC-the-Hash\n  * Pass-the-Hash (RC4/NT or AES key)\n  * CCache (containing TGT or ST)\n* NTLM\n  * Pass-the-Hash\n* LDAP\n  * Kerberos, NTLM, Simple Bind\n  * mTLS Authentication / Pass-the-Certificate (LDAPS or LDAP+StartTLS)\n  * Channel Binding (Kerberos and NTLM)\n* SMB\n  * Kerberos, NTLM\n  * Signing and Sealing\n* DCERPC:\n  * Kerberos, NTLM\n  * Raw endpoits (with port mapping)\n  * Named pipes (SMB)\n  * Signing and Sealing\n\n## Caveats\n\n**LDAP:**\n\nThe LDAP helper package does not support authentication using RC4 service\ntickets from `ccache`, since Windows returns unsupported GSSAPI wrap tokens\nduring the SASL handshake when presented with an RC4 service ticket (see\n[github.com/jcmturner/gokrb5/pull/498](https://github.com/jcmturner/gokrb5/pull/498)).\n\nHowever, it should still be possible to request an AES256 service ticket\ninstead, even when an NT hash was used for pre-authentication . Unfortunately,\n[impacket](https://github.com/fortra/impacket) always requests RC4 tickets. This\nbehavior can be changed by adding\n`int(constants.EncryptionTypes.aes256_cts_hmac_sha1_96.value),` as the first\nelement of [this\nlist](https://github.com/fortra/impacket/blob/af91d617c382e1eb132506159debcbc10da7a567/impacket/krb5/kerberosv5.py#L447-L450).\n\nThe LDAP library does not (yet) support LDAP signing, but it supports channel\nbinding for LDAPS and LDAP+StartTLS which is typically sufficient as a\nworkaround unless the server lacks a TLS certificate.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fredteampentesting%2Fadauth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fredteampentesting%2Fadauth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fredteampentesting%2Fadauth/lists"}