{"id":13845203,"url":"https://github.com/skelsec/msldap","last_synced_at":"2025-10-22T06:27:32.526Z","repository":{"id":33068413,"uuid":"139137682","full_name":"skelsec/msldap","owner":"skelsec","description":"LDAP library for auditing MS AD","archived":false,"fork":false,"pushed_at":"2025-05-25T21:37:54.000Z","size":658,"stargazers_count":457,"open_issues_count":11,"forks_count":77,"subscribers_count":9,"default_branch":"main","last_synced_at":"2025-09-18T14:41:49.109Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/skelsec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2018-06-29T10:44:00.000Z","updated_at":"2025-08-22T14:13:52.000Z","dependencies_parsed_at":"2024-08-29T07:52:30.615Z","dependency_job_id":"e6b4fa25-6c9e-4d59-9254-1d3f0410d940","html_url":"https://github.com/skelsec/msldap","commit_stats":null,"previous_names":[],"tags_count":22,"template":false,"template_full_name":null,"purl":"pkg:github/skelsec/msldap","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/skelsec%2Fmsldap","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/skelsec%2Fmsldap/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/skelsec%2Fmsldap/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/skelsec%2Fmsldap/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/skelsec","download_url":"https://codeload.github.com/skelsec/msldap/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/skelsec%2Fmsldap/sbom","scorecard":{"id":829355,"data":{"date":"2025-08-11","repo":{"name":"github.com/skelsec/msldap","commit":"84cbdad5ea190b4fbc263883cafb65f63742563f"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.5,"checks":[{"name":"Code-Review","score":3,"reason":"Found 8/22 approved changesets -- score normalized to 3","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":0,"reason":"1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":9,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/python-windows-exe.yml:17","Warn: no topLevel permission defined: .github/workflows/python-windows-exe.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-windows-exe.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/skelsec/msldap/python-windows-exe.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/python-windows-exe.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/skelsec/msldap/python-windows-exe.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-windows-exe.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/skelsec/msldap/python-windows-exe.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/python-windows-exe.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/skelsec/msldap/python-windows-exe.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/python-windows-exe.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/skelsec/msldap/python-windows-exe.yml/main?enable=pin","Info:   0 out of   2 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   3 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 16 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'","Warn: branch protection not enabled for branch '0.3.38'","Warn: branch protection not enabled for branch '0.3.29'","Warn: branch protection not enabled for branch '0.3.28'","Warn: branch protection not enabled for branch '0.3.27'","Warn: branch protection not enabled for branch '0.3.26'","Warn: branch protection not enabled for branch '0.3.22'","Warn: branch protection not enabled for branch '0.3.20'","Warn: branch protection not enabled for branch 'newversion'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}}]},"last_synced_at":"2025-08-23T17:19:15.745Z","repository_id":33068413,"created_at":"2025-08-23T17:19:15.745Z","updated_at":"2025-08-23T17:19:15.745Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279572307,"owners_count":26193206,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-18T02:00:06.492Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-04T17:03:16.092Z","updated_at":"2025-10-22T06:27:32.491Z","avatar_url":"https://github.com/skelsec.png","language":"Python","funding_links":[],"categories":["Python"],"sub_categories":[],"readme":"![Supported Python versions](https://img.shields.io/badge/python-3.6+-blue.svg) [![Documentation Status](https://readthedocs.org/projects/msldap/badge/?version=latest)](https://msldap.readthedocs.io/en/latest/?badge=latest) [![Twitter](https://img.shields.io/twitter/follow/skelsec?label=skelsec\u0026style=social)](https://twitter.com/intent/follow?screen_name=skelsec)\n\n## :triangular_flag_on_post: Sponsors\n\nIf you like this project, consider purchasing licenses of [OctoPwn](https://octopwn.com/), our full pentesting suite that runs in your browser!  \nFor notifications on new builds/releases and other info, hop on to our [Discord](https://discord.gg/PM8utcNxMS)\n\n# msldap\nLDAP library for MS AD\n![Documentation Status](https://user-images.githubusercontent.com/19204702/81515211-3761e880-9333-11ea-837f-bcbe2a67ee48.gif )\n\n## :triangular_flag_on_post: Runs in the browser\n\nThis project, alongside with many other pentester tools runs in the browser with the power of OctoPwn!  \nCheck out the community version at [OctoPwn - Live](https://live.octopwn.com/)\n\n# Documentation\n[Awesome documentation here!](https://msldap.readthedocs.io/en/latest/)\n\n# Features\n - Comes with a built-in console LDAP client\n - All parameters can be conrolled via a conveinent URL (see below)\n - Supports integrated windows authentication (SSPI) both with NTLM and with KERBEROS\n - Supports channel binding (for ntlm and kerberos not SSPI)\n - Supports encryption (for NTLM/KERBEROS/SSPI)\n - Supports LDAPS (TODO: actually verify certificate)\n - Supports SOCKS5 proxy withot the need of extra proxifyer\n - Minimal footprint\n - A lot of pre-built queries for convenient information polling\n - Easy to integrate to your project\n - No testing suite\n\n# Installation\nVia GIT  \n`python3 setup.py install`  \nOR  \n`pip install msldap`\n\n# Prerequisites\n - `asn1crypto` module. Some LDAP queries incorporate ASN1 strucutres to be sent on top of the ASN1 transport XD\n - `asysocks` module. To support socks proxying.\n - `aiocmd` For the interactive client\n - `asciitree` For plotting nice trees in the interactive client\n \n# Usage\nPlease note that this is a library, and was not intended to be used as a command line program.  \nWhit this noted, the projects packs a fully functional LDAP interactive client. When installing the `msldap` module with `setup.py install` a new binary will appear called `msldap` (shocking naming conventions)  \n\n# LDAP connection URL\nThe major change was needed in version 0.2.0 to unify different connection options as one single string, without the need for additional command line switches.  \nThe new connection string is composed in the following manner:  \n`\u003cprotocol\u003e+\u003cauth_method\u003e://\u003cdomain\u003e\\\u003cusername\u003e:\u003cpassword\u003e@\u003cip\u003e:\u003cport\u003e/?\u003cparam\u003e=\u003cvalue\u003e\u0026\u003cparam\u003e=\u003cvalue\u003e\u0026...`  \nDetailed explanation with examples:  \n```\t\n\u003cprotocol\u003e+\u003cauth\u003e://\u003cusername\u003e:\u003cpassword\u003e@\u003cip_or_host\u003e:\u003cport\u003e/\u003ctree\u003e/?\u003cparam\u003e=\u003cvalue\u003e\n\n\n\t\u003cprotocol\u003e sets the ldap protocol following values supported:\n\t\t- ldap\n\t\t- ldaps\n\t\t- gc\n\t\t- gc_ssl\n\t\t\n\t\u003cauth\u003e can be omitted if plaintext authentication is to be performed (in that case it default to ntlm-password), otherwise:\n\t\t- ntlm-password\n\t\t- ntlm-nt\n\t\t- kerberos-password (dc option param must be used)\n\t\t- kerberos-rc4 / kerberos-nt (dc option param must be used)\n\t\t- kerberos-aes (dc option param must be used)\n\t\t- kerberos-keytab (dc option param must be used)\n\t\t- kerberos-ccache (dc option param must be used)\n\t\t- kerberos-pfx (dc option param must be used)\n\t\t- kerberos-pem (dc option param must be used)\n\t\t- kerberos-certstore (dc option param must be used, windows only)\n\t\t- sspi-ntlm (windows only!)\n\t\t- sspi-kerberos (windows only!)\n\t\t- anonymous\n\t\t- plain\n\t\t- simple\n\t\t- sicily (same format as ntlm-nt but using the SICILY authentication)\n\t\t\n\t\u003ctree\u003e:\n\t\tOPTIONAL. Specifies the root tree of all queries\n\t\t\n\t\u003cparam\u003e can be:\n\t\t- timeout : connction timeout in seconds\n\t\t- proxytype: currently only socks5 proxy is supported\n\t\t- proxyhost: Ip or hostname of the proxy server\n\t\t- proxyport: port of the proxy server\n\t\t- proxytimeout: timeout ins ecodns for the proxy connection\n\t\t- dc: the IP address of the domain controller, MUST be used for kerberos authentication\n\n\tExamples:\n\tldap://10.10.10.2 (anonymous bind)\n\tldaps://test.corp (anonymous bind)\n\tldap+sspi-ntlm://test.corp\n\tldap+sspi-kerberos://test.corp\n\tldap://TEST\\\\victim:\u003cpassword\u003e@10.10.10.2 (defaults to SASL GSSAPI NTLM)\n\tldap+simple://TEST\\\\victim:\u003cpassword\u003e@10.10.10.2 (SASL SIMPLE auth)\n\tldap+plain://TEST\\\\victim:\u003cpassword\u003e@10.10.10.2 (SASL SIMPLE auth)\n\tldap+ntlm-password://TEST\\\\victim:\u003cpassword\u003e@10.10.10.2\n\tldap+ntlm-nt://TEST\\\\victim:\u003cnthash\u003e@10.10.10.2\n\tldap+kerberos-password://TEST\\\\victim:\u003cpassword\u003e@\u003chostname\u003e/?dc=10.10.10.2\n\tldap+kerberos-rc4://TEST\\\\victim:\u003crc4key\u003e@\u003chostname\u003e/?dc=10.10.10.2\n\tldap+kerberos-aes://TEST\\\\victim:\u003caes\u003e@\u003chostname\u003e/?dc=10.10.10.2\n\tldap://TEST\\\\victim:password@10.10.10.2/DC=test,DC=corp/\n\tldap://TEST\\\\victim:password@10.10.10.2/DC=test,DC=corp/?timeout=99\u0026proxytype=socks5\u0026proxyhost=127.0.0.1\u0026proxyport=1080\u0026proxytimeout=44\n```\n\n# Kudos\nCertificate services functionality was based on [certi](https://github.com/zer1t0/certi) created by @zer1t0\nAC-RN\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fskelsec%2Fmsldap","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fskelsec%2Fmsldap","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fskelsec%2Fmsldap/lists"}