{"id":13845688,"url":"https://github.com/the-useless-one/pywerview","last_synced_at":"2026-03-10T12:31:10.259Z","repository":{"id":9601884,"uuid":"62722796","full_name":"the-useless-one/pywerview","owner":"the-useless-one","description":"A (partial) Python rewriting of PowerSploit's PowerView","archived":false,"fork":false,"pushed_at":"2026-03-02T14:15:34.000Z","size":611,"stargazers_count":1100,"open_issues_count":0,"forks_count":126,"subscribers_count":17,"default_branch":"master","last_synced_at":"2026-03-02T17:47:59.562Z","etag":null,"topics":["active-directory","linux","pentest","python","reconnaissance"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/the-useless-one.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2016-07-06T13:25:09.000Z","updated_at":"2026-03-01T18:21:10.000Z","dependencies_parsed_at":"2023-02-14T18:31:44.575Z","dependency_job_id":"803fd934-6b61-4d6c-a957-39d3b76afa62","html_url":"https://github.com/the-useless-one/pywerview","commit_stats":{"total_commits":376,"total_committers":12,"mean_commits":"31.333333333333332","dds":0.6037234042553192,"last_synced_commit":"745564a3fb5ae97a8336720a3133207305aac358"},"previous_names":[],"tags_count":20,"template":false,"template_full_name":null,"purl":"pkg:github/the-useless-one/pywerview","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/the-useless-one%2Fpywerview","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/the-useless-one%2Fpywerview/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/the-useless-one%2Fpywerview/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/the-useless-one%2Fpywerview/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/the-useless-one","download_url":"https://codeload.github.com/the-useless-one/pywerview/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/the-useless-one%2Fpywerview/sbom","scorecard":{"id":877306,"data":{"date":"2025-08-11","repo":{"name":"github.com/the-useless-one/pywerview","commit":"ea27159d2e97af11bb155d1d7a5074fdb3317ba3"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.8,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":0,"reason":"Found 1/28 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: GNU General Public License v3.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating ubuntu:jammy to ubuntu:jammy@sha256:1aa979d85661c488ce030ac292876cf6ed04535d3a237e49f61542d8e5de5ae0","Warn: pipCommand not pinned by hash: Dockerfile:8","Info: 0 out of 1 containerImage dependencies pinned","Info: 0 out of 1 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 3 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-24T06:32:36.813Z","repository_id":9601884,"created_at":"2025-08-24T06:32:36.814Z","updated_at":"2025-08-24T06:32:36.814Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30333431,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-10T05:25:20.737Z","status":"ssl_error","status_checked_at":"2026-03-10T05:25:17.430Z","response_time":106,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["active-directory","linux","pentest","python","reconnaissance"],"created_at":"2024-08-04T17:03:33.159Z","updated_at":"2026-03-10T12:31:09.884Z","avatar_url":"https://github.com/the-useless-one.png","language":"Python","readme":"# PywerView\n ____ __ ___\n | _ \\ _ ___ _____ _ _\\ \\ / (_) _____ __\n | |_) | | | \\ \\ /\\ / / _ \\ '__\\ \\ / /| |/ _ \\ \\ /\\ / /\n | __/| |_| |\\ V V / __/ | \\ V / | | __/\\ V V /\n |_| \\__, | \\_/\\_/ \\___|_| \\_/ |_|\\___| \\_/\\_/\n |___/\n\nA (partial) Python rewriting of [PowerSploit](https://github.com/PowerShellMafia/PowerSploit)'s\n[PowerView](https://github.com/PowerShellMafia/PowerSploit/tree/master/Recon).\n\nFork me on [GitHub](https://github.com/the-useless-one/pywerview).\n\n[![License](https://img.shields.io/github/license/the-useless-one/pywerview)](https://github.com/the-useless-one/pywerview/blob/master/LICENSE)\n![Python versions](https://img.shields.io/pypi/pyversions/pywerview)\n[![GitHub release](https://img.shields.io/github/v/release/the-useless-one/pywerview)](https://github.com/the-useless-one/pywerview/releases/latest)\n[![PyPI version](https://img.shields.io/pypi/v/pywerview)](https://pypi.org/project/pywerview/)\n\n## HISTORY\n\nAs a pentester, I love using PowerView during my assignments. It makes it so\neasy to find vulnerable machines, or list what domain users were added to the\nlocal Administrators group of a machine, and much more.\n\nHowever, running PowerView on a computer which is not connected to the domain\nis a pain: I always find myself using [mimikatz](https://github.com/gentilkiwi/mimikatz/)'s\n`sekurlsa::pth` to run a Powershell prompt with stolen domain credentials, and\nthat's not easy to script. Plus, I'm a Linux guy and I've always found it a\nshame that there were no complete Windows/Active Directory enumeration tool on\nLinux.\n\nThat's why I decided to rewrite some of PowerView's functionalities in Python,\nusing the wonderful [impacket](https://github.com/SecureAuthCorp/impacket)\nlibrary.\n\n*Update:* I haven't tested the last version of PowerView yet, which can run\nfrom a machine not connected to a domain. I don't know if it works correctly\nunder Linux using Powershell. If anyone has had any experience with this at all,\nyou can contact me, I'm really interested. We'll see if pywerview has become\nobsoleted ;) but I think I'll continue working on it eitherway: I'd still\nrather use Python than Powershell on Linux, and I'm learning a lot! Plus, it\nmay integrated in existing Linux tools written in Python. It's still great news\nthat PowerView now supports machines not connected to the domain!\n\n## DISCLAIMER\n\nThis tool is far from complete (as you'll see in the [TODO](#todo) section)! I\nstill have a lot more awesome PowerView functionalities to implement (the user\nhunting functions, the GPO functions, the local process enumeration, etc.),\nbut I still think it can be useful as is.\n\nIt's also (very) possible that there are (many) bugs in the code: I've only\ntested the simplest test cases. If you use this tool during an assignment and\nyou get an error, please, open an issue with the error and the conditions that\ntriggered this error.\n\nAlso, blah blah blah, don't use it for evil purposes.\n\n## REQUIREMENTS\n\n* Python 3.6\n* `impacket` \u003e= 0.13.0\n* `ldap3-bleeding-edge`\n* `pycryptodomex` (or `pycryptodome`)\n* (if you want the kerberos support) `gssapi` (Which requires `libkrb5-dev`)\n\n## FUNCTIONALITIES\n\nIf you like living on the bleeding edge, check out the\n[development branch](https://github.com/the-useless-one/pywerview/tree/develop).\n\nHere's the list of available commands:\n\n $ ./pywerview.py --help\n usage: pywerview.py [-h]\n {get-adobject,get-objectowner,get-netgmsa,get-netsmsa,get-objectacl,get-netuser,get-netgroup,get-netcomputer,get-netdomaincontroller,get-netfileserver,get-dfsshare,get-netou,get-netsite,get-netsubnet,get-netdomaintrust,get-netgpo,get-netpso,get-domainpolicy,get-gpttmpl,get-netgpogroup,find-gpocomputeradmin,find-gpolocation,get-netgroupmember,get-netsession,get-localdisks,get-netdomain,get-netshare,get-netloggedon,get-netlocalgroup,invoke-checklocaladminaccess,get-netprocess,get-userevent,invoke-userhunter,invoke-processhunter,invoke-eventhunter}\n ...\n\n Rewriting of some PowerView's functionalities in Python\n\n options:\n -h, --help show this help message and exit\n\n Subcommands:\n Available subcommands\n\n {get-adobject,get-objectowner,get-netgmsa,get-netsmsa,get-objectacl,get-netuser,get-netgroup,get-netcomputer,get-netdomaincontroller,get-netfileserver,get-dfsshare,get-netou,get-netsite,get-netsubnet,get-netdomaintrust,get-netgpo,get-netpso,get-domainpolicy,get-gpttmpl,get-netgpogroup,find-gpocomputeradmin,find-gpolocation,get-netgroupmember,get-netsession,get-localdisks,get-netdomain,get-netshare,get-netloggedon,get-netlocalgroup,invoke-checklocaladminaccess,get-netprocess,get-userevent,invoke-userhunter,invoke-processhunter,invoke-eventhunter}\n get-adobject Takes a domain SID, samAccountName or name, and return the associated object\n get-objectowner Takes a domain SID, samAccountName or name, and return the associated object owner\n get-netgmsa Returns a list of all the gMSA of the specified domain. To retrieve passwords, you need a privileged account and a TLS connection to the LDAP server (use the --tls switch).\n get-netsmsa Returns a list of all the sMSA of the specified domain.\n get-objectacl Takes a domain SID, samAccountName or name, and return the ACL of the associated object\n get-netuser Queries information about a domain user\n get-netgroup Get a list of all current domain groups, or a list of groups a domain user is member of\n get-netcomputer Queries informations about domain computers\n get-netdomaincontroller\n Get a list of domain controllers for the given domain\n get-netfileserver Return a list of file servers, extracted from the domain users' homeDirectory, scriptPath, and profilePath fields\n get-dfsshare Return a list of all fault tolerant distributed file systems for a given domain\n get-netou Get a list of all current OUs in the domain\n get-netsite Get a list of all current sites in the domain\n get-netsubnet Get a list of all current subnets in the domain\n get-netdomaintrust Returns a list of all the trusts of the specified domain\n get-netgpo Get a list of all current GPOs in the domain\n get-netpso Get a list of all current PSOs in the domain\n get-domainpolicy Returns the default domain or DC policy for the queried domain or DC\n get-gpttmpl Helper to parse a GptTmpl.inf policy file path into a custom object\n get-netgpogroup Parses all GPOs in the domain that set \"Restricted Group\" or \"Groups.xml\"\n find-gpocomputeradmin\n Takes a computer (or OU) and determine who has administrative access to it via GPO\n find-gpolocation Takes a username or a group name and determine the computers it has administrative access to via GPO\n get-netgroupmember Return a list of members of a domain group\n get-netsession Queries a host to return a list of active sessions on the host (you can use local credentials instead of domain credentials)\n get-localdisks Queries a host to return a list of active disks on the host (you can use local credentials instead of domain credentials)\n get-netdomain Queries a host for available domains\n get-netshare Queries a host to return a list of available shares on the host (you can use local credentials instead of domain credentials)\n get-netloggedon This function will execute the NetWkstaUserEnum RPC call to query a given host for actively logged on users\n get-netlocalgroup Gets a list of members of a local group on a machine, or returns every local group. You can use local credentials instead of domain credentials, however, domain credentials are needed\n to resolve domain SIDs.\n invoke-checklocaladminaccess\n Checks if the given user has local admin access on the given host\n get-netprocess This function will execute the 'Select * from Win32_Process' WMI query to a given host for a list of executed process\n get-userevent This function will execute the 'SELECT * from Win32_NTLogEvent' WMI query to a given host for a list of executed process\n invoke-userhunter Finds which machines domain users are logged into\n invoke-processhunter\n Searches machines for processes with specific name, or ran by specific users\n invoke-eventhunter Searches machines for events with specific name, or ran by specific users\n\nTake a look at the [wiki](https://github.com/the-useless-one/pywerview/wiki) to\nsee a more detailed usage of every command.\n\n*Attention:* in every command, the used domain name must be the post-Win2k UPN,\nand not the Win2k compatible name.\n\nFor example, my domain name is `uselessdomain.local`. The Win2K compatible name\nis `USELESSDOMAIN`. In every command, I must use __`uselessdomain.local`__ as\nan argument, and __not__ `USELESSDOMAIN`.\n\n## GLOBAL ARGUMENTS\n\n### Logging\n\nYou can provide a logging level to `pywerview` modules by using `-l` or `--logging-level` options. Supported levels are:\n\n* `CRITICAL`: Only critical errors are displayed **(default)**\n* `WARNING` Warnings are displayed, along with citical errors\n* `DEBUG`: Debug level (caution: **very** verbose)\n* `ULTRA`: Extreme debugging level (caution: **very very** verbose)\n\n(level names are case insensitive)\n\n### Kerberos authentication\n\n⚠️ If you want the kerberos support, you need to run `pip install pywerview[kerberos]` or `pip install \".[kerberos]\"` ⚠️\n\nKerberos authentication is now (partially) supported, which means you can\npass the ticket and other stuff. To authenticate via Kerberos:\n\n1. Point the `KRB5CCNAME` environment variable to your cache credential file.\n2. Use the `-k` option in your function call, or the `do_kerberos` in your\n library call.\n\n```console\n$ klist stormtroopers.ccache\nTicket cache: FILE:stormtroopers.ccache\nDefault principal: stormtroopers@CONTOSO.COM\n\nValid starting Expires Service principal\n10/03/2022 16:46:45 11/03/2022 02:46:45 ldap/srv-ad.contoso.com@CONTOSO.COM\n\trenew until 11/03/2022 16:43:17\n$ KRB5CCNAME=stormtroopers.ccache python3 pywerview.py get-netcomputer -t srv-ad.contoso.com -u stormtroopers -k \ndnshostname: centos.contoso.com \n\ndnshostname: debian.contoso.com \n\ndnshostname: Windows7.contoso.com \n\ndnshostname: Windows10.contoso.com \n\ndnshostname: SRV-MAIL.contoso.com \n\ndnshostname: SRV-AD.contoso.com \n```\n\nIf your cache credential file contains a corresponding TGS, or a TGT for your\ncalling user, Kerberos authentication will be used.\n\n__SPN patching is partial__. Right now, we're in a mixed configuration where we\nuse `ldap3` for LDAP commands and `impacket` for the other protocols (SMB,\nRPC). That is because `impacket`'s LDAP implementation has several problems,\nsuch as mismanagement of non-ASCII characters (which is problematic for us\nbaguette-eaters).\n\n`ldap3` uses `gssapi` to authenticate with Kerberos, and `gssapi` needs the\nfull hostname in the SPN of a ticket, otherwise it throws an error. It would\nbe possible to patch an SPN with an incomplete hostname, however it's not done\nfor now.\n\nFor any functions that only rely on `impacket` (SMB or RPC functions), you can\nuse tickets with SPNs with an incomplete hostname. In the following example, we\nuse an LDAP ticket with an incomplete hostname for an SMB function, without any\ntrouble. You just have to make sure that the `--computername` argument matches\nthis incomplete hostname in the SPN:\n\n```console\n$ klist skywalker.ccache\nTicket cache: FILE:skywalker.ccache\nDefault principal: skywalker@CONTOSO.COM\n\nValid starting Expires Service principal\n13/04/2022 14:26:59 14/04/2022 00:26:58 ldap/srv-ad@CONTOSO.COM\n\trenew until 14/04/2022 14:23:29\n$ KRB5CCNAME=skywalker.ccache python3 pywerview.py get-localdisks --computername srv-ad -u skywalker -k \ndisk: A: \n\ndisk: C: \n\ndisk: D:\n```\n\nTo recap:\n\n| SPN in the ticket | Can be used with LDAP functions | Can be used with SMB/RPC functions |\n| :-----------------------------------: | :-----------------------------: | :--------------------------------: |\n| `ldap/srv-ad.contoso.com@CONTOSO.COM` | ✔️ | ✔️ |\n| `cifs/srv-ad.contoso.com@CONTOSO.COM` | ✔️ | ✔️ |\n| `ldap/srv-ad@CONTOSO.COM` | ❌ | ✔️ |\n\n*NOTE:* The same limitation exists for TGT in your cache credential file: `krbtgt/srv-ad.contoso.com@CONTOSO.COM` will work \nbut not `krbtgt/srv-ad@CONTOSO.COM`.\n\n### LDAP SChannel authentication\n\nSChannel authentication is supported for a subset of the submodules. Functions that support SChannel authentication are:\n\n* get-adobject\n* get-objectowner\n* get-adserviceaccount\n* get-objectacl\n* get-netuser\n* get-netgroup\n* get-netcomputer\n* get-netdomaincontroller\n* get-netfileserver\n* get-netou\n* get-netsite\n* get-netsubnet\n* get-netdomaintrust\n* get-netpso\n* get-netgpo\n* get-netgroupmember\n\nTo authenticate via SChannel:\n\n1. Retrieve the certificate and the key with your favorite tool ([ntlmrelayx.py](https://github.com/fortra/impacket), [certipy](https://github.com/ly4k/Certipy),...)\n2. `pywerview` needs a certificate file and a key file, so you need to extract them from the `.pfx`.\n3. Use `--cert` and `--key` as in the following example:\n\n```console\n$ python3 pywerview.py get-netuser -w contoso.com --dc-ip 172.16.0.55 --cert stormtroopers.crt --key stormtroopers.key --username administrator --attributes distinguishedname useraccountcontrol --tls\ndistinguishedname: CN=Administrator,CN=Users,DC=contoso,DC=com\nuseraccountcontrol: NORMAL_ACCOUNT\n\n```\n\nIf you don't specify the `--tls` flag when using certificate authentication, `pywerview` will try to use StartTLS and an `EXTERNAL SASL` bind \nas described in the [Microsoft documentation](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/8e73932f-70cf-46d6-88b1-8d9f86235e81)\n\n### TLS connection\n\nYou can force a connection to the LDAPS port by using the `--tls` switch. It\ncan be necessary with some functions, for example when retrieving gMSA\npasswords with `get-adserviceaccount`:\n\n```console\n$ python3 pywerview.py get-adserviceaccount -t srv-ad.contoso.com -u 'SRV-MAIL$' --hashes $NT_HASH --resolve-sids\ndistinguishedname: CN=gMSA-01,CN=Managed Service Accounts,DC=contoso,DC=com\nobjectsid: S-1-5-21-863927164-4106933278-53377030-3115\nsamaccountname: gMSA-01$\nmsds-groupmsamembership: CN=SRV-MAIL,CN=Computers,DC=contoso,DC=com\ndescription:\nenabled: True\n$ python3 pywerview.py get-adserviceaccount -t srv-ad.contoso.com -u 'SRV-MAIL$' --hashes $NT_HASH --resolve-sids --tls\ndistinguishedname: CN=gMSA-01,CN=Managed Service Accounts,DC=contoso,DC=com\nobjectsid: S-1-5-21-863927164-4106933278-53377030-3115\nsamaccountname: gMSA-01$\nmsds-managedpassword: 69730ce3914ac6[redacted]\nmsds-groupmsamembership: CN=SRV-MAIL,CN=Computers,DC=contoso,DC=com\ndescription:\nenabled: True\n```\n\n### JSON output\n\nPywerview can print results in json format by using the `--json` switch.\n\n### The case of LDAP Signing and LDAP Channel Binding\n\nTo work against against DCs that implment LDAP Signing and/or LDAP Channel Binding, you need to install a forked version \nof the `ldap3` library. You can find this special version [here](https://pypi.org/project/ldap3-bleeding-edge/). \nThis version is `ldap3` version 2.10.1 (which is not on pipy) + 6 pending PRs. Sources for this package can be found\n[here](https://github.com/ThePirateWhoSmellsOfSunflowers/ldap3) \n\n`pip install ldap3-bleeding-edge` this branch within your pywerview virtual env. You can check if your pywerview \ninstallation uses the fork by enabling debug logging (`-l DEBUG`).\n\npywerview falls back to [simple authentication](https://datatracker.ietf.org/doc/html/rfc2251#autoid-26) if the custom branch is \nnot installed.\n\n## TODO\n\n* Many, many more PowerView functionalities to implement. I'll now focus on\n forest functions, then inter-forest trust functions\n* Lots of rewrite due to the last version of PowerView\n* Gracefully fail against Unix machines running Samba\n* Perform range cycling in `get-netgroupmember`\n* Manage request to the Global Catalog\n* Try to fall back to `tcp/139` for RPC communications if `tcp/445` is closed\n* Comment, document, and clean the code\n\n## THANKS\n\n* Thanks to the [@PowerSploit](https://github.com/PowerShellMafia/PowerSploit/)\n team for an awesome tool.\n* Thanks to [@SecureAuthCorp](https://github.com/SecureAuthCorp/) for this complete\n and comprehensive library that is [impacket](https://github.com/SecureAuthCorp/impacket).\n* Special thanks to [@asolino](https://github.com/asolino) for his help on\n developing using impacket.\n* Thanks to [@byt3bl33d3r](https://github.com/byt3bl33d3r) for his\n contributions.\n* Thanks to [@ThePirateWhoSmellsOfSunflowers](https://github.com/ThePirateWhoSmellsOfSunflowers)\n for his debugging, love you baby :heart:\n* Thanks to [@mpgn](https://github.com/mpgn) for his python 3 contributions.\n\n## MISC\n\nSlides: \n* 2024: [\"pywerview: a (partial) Python rewriting of PowerSploit's PowerView\"](https://github.com/ThePirateWhoSmellsOfSunflowers/keuvra/blob/main/slides/pywerview_defcon_paris.pdf) for [DefconParis](https://x.com/DefconParis)\n\n## COPYRIGHT\n\nPywerView - A Python rewriting of PowerSploit's PowerView\n\nYannick Méheut [yannick (at) meheut (dot) org] - Copyright © 2024\n\nThis program is free software: you can redistribute it and/or modify it\nunder the terms of the GNU General Public License as published by the\nFree Software Foundation, either version 3 of the License, or (at your\noption) any later version.\n\nThis program is distributed in the hope that it will be useful, but\nWITHOUT ANY WARRANTY; without even the implied warranty of\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General\nPublic License for more details.\n\nYou should have received a copy of the GNU General Public License along\nwith this program. If not, see\n[https://www.gnu.org/licenses/](https://www.gnu.org/licenses/).\n\n","funding_links":[],"categories":["Python"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthe-useless-one%2Fpywerview","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fthe-useless-one%2Fpywerview","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthe-useless-one%2Fpywerview/lists"}