{"id":28778348,"url":"https://github.com/themanticoreproject/findoldsidtraces","last_synced_at":"2025-07-03T13:35:34.553Z","repository":{"id":299608455,"uuid":"999548232","full_name":"TheManticoreProject/FindOldSIDTraces","owner":"TheManticoreProject","description":"A cross-platform tool to find traces of old SIDs remaining in LDAP objects of the Active Directory","archived":false,"fork":false,"pushed_at":"2025-06-29T13:59:01.000Z","size":757,"stargazers_count":16,"open_issues_count":1,"forks_count":2,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-06-29T14:37:46.477Z","etag":null,"topics":["audit","cleaning","sid","traces"],"latest_commit_sha":null,"homepage":"https://themanticoreproject.com/","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/TheManticoreProject.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":"TheManticoreProject"}},"created_at":"2025-06-10T12:21:53.000Z","updated_at":"2025-06-29T13:59:05.000Z","dependencies_parsed_at":"2025-06-17T12:20:07.630Z","dependency_job_id":null,"html_url":"https://github.com/TheManticoreProject/FindOldSIDTraces","commit_stats":null,"previous_names":["themanticoreproject/findoldsidtraces"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/TheManticoreProject/FindOldSIDTraces","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TheManticoreProject%2FFindOldSIDTraces","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TheManticoreProject%2FFindOldSIDTraces/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TheManticoreProject%2FFindOldSIDTraces/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TheManticoreProject%2FFindOldSIDTraces/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/TheManticoreProject","download_url":"https://codeload.github.com/TheManticoreProject/FindOldSIDTraces/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TheManticoreProject%2FFindOldSIDTraces/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":263335813,"owners_count":23450934,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["audit","cleaning","sid","traces"],"created_at":"2025-06-17T16:06:38.445Z","updated_at":"2025-07-03T13:35:34.545Z","avatar_url":"https://github.com/TheManticoreProject.png","language":"Go","funding_links":["https://github.com/sponsors/TheManticoreProject"],"categories":[],"sub_categories":[],"readme":"![](./.github/banner.png)\n\n\u003cp align=\"center\"\u003e\n    A cross-platform tool to find traces of old SIDs remaining in LDAP objects of the Active Directory.\n    \u003cbr\u003e\n    \u003ca href=\"https://github.com/TheManticoreProject/FindOldSIDTraces/actions/workflows/release.yaml\" title=\"Build\"\u003e\u003cimg alt=\"Build and Release\" src=\"https://github.com/TheManticoreProject/FindOldSIDTraces/actions/workflows/release.yaml/badge.svg\"\u003e\u003c/a\u003e\n    \u003cimg alt=\"GitHub release (latest by date)\" src=\"https://img.shields.io/github/v/release/TheManticoreProject/FindOldSIDTraces\"\u003e\n    \u003cimg alt=\"Go Report Card\" src=\"https://goreportcard.com/badge/github.com/TheManticoreProject/FindOldSIDTraces\"\u003e \n    \u003ca href=\"https://twitter.com/intent/follow?screen_name=podalirius_\" title=\"Follow\"\u003e\u003cimg src=\"https://img.shields.io/twitter/follow/podalirius_?label=Podalirius\u0026style=social\"\u003e\u003c/a\u003e\n    \u003ca href=\"https://www.youtube.com/c/Podalirius_?sub_confirmation=1\" title=\"Subscribe\"\u003e\u003cimg alt=\"YouTube Channel Subscribers\" src=\"https://img.shields.io/youtube/channel/subscribers/UCF_x5O7CSfr82AfNVTKOv_A?style=social\"\u003e\u003c/a\u003e\n    \u003cbr\u003e\n\u003c/p\u003e\n\n\n## Features\n\n - [x] Only requires a **low privileges domain user account**\n - [x] Searches for old SIDs in `nTSecurityDescriptor` and `msDS-AllowedToActOnBehalfOfOtherIdentity` attributes\n - [x] Validates SIDs against a comprehensive map of well-known SIDs and SIDs from the domain\n - [x] Supports both LDAP and LDAPS connections\n\n## Demonstration\n\nIn order to find the old SIDs that might remain in the security descriptors and structures of the objects in the domain, you can use the following command:\n\n```bash\n./FindOldSIDTraces --dc-ip \"\u003cdomain_controller_ip\u003e\" --domain \"\u003cdomain\u003e\" --username \"\u003cusername\u003e\" --password \"\u003cpassword\u003e\" \n```\n\nYou will get the following output:\n\n![](./.github/example.png)\n\n## Usage\n\n```              \n$ ./FindOldSIDTraces -h\nFindOldSIDTraces - by Remi GASCOU (Podalirius) @ TheManticoreProject - v1.0.0\n\nUsage: FindOldSIDTraces --domain \u003cstring\u003e --username \u003cstring\u003e [--password \u003cstring\u003e] [--hashes \u003cstring\u003e] [--quiet] [--debug] [--no-colors] [--attribute \u003cstring\u003e] [--output-file \u003cstring\u003e] --dc-ip \u003cstring\u003e [--ldap-port \u003ctcp port\u003e] [--use-ldaps]\n\n  Authentication:\n    -d, --domain \u003cstring\u003e   Active Directory domain to authenticate to.\n    -u, --username \u003cstring\u003e User to authenticate as.\n    -p, --password \u003cstring\u003e Password to authenticate with. (default: \"\")\n    -H, --hashes \u003cstring\u003e   NT/LM hashes, format is LMhash:NThash. (default: \"\")\n\n  Configuration:\n    -q, --quiet                Show no information at all. (default: false)\n    --debug                    Debug mode. (default: false)\n    -nc, --no-colors           No colors mode. (default: false)\n    -a, --attribute \u003cstring\u003e   Output attribute. (default: \"distinguishedName\")\n    -o, --output-file \u003cstring\u003e Output file to write results to. (default: \"\")\n\n  LDAP Connection Settings:\n    -dc, --dc-ip \u003cstring\u003e       IP Address of the domain controller or KDC (Key Distribution Center) for Kerberos. If omitted, it will use the domain part (FQDN) specified in the identity parameter.\n    -lp, --ldap-port \u003ctcp port\u003e Port number to connect to LDAP server. (default: 389)\n    -L, --use-ldaps             Use LDAPS instead of LDAP. (default: false)\n```\n\n## Contributing\n\nPull requests are welcome. Feel free to open an issue if you want to add other features.\n\n## Credits\n  - [Remi GASCOU (Podalirius)](https://github.com/p0dalirius) for the creation of the [FindOldSIDTraces](https://github.com/TheManticoreProject/FindOldSIDTraces).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthemanticoreproject%2Ffindoldsidtraces","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fthemanticoreproject%2Ffindoldsidtraces","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthemanticoreproject%2Ffindoldsidtraces/lists"}