Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/CasperGN/ActiveDirectoryEnumeration
Enumerate AD through LDAP with a collection of helpfull scripts being bundled
https://github.com/CasperGN/ActiveDirectoryEnumeration
active-directory activedirectory bloodhound-json-files bruteforce-enumeration crack enumeration pentesting
Last synced: 22 days ago
JSON representation
Enumerate AD through LDAP with a collection of helpfull scripts being bundled
- Host: GitHub
- URL: https://github.com/CasperGN/ActiveDirectoryEnumeration
- Owner: CasperGN
- License: mit
- Created: 2020-03-05T18:41:59.000Z (almost 5 years ago)
- Default Branch: master
- Last Pushed: 2024-10-28T03:18:06.000Z (about 2 months ago)
- Last Synced: 2024-10-28T06:56:55.395Z (about 2 months ago)
- Topics: active-directory, activedirectory, bloodhound-json-files, bruteforce-enumeration, crack, enumeration, pentesting
- Language: Python
- Homepage:
- Size: 423 KB
- Stars: 140
- Watchers: 6
- Forks: 40
- Open Issues: 40
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Security: SECURITY.md
Awesome Lists containing this project
- awesome-hacking-lists - CasperGN/ActiveDirectoryEnumeration - Enumerate AD through LDAP with a collection of helpfull scripts being bundled (Python)
README
[](https://github.com/CasperGN/ActiveDirectoryEnumeration/stargazers) [](https://github.com/CasperGN/ActiveDirectoryEnumeration/network) [](https://github.com/CasperGN/ActiveDirectoryEnumeration/blob/master/LICENSE) [](https://app.fossa.com/projects/git%2Bgithub.com%2FCasperGN%2FActiveDirectoryEnumeration?ref=badge_shield) [](https://lgtm.com/projects/g/CasperGN/ActiveDirectoryEnumeration/alerts/) [](https://lgtm.com/projects/g/CasperGN/ActiveDirectoryEnumeration/context:python) [](https://img.shields.io/pypi/v/activedirectoryenum.svg) [](https://img.shields.io/pypi/dm/activedirectoryenum)
[](https://repology.org/project/activedirectoryenum/versions)
## ADE - ActiveDirectoryEnum
```
python -m ade
usage: ade [-h] [--dc DC] [-o OUT_FILE] [-u USER] [-s] [-smb] [-kp] [-bh] [-spn] [-sysvol] [--all] [--no-creds] [--dry-run]
[--exploit EXPLOIT]
___ __ _ ____ _ __ ______
/ | _____/ /_(_) _____ / __ \(_)_______ _____/ /_____ _______ __/ ____/___ __ ______ ___
/ /| |/ ___/ __/ / | / / _ \/ / / / / ___/ _ \/ ___/ __/ __ \/ ___/ / / / __/ / __ \/ / / / __ `__ \
/ ___ / /__/ /_/ /| |/ / __/ /_/ / / / / __/ /__/ /_/ /_/ / / / /_/ / /___/ / / / /_/ / / / / / /
/_/ |_\___/\__/_/ |___/\___/_____/_/_/ \___/\___/\__/\____/_/ \__, /_____/_/ /_/\__,_/_/ /_/ /_/
/____/
/*----------------------------------------------------------------------------------------------------------*/
optional arguments:
-h, --help show this help message and exit
--dc DC Hostname of the Domain Controller
-o OUT_FILE, --out-file OUT_FILE
Path to output file. If no path, CWD is assumed (default: None)
-u USER, --user USER Username of the domain user to query with. The username has to be domain name as `[email protected]`
-s, --secure Try to estalish connection through LDAPS
-smb, --smb Force enumeration of SMB shares on all computer objects fetched
-kp, --kerberos_preauth
Attempt to gather users that does not require Kerberos preauthentication
-bh, --bloodhound Output data in the format expected by BloodHound
-spn Attempt to get all SPNs and perform Kerberoasting
-sysvol Search sysvol for GPOs with cpassword and decrypt it
--all Run all checks
--no-creds Start without credentials
--dry-run Don't execute a test but run as if. Used for testing params etc.
--exploit EXPLOIT Show path to PoC exploit code
```
The new inclusion of embedded exploits can yield results such as:
```
...
[ WARN ] DC may be vulnerable to: [ cve-2020-1472 ]
...
```
To query an exploit for PoC code:
```
$ python -m ade --exploit cve-2020-1472
Exploit for: cve-2020-1472 can be found at: https://github.com/dirkjanm/CVE-2020-1472
```
## Install
Run installation through pip3:
```
pip3 install ActiveDirectoryEnum
python -m ade
```
If you run BlackArch, ActiveDirectoryEnum is available through `pacman` as such:
```
pacman -S activedirectoryenum
```
## Included attacks/vectors
- [X] ASREPRoasting
- [X] Kerberoasting
- [X] Dump AD as BloodHound JSON files
- [X] Searching GPOs in SYSVOL for cpassword and decrypting
- [X] Run without creds and attempt to gather for further enumeration during the run
- [X] Sample exploits included:
- CVE-2020-1472
## Collaboration
While this project is developed to fit my needs, any collaboration is appreciated. Please feel free to fork the project, make changes according to the License agreements and make a Pull Request.
I only ask that:
- Keep equivalent naming standard as the base project
- Keep equivalent syntaxing
- Test your code
- Error handling is incorporated
- Document the feature - both in code but also for potential Wiki page
## Thanks & Acknowledgements
Big thanks to the creators of:
`Impacket` [@github](https://github.com/SecureAuthCorp/impacket)
`BloodHound` [@github](https://github.com/BloodHoundAD/BloodHound)
`BloodHound.py` [@github](https://github.com/fox-it/BloodHound.py)
`CVE-2020-1472` by Tom Tervoort of [Secura](https://github.com/SecuraBV/CVE-2020-1472)
Without the above this wrapper was not possible.
## License
[](https://app.fossa.com/projects/git%2Bgithub.com%2FCasperGN%2FActiveDirectoryEnumeration?ref=badge_large)