Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/p0dalirius/ghostspn

List accounts with Service Principal Names (SPN) not linked to active dns records in an Active Directory Domain.
https://github.com/p0dalirius/ghostspn

ghostspn kerberos serviceprincipalname spn

Last synced: about 2 months ago
JSON representation

List accounts with Service Principal Names (SPN) not linked to active dns records in an Active Directory Domain.

Host: GitHub
URL: https://github.com/p0dalirius/ghostspn
Owner: p0dalirius
Created: 2023-03-13T09:37:00.000Z (almost 2 years ago)
Default Branch: main
Last Pushed: 2023-12-17T17:01:52.000Z (about 1 year ago)
Last Synced: 2024-05-01T17:26:40.112Z (8 months ago)
Topics: ghostspn, kerberos, serviceprincipalname, spn
Language: Python
Homepage: https://podalirius.net/
Size: 335 KB
Stars: 11
Watchers: 2
Forks: 0
Open Issues: 1
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml

Awesome Lists containing this project

README

        ![](./.github/banner.png)



    List accounts with Service Principal Names (SPN) not linked to active dns records in an Active Directory Domain.

    


    

    

    

    




## Features

 - [x] Lists all accounts (users, computers) with 

 - [x] Checks for DNS wildcard presence before resolving names.

## Usage of scan mode

```

GhostSPN v1.1 - by @podalirius_

usage: GhostSPN.py scan [-h] [-u USERNAME] [-p PASSWORD] [-d DOMAIN] [--hashes [LMHASH]:NTHASH] [--no-pass] --dc-ip ip address [--ldaps] [-v] [--debug]

options:

  -h, --help            show this help message and exit

Credentials:

  -u USERNAME, --username USERNAME

                        Username to authenticate to the machine.

  -p PASSWORD, --password PASSWORD

                        Password to authenticate to the machine. (if omitted, it will be asked unless -no-pass is specified)

  -d DOMAIN, --domain DOMAIN

                        Windows domain name to authenticate to the machine.

  --hashes [LMHASH]:NTHASH

                        NT/LM hashes (LM hash can be empty)

  --no-pass             Don't ask for password (useful for -k)

  --dc-ip ip address    IP Address of the domain controller. If omitted it will use the domain part (FQDN) specified in the target parameter

  --ldaps               Use LDAPS. (default: False)

  -v, --verbose         Verbose mode. (default: False)

  --debug               Debug mode. (default: False)

```

## Example

Example:

![](./.github/example.png)

## Special case: DNS wildcards

In case DNS wildcards are present in the domain, GhostSPN autodetect if the entry was resolved from a wildcard entry.

![](./.github/dns_wildcard.png)