Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/tomcarver16/ADSearch
A tool to help query AD via the LDAP protocol
https://github.com/tomcarver16/ADSearch
active-directory csharp query redteaming
Last synced: 21 days ago
JSON representation
A tool to help query AD via the LDAP protocol
- Host: GitHub
- URL: https://github.com/tomcarver16/ADSearch
- Owner: tomcarver16
- Created: 2020-06-17T22:21:41.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2023-07-07T14:39:50.000Z (over 1 year ago)
- Last Synced: 2024-08-05T17:24:19.996Z (4 months ago)
- Topics: active-directory, csharp, query, redteaming
- Language: C#
- Homepage:
- Size: 226 KB
- Stars: 435
- Watchers: 8
- Forks: 48
- Open Issues: 3
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - tomcarver16/ADSearch - A tool to help query AD via the LDAP protocol (C# #)
README
# ADSearch
A tool written for cobalt-strike's `execute-assembly` command that allows for more efficent querying of AD.## Key Features
* List all Domain Admins
* Custom LDAP Search
* Connect to LDAPS Servers
* Output JSON data from AD instances
* Retrieve custom attributes from a generic query (i.e. All computers)## Usage
```
ADSearch 1.0.0.0
Copyright c 2020
USAGE:
Query Active Directory remotely or locally:
ADSearch --domain ldap.example.com --password AdminPass1 --username admin --users-f, --full If set will show all attributes for the returned item.
-o, --output File path to output the results to.
--json (Default: false) Output results in json format.
--supress-banner When set banner will be disabled.
-G, --groups Enumerate and return all groups from AD.
-U, --users Enumerate and return all users from AD.
-C, --computers Enumerate and return all computers joined to the AD.
-S, --spns Enumerate and return all SPNS from AD.
--attributes (Default: cn) Attributes to be returned from the results in csv format.
-s, --search Perform a custom search on the AD server.
--domain-admins Attempt to retreive all Domain Admin accounts.
-u, --username Attempts to authenticate to AD with the given username.
-p, --password Attempts to authenticate to AD with the given password.
-h, --hostname If set will attempt a remote bind to the hostname. This option requires the domain option to be set to a valid DC on the hostname. Will allow an IP address to be used as well.
-p, --port (Default: 636) If set will attempt a remote bind to the port based on the IP.
-d, --domain The domain controller we are connecting to in the FQDN format. If left blank then all other connection options are ignored and the lookups are done locally.
--insecure (Default: false) If set will communicate over port 389 and not use SSL
--help Display this help screen.
--version Display version information.
```## Screenshots
### Display all SPNs
![Display all SPNs](https://github.com/tomcarver16/ADSearch/blob/master/Images/all-spns.png "All Spns")
### Display all users
![Display all Users](https://github.com/tomcarver16/ADSearch/blob/master/Images/all-users.png "All Users")
### Get custom attributes back from custom search
![Display results with custom attributes](https://github.com/tomcarver16/ADSearch/blob/master/Images/custom-attributes.png "Custom Attributes")