Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/tomcarver16/ADSearch

A tool to help query AD via the LDAP protocol
https://github.com/tomcarver16/ADSearch

active-directory csharp query redteaming

Last synced: 3 months ago
JSON representation

A tool to help query AD via the LDAP protocol

Host: GitHub
URL: https://github.com/tomcarver16/ADSearch
Owner: tomcarver16
Created: 2020-06-17T22:21:41.000Z (over 4 years ago)
Default Branch: master
Last Pushed: 2023-07-07T14:39:50.000Z (over 1 year ago)
Last Synced: 2024-04-12T18:12:29.579Z (7 months ago)
Topics: active-directory, csharp, query, redteaming
Language: C#
Homepage:
Size: 226 KB
Stars: 395
Watchers: 8
Forks: 45
Open Issues: 3
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

awesome-hacking-lists - tomcarver16/ADSearch - A tool to help query AD via the LDAP protocol (C# #)

README

        # ADSearch

A tool written for cobalt-strike's `execute-assembly` command that allows for more efficent querying of AD.

## Key Features

* List all Domain Admins

* Custom LDAP Search

* Connect to LDAPS Servers

* Output JSON data from AD instances

* Retrieve custom attributes from a generic query (i.e. All computers)

## Usage

```

ADSearch 1.0.0.0

Copyright c  2020

USAGE:

Query Active Directory remotely or locally:

  ADSearch --domain ldap.example.com --password AdminPass1 --username admin --users

  -f, --full          If set will show all attributes for the returned item.

  -o, --output        File path to output the results to.

  --json              (Default: false) Output results in json format.

  --supress-banner    When set banner will be disabled.

  -G, --groups        Enumerate and return all groups from AD.

  -U, --users         Enumerate and return all users from AD.

  -C, --computers     Enumerate and return all computers joined to the AD.

  -S, --spns          Enumerate and return all SPNS from AD.

  --attributes        (Default: cn) Attributes to be returned from the results in csv format.

  -s, --search        Perform a custom search on the AD server.

  --domain-admins     Attempt to retreive all Domain Admin accounts.

  -u, --username      Attempts to authenticate to AD with the given username.

  -p, --password      Attempts to authenticate to AD with the given password.

  -h, --hostname      If set will attempt a remote bind to the hostname. This option requires the domain option to be set to a valid DC on the hostname. Will allow an IP address to be used as well.

  -p, --port          (Default: 636) If set will attempt a remote bind to the port based on the IP.

  -d, --domain        The domain controller we are connecting to in the FQDN format. If left blank then all other connection options are ignored and the lookups are done locally.

  --insecure          (Default: false) If set will communicate over port 389 and not use SSL

  --help              Display this help screen.

  --version           Display version information.

```

## Screenshots

### Display all SPNs

![Display all SPNs](https://github.com/tomcarver16/ADSearch/blob/master/Images/all-spns.png "All Spns")

### Display all users

![Display all Users](https://github.com/tomcarver16/ADSearch/blob/master/Images/all-users.png "All Users")

### Get custom attributes back from custom search

![Display results with custom attributes](https://github.com/tomcarver16/ADSearch/blob/master/Images/custom-attributes.png "Custom Attributes")