Simple python script for AD enumeration

Related tags

MiscellaneousAutoAD
Overview

AutoAD - Simple python script for AD enumeration

This tool was created on my spare time to help fellow penetration testers in automating the basic enumeration steps that they would do on their daily-basis job and can be useful in AD labs (CRTP/CRTE/CRTO/Offshore..etc)

(Spoiler: this tool is far from being perfect.)

Installation

git clone https://github.com/M-Arman/AutoAD.git
cd AutoAD
chmod +x install.sh
sudo ./install.sh

Usage

	    
	 █████╗ ██╗   ██╗████████╗ ██████╗      █████╗ ██████╗ 
	██╔══██╗██║   ██║╚══██╔══╝██╔═══██╗    ██╔══██╗██╔══██╗
	███████║██║   ██║   ██║   ██║   ██║    ███████║██║  ██║
	██╔══██║██║   ██║   ██║   ██║   ██║    ██╔══██║██║  ██║
	██║  ██║╚██████╔╝   ██║   ╚██████╔╝    ██║  ██║██████╔╝
	╚═╝  ╚═╝ ╚═════╝    ╚═╝    ╚═════╝     ╚═╝  ╚═╝╚═════╝ 
			                                      by M-Arman
                                                       
usage: AutoAD.py [-h] -user USERNAME -pass PASSWORD -dc-ip DC_IP -dns-mode DNS_MODE

AutoAD - Simple python script for AD enumeration

optional arguments:
  -h, --help          show this help message and exit
  -user USERNAME      Username for the account that will be used for
                      authentication. (format: [email protected])
  -pass PASSWORD      Password for the account that will be used for
                      authentication.
  -dc-ip DC_IP        The IP address for the domain controller that will be
                      queried for results.
  -dns-mode DNS_MODE  1= Use DC-IP as DNS server.(default)
                      2= Use system default DNS configurations.(proxychains/joined machine)

Features

  • List Domain Controllers, Domain SID, Domain Admins.
  • Check for printer spool on domain controllers to be abused with printer-bug.
  • List Group Policy Objects (GPO).
  • List Domain trusts.
  • List Kerberoastable users.
  • List Unconstrained delegation enabled computers.
  • List Constrained delegation enabled computers/users.
  • Find readable LAPS credentials.
  • Checks for local administrator access on all domain computers as the querying user.
  • Output domain users, users with description, computers, groups.
  • Output hashes from TGS and ASREP roasting for offline cracking. (Impacket)

Example

./AutoAD.py -user [email protected] -pass N0tActuallyaPassw0rd -dc-ip 192.168.110.145

Screenshot

example here

Future work

  • Use OOP.
  • Use hash authentication.
  • Replace impacket hashes dumping method.
  • Exchange Servers enumeration
  • MSSQL enumeration.

License

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program.  If not, see <https://www.gnu.org/licenses/>.
Owner
Mohammad Arman
Security Engineer
Mohammad Arman
GitHub Repository
💘 Write any Python with 9 Characters: e,x,c,h,r,(,+,1,)

💘 PyFuck exchr(+1) PyFuck is a strange playful code. It uses only nine different characters to write Python3 code. Inspired by aemkei/jsfuck Example

Satoki 10 Dec 25, 2022
Ml-design-patterns - Source code accompanying O'Reilly book: Machine Learning Design Patterns

This is not an official Google product ml-design-patterns Source code accompanying O'Reilly book: Title: Machine Learning Design Patterns Authors: Val

Google Cloud Platform 1.5k Jan 05, 2023
Uma versão em Python/Ursina do aplicativo Real Drum (android).

Real Drum Descrição Esta é uma versão alternativa feita em Python com a engine Ursina do aplicatio Real Drum (presente no Google Play Store). Como exe

hayukimori 5 Aug 20, 2022
Exam assignment for Laboratory of Bioinformatics 2

Exam assignment for Laboratory of Bioinformatics 2 (Alma Mater University of Bologna, Master in Bioinformatics)

2 Oct 22, 2022
[Cython] Vs [Python] Which one is Faster ?

[Cython] Vs [Python] ? Attractive Contrast :) Mission : Which one is Faster ? Comparing of Execution runtime for [Selection_sort] with Time Complexity

baqer marani 1 Dec 05, 2021
Pylexa - Artificial Assistant made with Python

Pylexa - Artificial Assistant made with Python Alexa is a famous artificial assistant used massively across the world. It is a substitute of Alexa whi

\_PROTIK_/ 4 Nov 03, 2021
An improved version of the common ˙pacman -S˙

BetterPacmanLook An improved version of the common pacman -S. Installation I know that this is probably one of the worst solutions and i will be worki

1 Nov 06, 2021
Simple calculator with random number button and dark gray theme created with PyQt6

Calculator Application Simple calculator with random number button and dark gray theme created with : PyQt6 Python 3.9.7 you can download the dark gra

Flamingo 2 Mar 07, 2022
An interactive tool with which to explore the possible imaging performance of candidate ngEHT architectures.

ngEHTexplorer An interactive tool with which to explore the possible imaging performance of candidate ngEHT architectures. Welcome! ngEHTexplorer is a

Avery Broderick 7 Jan 28, 2022
Курс про техническое совершенство для нетехнарей

Technical Excellence 101 Курс про техническое совершенство для нетехнарей. Этот курс представлят из себя серию воркшопов, при помощи которых можно объ

Anton Bevzuk 11 Nov 13, 2022
A web UI for managing your 351ELEC device ROMs.

351ELEC WebUI A web UI for managing your 351ELEC device ROMs. Requirements Python 3 or Python 2.7 are required. If the ftfy package is installed, it w

Ben Phelps 5 Sep 26, 2022
A conda-smithy repository for boost-histogram.

The official Boost.Histogram Python bindings. Provides fast, efficient histogramming with a variety of different storages combined with dozens of composable axes. Part of the Scikit-HEP family.

conda-forge 0 Dec 17, 2021
Set of tools to analyze Tinynuke samples

tinynuke-toolset You'll find in that repository a set of tools and scripts I developped to analyze Tinynuke samples. Dll extractor: script used to ext

Heat Miser 14 Aug 18, 2022
validation for pre-commit.ci configuration

pre-commit-ci-config validation for pre-commit.ci configuration installation pip install pre-commit-ci-config api pre_commit_ci_config.SCHEMA a cfgv s

pre-commit.ci 17 Jul 11, 2022
Request ID propagation for ASGI apps

ASGI Correlation ID middleware Middleware for loading and receiving correlation IDs from request HTTP headers, and making them available in applicatio

snok 170 Jan 02, 2023
Runnable Python demo of ArtLine

artline-demo How to run? pip3 install -r requirements.txt python3 app.py How to use? Run the Flask app Open localhost:5000 in browser Select an image(

Jiang Wenjian 134 Jul 29, 2022
Compile Binary Ninja's HLIL IR to LLVM, for purposes of compiling it back to a binary again.

Compiles BinaryNinja's HLIL to LLVM Approach Sweep binary for global variables, create them Sweep binary for (used?) external functions, declare those

Kyle Martin 31 Nov 10, 2022
Chat meetup

FLiP-Meetup-Chat Chat meetup create function bin/pulsar-admin functions create --auto-ack true --jar pulsardjlexample-1.0.jar --classname "dev.pulsarf

Timothy Spann 1 Dec 09, 2021
A Red Team tool for exfiltrating sensitive data from Jira tickets.

Jir-thief This Module will connect to Jira's API using an access token, export to a word .doc, and download the Jira issues that the target has access

Antonio Piazza 82 Dec 12, 2022
Animations made using manim-ce

ManimCE Animations Animations made using manim-ce The code turned out to be a bit complicated than expected.. It can be greatly simplified, will work

sparshg 17 Jan 06, 2023