Code Monkey home page Code Monkey logo

adreaper's Introduction

ADReaper

ADReaper is a tool written in Golang which enumerates an Active Directory environment with LDAP queries within few seconds

Installation

You can download precompiled executable binaries for Windows/Linux from latest releases

Install from source

To build from source, clone the repo and build it with GO

$ git clone https://github.com/AidenPearce369/ADReaper
$ cd ADReaper/
$ go build

Usage

ADReaper performs enumeration with various commands that performs LDAP queries with respective to it

PS C:\Users\redteamer\Desktop\shared> .\ADReaper.exe

      -command string

            Command to run
                  dc              - to list domain controllers
                  domain-trust    - to list domain trust
                  users           - to list all users
                  computers       - to list all computers
                  groups          - to list all groups with members
                  spn             - to list service principal objects
                  never-loggedon  - to list users never logged on
                  gpo             - to list group policy objects
                  ou              - to list organizational units
                  ms-sql          - to list MS-SQL servers
                  asreproast      - to list AS-REP roastable accounts
                  unconstrained   - to list Unconstrained Delegated accounts
                  admin-priv      - to list AD objects with admin privilege

      -dc string

            Enter the DC

      -filter string

            Filters to use for users/groups/computers

            list - lists all objects only
            full-data - list all objects with properties
            membership - lists all members from an object

            (default "list")
      -name string

            Pass object name of user/group/computer

      -password string

            Enter the Password

      -user string

            Enter the Username

To query the properties of Domain Controller of the domain,

.\ADReaper.exe -dc <dc.domain> -user <username> -password <password> -command dc

To query the Trust Attributes of the domain,

.\ADReaper.exe -dc <dc.domain> -user <username> -password <password> -command domain-trust

To list all Users from the domain,

.\ADReaper.exe -dc <dc.domain> -user <username> -password <password> -command users

To list all Users with attributes from the domain,

.\ADReaper.exe -dc <dc.domain> -user <username> -password <password> -command users -filter full-data

To list attributes of Specific Users from the domain,

.\ADReaper.exe -dc <dc.domain> -user <username> -password <password> -command users -name <user>

To list the membership of the Specific User,

.\ADReaper.exe -dc <dc.domain> -user <username> -password <password> -command users -name <user> -filter membership

To list all available Computers from the domain,

.\ADReaper.exe -dc <dc.domain> -user <username> -password <password> -command computers

To list all Computers with attributes from the domain,

.\ADReaper.exe -dc <dc.domain> -user <username> -password <password> -command computers -filter full-data

To list attributes of Specific Computer from the domain,

.\ADReaper.exe -dc <dc.domain> -user <username> -password <password> -command computers -name <computer name>

To list all available Groups from the domain,

.\ADReaper.exe -dc <dc.domain> -user <username> -password <password> -command groups

To list all Groups with attributes from the domain,

.\ADReaper.exe -dc <dc.domain> -user <username> -password <password> -command groups -filter full-data

To list attributes of Specific Group from the domain,

.\ADReaper.exe -dc <dc.domain> -user <username> -password <password> -command groups -name <group name>

To list members of Specific Group from the domain,

.\ADReaper.exe -dc <dc.domain> -user <username> -password <password> -command groups -name <group name> -filter membership

To list users Never Logged On from the domain,

.\ADReaper.exe -dc <dc.domain> -user <username> -password <password> -command never-loggedon

To list GPOs from the domain,

.\ADReaper.exe -dc <dc.domain> -user <username> -password <password> -command gpo

To list OUs from the domain,

.\ADReaper.exe -dc <dc.domain> -user <username> -password <password> -command ou

To list AD objects with higher privileges,

.\ADReaper.exe -dc <dc.domain> -user <username> -password <password> -command admin-priv

To list MS-SQL Servers from the domain,

.\ADReaper.exe -dc <dc.domain> -user <username> -password <password> -command ms-sql

To list all attributes of MS-SQL Servers from the domain,

.\ADReaper.exe -dc <dc.domain> -user <username> -password <password> -command ms-sql -filter full-data

To list all attributes of specific MS-SQL Server from the domain,

.\ADReaper.exe -dc <dc.domain> -user <username> -password <password> -command ms-sql -name <computer name>

To list SPNs available in the domain,

.\ADReaper.exe -dc <dc.domain> -user <username> -password <password> -command spn

To list all attributes of Specific SPN from the domain,

.\ADReaper.exe -dc <dc.domain> -user <username> -password <password> -command spn -name <sam of spn>

To list AD objects with Unconstrained Delegation enabled,

.\ADReaper.exe -dc <dc.domain> -user <username> -password <password> -command unconstrained

To-Do

Looking forward for contributors to build the next version

Planned features,

  • Custom LDAP querying
  • Filters LDAP attributes with existing commands
  • LAPS enumeration
  • Kerberoasting SPNs
  • AS-REP Roasting SPNs
  • Local admin access hunting
  • ACL enumeration
  • Exporting JSON data for BloodHound

If interested, ping me :)

adreaper's People

Contributors

adamkadaban avatar aidenpearce369 avatar gbiagomba avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

m00nt0 j5s isiaon munjurhasan444 tobey123 h0n3yb brovisa mlynchcogent zha0 chann-tx zykl0 ic32k samy1937 5l1v3r1 xiaopihaik jermainlaforce w0rm3r ipc-security cyberfury101 curtishoughton omaramin17 nocomp 666devil666hell unleashedmen bingpo startagain2016 lorenaman alejandrobernardis n0lll cheahengsoon cvlabsio gbiagomba moawwad666 30579096 adamkadaban shubhamyadvv emelnichenko sidneysimas

adreaper's Issues

ldap connection issue

for loop starts after the first part of the domain so if the domain is RedTeam.local the ldap connection will be sent to local:389 only

s := strings.Split(*ldapServer, ".")

	baseDN := ""

	for x := 1; x < len(s); x++ {

		if x == len(s)-1 {

			baseDN += "DC=" + s[x]

		} else {

			baseDN += "DC=" + s[x] + ","

		}

	}

	*ldapServer += ":389"

and it will cause this error
LDAP Result Code 10 "Referral": 0000202B: RefErr: DSID-0310084A, data 0, 1 access points ref 1: 'local'
so the fix is to set x in the for loop to start from 0

License statement

Currently there is no license statement. Could you please also add a LICENSE file that contains the license text. This is a requirement for a lot of distributions.

Thanks.

Filter String Typo

In the help string, it lists the filters that are allowed:

  -filter string
        
        Filters to use for users/groups/computers
        
        list - lists all objects only
        fulldata - list all objects with properties
        membership - lists all members from an object

The problem is "fulldata" is incorrect, it's "full-data" and I was only able to find it by looking at the examples.

What an awesome tool this is btw, I'm going to be using it as inspiration along with XLSX library to generate some lovely reports.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.