ADEnum.py是一种渗透测试工具,可以通过 LDAP 协议发现错误配置,并利用 Kerberos 的其中一些弱点。
█████╗ ██████╗ ███████╗███╗ ██╗██╗ ██╗███╗ ███╗
██╔══██╗██╔══██╗ ██╔════╝████╗ ██║██║ ██║████╗ ████║
███████║██║ ██║ █████╗ ██╔██╗ ██║██║ ██║██╔████╔██║
██╔══██║██║ ██║ ██╔══╝ ██║╚██╗██║██║ ██║██║╚██╔╝██║
██║ ██║██████╔╝ ███████╗██║ ╚████║╚██████╔╝██║ ╚═╝ ██║
╚═╝ ╚═╝╚═════╝ ╚══════╝╚═╝ ╚═══╝ ╚═════╝ ╚═╝ ╚═╝
usage: ADenum.py -d [domain] -u [username] -p [password]
Pentest tool that detect misconfig in AD with LDAP
options:
-h, --help show this help message and exit
-d [domain] The name of domain (e.g. "test.local")
-u [username] The user name
-p [password] The user password
-ip [ipAddress] The IP address of the server (e.g. "1.1.1.1")
-j Enable hash cracking (john)
-jp [path] John binary path
-w [wordList] The path of the wordlist to be used john (Default: /usr/share/seclists/Passwords/Leaked-
Databases/rockyou.txt
-v, --version Show program's version number and exit
-s Use LDAP with SSL
-c, --NPUsersCheck Check with GetNPUsers.py for ASREP Roastable
Impacket (https://github.com/SecureAuthCorp/impacket)
John (https://github.com/openwall/john)
Python 3
If you are using debian or ubuntu:
$ sudo apt-get install libsasl2-dev python-dev libldap2-dev libssl-dev
kali
$ sudo apt-get install libsasl2-dev python2-dev libldap2-dev libssl-dev
pip3
$ pip3 install -r requirements.txt
枚举域管理员用户
枚举域控制器
枚举密码未过期的域用户
使用旧密码枚举域用户
具有有趣描述的枚举域用户
没有默认加密的枚举域用户
枚举具有保护特权域帐户的域用户
枚举没有默认对象属性的域用户
项目地址:https://github.com/SecuProject/ADenum