26 April 2021

PowerView is by and far the defacto domain enumeration tool. We still use it on assessments and will likely do so where appropriate in the future. However, PowerView is no longer being developed and so we wanted to make sure we still had similar functionality, but also remove the need for PowerShell. Hence, we built (and found existing code online) EDD (Enumerate Domain Data) to create a similar tool in .NET.

To skip this and get started with EDD, check out the github repo here - https://github.com/FortyNorthSecurity/EDD

To use EDD, you need to specify the "function" that you want to use with respect to the domain data you want to gather. Some of these function names should look similar to you, but let's cover how to use them.

You are always going to use the "-f" flag to specify the function that you want to run. A list of all functions are available in the ReadMe along with a description of what they do. For example, if you wanted to get the current Forest's Name, you would run the "getforest" function.

Another option that we added in is to get a list of all kerberoastable users via LDAP without actually performing a kerberoast attack.

Finally, another option is searching for a user, or a domain group, across workstations within the current domain.

At this point in time, EDD is not fully finished, but it has a reasonable amount of functionality where we thought others might find it useful. We will continue to add additional functionality into EDD and we are also happy to accept any pull requests adding in additional functionality.

We hope that this is useful, and if you have any questions at all, don't hesitate to reach out to us!