Metadata-Version: 2.4
Name: ActiveDirectoryEnum
Version: 0.5.0
Summary: Enumerate Active Directory with standard vectors
Home-page: https://github.com/CasperGN/ActiveDirectoryEnumeration
Author: Casper G. Nielsen
Author-email: whopsec@protonmail.com
Keywords: active-directory pentesting enumeration
Classifier: Programming Language :: Python :: 3
Classifier: License :: OSI Approved :: MIT License
Classifier: Environment :: Console
Requires-Python: >=3.4
Description-Content-Type: text/markdown
Requires-Dist: cffi==1.14.2
Requires-Dist: Click==7.1.2
Requires-Dist: cryptography==3.1
Requires-Dist: dnspython==1.16.0
Requires-Dist: Flask==1.1.2
Requires-Dist: future==0.18.2
Requires-Dist: impacket==0.9.21
Requires-Dist: itsdangerous==1.1.0
Requires-Dist: Jinja2==2.11.2
Requires-Dist: ldap3==2.8.1
Requires-Dist: ldapdomaindump==0.9.3
Requires-Dist: MarkupSafe==1.1.1
Requires-Dist: progressbar==2.5
Requires-Dist: pyasn1==0.4.8
Requires-Dist: pycparser==2.20
Requires-Dist: pycryptodomex==3.9.8
Requires-Dist: pyOpenSSL==19.1.0
Requires-Dist: six==1.15.0
Requires-Dist: termcolor==1.1.0
Requires-Dist: Werkzeug==1.0.1
Requires-Dist: bloodhound==1.0.5
Dynamic: author
Dynamic: author-email
Dynamic: classifier
Dynamic: description
Dynamic: description-content-type
Dynamic: home-page
Dynamic: keywords
Dynamic: requires-dist
Dynamic: requires-python
Dynamic: summary

[![GitHub stars](https://img.shields.io/github/stars/CasperGN/ActiveDirectoryEnumeration)](https://github.com/CasperGN/ActiveDirectoryEnumeration/stargazers) [![GitHub forks](https://img.shields.io/github/forks/CasperGN/ActiveDirectoryEnumeration)](https://github.com/CasperGN/ActiveDirectoryEnumeration/network) [![GitHub license](https://img.shields.io/github/license/CasperGN/ActiveDirectoryEnumeration)](https://github.com/CasperGN/ActiveDirectoryEnumeration/blob/master/LICENSE) [![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2FCasperGN%2FActiveDirectoryEnumeration.svg?type=shield)](https://app.fossa.com/projects/git%2Bgithub.com%2FCasperGN%2FActiveDirectoryEnumeration?ref=badge_shield) [![Total alerts](https://img.shields.io/lgtm/alerts/g/CasperGN/ActiveDirectoryEnumeration.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/CasperGN/ActiveDirectoryEnumeration/alerts/) [![Language grade: Python](https://img.shields.io/lgtm/grade/python/g/CasperGN/ActiveDirectoryEnumeration.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/CasperGN/ActiveDirectoryEnumeration/context:python)
  
[![Packaging status](https://repology.org/badge/vertical-allrepos/activedirectoryenum.svg)](https://repology.org/project/activedirectoryenum/versions)  

## ADE - ActiveDirectoryEnum
```
 python -m ade
usage: ade [-h] [--dc DC] [-o OUT_FILE] [-u USER] [-s] [-smb] [-kp] [-bh] [-spn] [-sysvol] [--all] [--no-creds] [--dry-run]
           [--exploit EXPLOIT]

        ___        __  _            ____  _                __                   ______                    
       /   | _____/ /_(_)   _____  / __ \(_)_______  _____/ /_____  _______  __/ ____/___  __  ______ ___ 
      / /| |/ ___/ __/ / | / / _ \/ / / / / ___/ _ \/ ___/ __/ __ \/ ___/ / / / __/ / __ \/ / / / __ `__ \
     / ___ / /__/ /_/ /| |/ /  __/ /_/ / / /  /  __/ /__/ /_/ /_/ / /  / /_/ / /___/ / / / /_/ / / / / / /
    /_/  |_\___/\__/_/ |___/\___/_____/_/_/   \___/\___/\__/\____/_/   \__, /_____/_/ /_/\__,_/_/ /_/ /_/ 
                                                                      /____/                             

/*----------------------------------------------------------------------------------------------------------*/

optional arguments:
  -h, --help            show this help message and exit
  --dc DC               Hostname of the Domain Controller
  -o OUT_FILE, --out-file OUT_FILE
                        Path to output file. If no path, CWD is assumed (default: None)
  -u USER, --user USER  Username of the domain user to query with. The username has to be domain name as `user@domain.org`
  -s, --secure          Try to estalish connection through LDAPS
  -smb, --smb           Force enumeration of SMB shares on all computer objects fetched
  -kp, --kerberos_preauth
                        Attempt to gather users that does not require Kerberos preauthentication
  -bh, --bloodhound     Output data in the format expected by BloodHound
  -spn                  Attempt to get all SPNs and perform Kerberoasting
  -sysvol               Search sysvol for GPOs with cpassword and decrypt it
  --all                 Run all checks
  --no-creds            Start without credentials
  --dry-run             Don't execute a test but run as if. Used for testing params etc.
  --exploit EXPLOIT     Show path to PoC exploit code

```

The new inclusion of imbedded exploits can yield results such as:
```
...
[ WARN ] DC may be vulnerable to: [ cve-2020-1472 ]
...
```

To query an exploit do for PoC code:
```
$ python -m ade --exploit cve-2020-1472
Exploit for: cve-2020-1472 can be found at: https://github.com/dirkjanm/CVE-2020-1472
```

## Install

Run installation through pip3:
```
pip3 install ActiveDirectoryEnum
python -m ade
```
  
If you run BlackArch, ActiveDirectoryEnum is available through `pacman` as such:  
```
pacman -S activedirectoryenum
```  

## Included attacks/vectors

- [X] ASREPRoasting
- [X] Kerberoasting
- [X] Dump AD as BloodHound JSON files 
- [X] Searching GPOs in SYSVOL for cpassword and decrypting  
- [X] Run without creds and attempt to gather for further enumeration during the run
- [X] Sample exploits included:
 - CVE-2020-1472

## Collaboration

While this project is developed to fit my need, any collaboration is appriciated. Please feel free to fork the project, make changes according to the License agreements and make a Pull Request.
I only ask that:
- Keep equivilent naming standard as the base project
- Keep equivilent syntaxing
- Test your code
- Error handling is incorporated
- Document the feature - both in code but also for potential Wiki page

## Thanks & Acknowledgements

Big thanks to the creators of:
`Impacket` [@github](https://github.com/SecureAuthCorp/impacket)
`BloodHound` [@github](https://github.com/BloodHoundAD/BloodHound)
`BloodHound.py` [@github](https://github.com/fox-it/BloodHound.py)
`CVE-2020-1472` by Tom Tervoort of [Secura](https://github.com/SecuraBV/CVE-2020-1472)

Without the above this wrapper was not possible.


## License
[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2FCasperGN%2FActiveDirectoryEnumeration.svg?type=large)](https://app.fossa.com/projects/git%2Bgithub.com%2FCasperGN%2FActiveDirectoryEnumeration?ref=badge_large)
