AutoAD - Simple python script for AD enumeration
This tool was created on my spare time to help fellow penetration testers in automating the basic enumeration steps that they would do on their daily-basis job and can be useful in AD labs (CRTP/CRTE/CRTO/Offshore..etc)
(Spoiler: this tool is far from being perfect.)
Installation
git clone https://github.com/M-Arman/AutoAD.git
cd AutoAD
chmod +x install.sh
sudo ./install.sh
Usage
█████╗ ██╗ ██╗████████╗ ██████╗ █████╗ ██████╗
██╔══██╗██║ ██║╚══██╔══╝██╔═══██╗ ██╔══██╗██╔══██╗
███████║██║ ██║ ██║ ██║ ██║ ███████║██║ ██║
██╔══██║██║ ██║ ██║ ██║ ██║ ██╔══██║██║ ██║
██║ ██║╚██████╔╝ ██║ ╚██████╔╝ ██║ ██║██████╔╝
╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚═════╝ ╚═╝ ╚═╝╚═════╝
by M-Arman
usage: AutoAD.py [-h] -user USERNAME -pass PASSWORD -dc-ip DC_IP -dns-mode DNS_MODE
AutoAD - Simple python script for AD enumeration
optional arguments:
-h, --help show this help message and exit
-user USERNAME Username for the account that will be used for
authentication. (format: [email protected])
-pass PASSWORD Password for the account that will be used for
authentication.
-dc-ip DC_IP The IP address for the domain controller that will be
queried for results.
-dns-mode DNS_MODE 1= Use DC-IP as DNS server.(default)
2= Use system default DNS configurations.(proxychains/joined machine)
Features
- List Domain Controllers, Domain SID, Domain Admins.
- Check for printer spool on domain controllers to be abused with printer-bug.
- List Group Policy Objects (GPO).
- List Domain trusts.
- List Kerberoastable users.
- List Unconstrained delegation enabled computers.
- List Constrained delegation enabled computers/users.
- Find readable LAPS credentials.
- Checks for local administrator access on all domain computers as the querying user.
- Output domain users, users with description, computers, groups.
- Output hashes from TGS and ASREP roasting for offline cracking. (Impacket)
Example
./AutoAD.py -user [email protected] -pass N0tActuallyaPassw0rd -dc-ip 192.168.110.145
Screenshot
Future work
- Use OOP.
- Use hash authentication.
- Replace impacket hashes dumping method.
- Exchange Servers enumeration
- MSSQL enumeration.
License
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
2 Jan 10, 2022
3 Dec 09, 2021
1 Jan 11, 2022
26 Dec 05, 2022
5 Dec 20, 2022
391 Jan 01, 2023
5 Dec 06, 2022
49 Dec 02, 2022
10 Jan 16, 2022
2 Jan 31, 2022
11 Feb 11, 2022
1 Dec 12, 2021
1 Nov 07, 2021
49 Dec 08, 2022
1 Nov 03, 2021
2 Nov 18, 2022
14 Dec 29, 2022
3 Dec 09, 2022
30 Oct 05, 2022
1 Jan 10, 2022