Skip to content
/ AD_Enum Public

A script designed for scanning, enumeration and exploitation of Active Directory networks,

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

icon5730/AD_Enum

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
AD_Enum.sh
AD_Enum.sh
 
 
README.md
README.md
 
 

Repository files navigation

A Kali Linux based Bash script designed for automating the process of scanning, enumerating and exploiting Active Directory networks.

Key features of this script:

  • Timestamped output folder
  • Built-in Menu page for easy navigation between the various functions.
  • Built-in Help Manual in order to explain the various features of this tool to new users.
  • Built-in Variables page in order to support some of the script's more advanced features.

The script is divided into 3 sections (Scanning, Enumeration, Exploitation), that preform the following:

  1. Scanning:
  • Basic - Performs a regular nmap scan on the user-provided network range with the -Pn flag in order to bypass the discovery phase.
  • Intermediate - Performs a full nmap TCP Port range scan on the network.
  • Advanced - Performs a full nmap TCP Port scan on the network, while also performing a full masscan UDP Port range scan, for a complete picture.
  1. Enumeration:
  • Basic - Nmap scans the network for services (-sV), while also detecting the Domain Controller and DHCP server IP's.
  • Intermediate - Enumerates IP's for key services (FTP, SSH, SMB, WinRM, LDAP, RDP) as well as deploying 3 .nse scripts (smb-enum-domains.nse, smb-enum-groups.nse, smb-enum-users.nse), while also enumerating the Domain Controller's shared folders.
  • Advanced - Extracts all users, groups, shares, as well as the password policy. This mode also finds disabled and never-expired accounts. Lastly, it displays the accounts that are members of the Administrators group.
  1. Exploitation:
  • Basic - Nmap scans the network with its Vulnerability Scanning script.
  • Intermediate - Executes a Password Spray attack on the Domain Controller based on a user-given password list.
  • Advanced - Extracts and attempts to crack the Domain Controller's password hashes with a user-given password list (keep in mind: this exploitation method will delete your john.pot file for password display and documnetation. Make sure you back it up before use in order to avoid losing previously cracked passwords).

All of the generated output is converted into IP-marked PDF files for convenience.

Notes: The PDF conversion process requires enscript to be installed. When the script is launched, it would check if the tool is installed on your Kali, and if the tool is missing - the script will install it for you.

Main Menu: 1 Help Manual: 2 Scanning: 3 Enumeration: 4 5 Exploitation: 6 7 Variable Input: 8 Output: 9 10 11 12

About

A script designed for scanning, enumeration and exploitation of Active Directory networks,

Topics

ldap automation enumeration nmap kerberos bash-script scanning exploitation kali-linux

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages