Leo4j/Invoke-ADEnum Leo4j/Invoke-ADEnum

  • Stars
    star
    343
  • Rank 123,371 (Top 3 %)
  • Language
    PowerShell
  • License
    GNU General Publi...
  • Created over 1 year ago
  • Updated 4 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
Leo4j/Invoke-ADEnum
github

Leo4j

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Automate Active Directory Enumeration

Invoke-ADEnum

Active Directory Enumeration

Invoke-ADEnum is an Active Directory enumeration tool designed to automate the process of gathering information from an Active Directory environment, leveraging the capabilities of PowerView.

With Invoke-ADEnum, you can quickly and efficiently enumerate various aspects of Active Directory, including forests, domains, trusts, domain controllers, users, groups, computers, shares, subnets, ACLs, OUs, GPOs, and more.

One of the features of Invoke-ADEnum is its ability to generate an Active Directory Audit Report in HTML format. Whether performing security assessments, compliance audits, or general Active Directory enumeration tasks, the report will provide a detailed overview of the Active Directory infrastructure, in an easy-to-navigate layout.

Invoke-ADEnum will generate a client-oriented report as well, which will include only relevant findings and list remediations/recommendations.

NOTE: By clicking on the tables' titles, you can generate and download a CSV version of the results. Additionally, you have the option to export the entire HTML report in XLSX format by clicking on "Active Directory Audit" at the top of the page. The XLSX export will include a separate sheet for each table of findings.

image

An offline version of the tool is also available, which won't load PowerView from the internet (useful against web filtering or lab scenarios).

Invoke-ADEnum is a tool for any IT professional working with Active Directory.

If you find Invoke-ADEnum valuable and use it in your work, please consider giving us a star on GitHub. Your support motivates the developer to continue improving and maintaining this project

Usage

Load the script in memory:

iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/Leo4j/Invoke-ADEnum/main/Invoke-ADEnum.ps1')

For usage, please refer to the Help page:

Invoke-ADEnum -Help

Check your targets first, and make sure you stay in scope

Invoke-ADEnum -TargetsOnly

Recommended Coverage

Invoke-ADEnum -SecurityGroups -GPOsRights -LAPSReadRights -RBCD -AllGroups -SprayEmptyPasswords -UserCreatedObjects

+++> NOTE: If you use -CustomURL or -Local parameters you'll have to bypass AMSI manually <+++

2023-06-03_15-25 2023-06-03_15-26_1 2023-06-03_15-27 2023-06-03_15-28

Disclaimer

Invoke-ADEnum is intended exclusively for research, education, and authorized testing. Its purpose is to assist professionals and researchers in identifying vulnerabilities and enhancing system security.

Users must secure explicit, mutual consent from all parties involved before utilizing this tool on any system, network, or digital environment, as unauthorized activities can lead to serious legal consequences. Users are responsible for adhering to all applicable laws and regulations related to cybersecurity and digital access.

The creator of Invoke-ADEnum disclaims liability for any misuse or illicit use of the tool and is not responsible for any resulting damages or losses.

More Repositories

1

Amnesiac

Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with lateral movement within Active Directory environments
PowerShell
339
star
2

Invoke-SessionHunter

Retrieve and display information about active user sessions on remote computers. No admin privileges required.
PowerShell
162
star
3

Invoke-SMBRemoting

Interactive Shell and Command Execution over Named-Pipes (SMB) for Fileless lateral movement
PowerShell
63
star
4

SessionExec

Execute commands in other Sessions
PowerShell
43
star
5

ShellGen

PowerShell script to generate ShellCode in various formats
PowerShell
37
star
6

Invoke-ShareHunter

Enumerate the Domain for Readable and Writable Shares
PowerShell
15
star
7

Invoke-RunAsSystem

A simple script to elevate current session to SYSTEM (needs to be run as Administrator)
PowerShell
11
star
8

Practical_Ethical_Hacking_Mindmap

PenTest guide reference including tools and some commands
10
star
9

Tools

PowerShell
9
star
10

Find-LocalAdminAccess

Check the Domain for Local Admin Access
PowerShell
9
star
11

KeyCredentialLink

Add Shadow Credentials to a target object by editing their msDS-KeyCredentialLink attribute
PowerShell
8
star
12

Invoke-WMIRemoting

Command Execution or Pseudo-Shell over WMI
PowerShell
8
star
13

JRecon

A tool to automate Active Directory Enumeration
PowerShell
7
star
14

CheckSMBSigning

Checks for SMB signing disabled on all hosts in the network
PowerShell
6
star
15

PassSpray

Domain Password Spray
PowerShell
6
star
16

Token-Impersonation

Make or Steal a Token
PowerShell
6
star
17

JMove

Lateral Movement within Windows environments
PowerShell
4
star
18

Invoke-GrabTheHash

Get the NTLM Hash for the User or Machine Account TGT held in your current session
PowerShell
4
star
19

Invoke-s4u2self

A tool that abuses s4u2self to gain access to remote hosts
PowerShell
4
star
20

Invoke-ShadowHunter

Automate accounts takeover by abusing GenericWrite/GenericAll rights to add Shadow Credentials
PowerShell
4
star
21

ADQuery

Query Active Directory Objects, GPOs, OUs, Groups
PowerShell
4
star
22

JBreach

PowerShell
3
star
23

CredsManager

A tool designed for efficient organisation and secure storage of credentials gathered during penetration tests
HTML
3
star
24

Collect-ADObjects

Collect Active Directory Objects
PowerShell
2
star
25

CheckWebDAVStatus

Checks for WebDAV Service Status Enabled on all hosts in the network
PowerShell
2
star
26

Validate-Credentials

Validate Domain Credentials
PowerShell
2
star
27

TGT_Monitor

Monitor for TGTs
PowerShell
2
star
28

Enum-CertTemplates

Enumerate for and list Certificate Templates
PowerShell
2
star
29

PS2EXE

Convert Powershell scripts to EXEs
PowerShell
2
star
30

Set-DomainObject

Modify or clear a property for a specified active directory object
PowerShell
1
star
31

Get-DNSRecords

Queries DNS records from the Active Directory domain, specifically from the DNS zones stored in the Active Directory.
PowerShell
1
star
32

File-Server

A simple TCP file server
PowerShell
1
star
33

VBAFormat

Format long strings to VBA code
PowerShell
1
star