dievus/msLDAPDump dievus/msLDAPDump

  • Stars
    star
    174
  • Rank 219,104 (Top 5 %)
  • Language
    Python
  • License
    GNU Affero Genera...
  • Created almost 2 years ago
  • Updated over 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
dievus/msLDAPDump
github

dievus

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

LDAP enumeration tool implemented in Python3

msLDAPDump

LDAP enumeration tool implemented in Python3

ko-fi

msLDAPDump simplifies LDAP enumeration in a domain environment by wrapping the lpap3 library from Python in an easy-to-use interface. Like most of my tools, this one works best on Windows. If using Unix, the tool will not resolve hostnames that are not accessible via eth0 currently.

Binding Anonymously

Users can bind to LDAP anonymously through the tool and dump basic information about LDAP, including domain naming context, domain controller hostnames, and more.

Credentialed Bind

Users can bind to LDAP utilizing valid user account credentials or a valid NTLM hash. Using credentials will obtain the same information as the anonymously binded request, as well as checking for the following:
  • Subnet scan for systems with ports 389 and 636 open
  • Basic Domain Info (Current user permissions, domain SID, password policy, machine account quota)
  • Users
  • Groups
  • Kerberoastable Accounts
  • ASREPRoastable Accounts
  • Constrained Delegation
  • Unconstrained Delegation
  • Computer Accounts - will also attempt DNS lookups on the hostname to identify IP addresses
  • Identify Domain Controllers
  • Identify Servers
  • Identify Deprecated Operating Systems
  • Identify MSSQL Servers
  • Identify Exchange Servers
  • Group Policy Objects (GPO)
  • Passwords in User description fields

Each check outputs the raw contents to a text file, and an abbreviated, cleaner version of the results in the terminal environment. The results in the terminal are pulled from the individual text files.

  • Add support for LDAPS (LDAP Secure)
  • NTLM Authentication
  • Figure out why Unix only allows one adapter to make a call out to the LDAP server (removed resolution from Linux until resolved)
  • Add support for querying child domain information (currently does not respond nicely to querying child domain controllers)
  • Figure out how to link the name to the Description field dump at the end of the script
  • Implement command line options rather than inputs
  • Check for deprecated operating systems in the domain

Mandatory Disclaimer

Please keep in mind that this tool is meant for ethical hacking and penetration testing purposes only. I do not condone any behavior that would include testing targets that you do not currently have permission to test against.

More Repositories

1

Oh365UserFinder

Python3 o365 User Enumeration Tool
Python
459
star
2

PowerShellForPentesters

Course repository for PowerShell for Pentesters Course
PowerShell
400
star
3

threader3000

Multi-threaded Python Port Scanner with Nmap Integration
Python
281
star
4

lnkbomb

Malicious shortcut generator for collecting NTLM hashes from insecure file shares.
Python
248
star
5

ADGenerator

Active Directory Generator files for Movement, Pivoting, and Persistence for Pentesters and Ethical Hackers.
PowerShell
172
star
6

msdorkdump

Google Dork File Finder
Python
162
star
7

printspoofer

155
star
8

msImpersonate

msImpersonate - User account impersonation written in pure Python3
Python
105
star
9

geeMailUserFinder

Python Gmail User Enumeration Tool
Python
96
star
10

msdnsscan

MayorSec DNS Enumeration Tool
Python
70
star
11

GatekeeperLite

Lite version of my Gatekeeper backdoor for public use.
Python
55
star
12

Python3-C2-Course-Code-Modules

Modules for my C2 course students to use for their own projects.
Python
54
star
13

PowerShellRunner

PowerShell runner for executing malicious payloads in order to bypass Windows Defender.
PowerShell
34
star
14

Firefox-Dumper

Tool to transfer credential files from Firefox to your local machine to decrypt offline.
Python
23
star
15

PythonCreateYourOwnSeries

Files for my Python3 Create Your Own Tool Series
Python
22
star
16

MayorbotC2

My attempt at weaponizing Discord.
Python
19
star
17

BlackLister

Blacklist generator for password filters
Python
10
star
18

msToolSet-Docker

Dockerized version of my most used tools.
Python
10
star
19

helper

PowerShell
10
star
20

bufferoverflow

Repository of Ruby related buffer overflow boilerplates
Python
9
star
21

MayorSecPasswordGenerator

Simple Python tool that generates a pseudo-random password with numbers, letters, and special characters in accordance with password policy best practices.
Python
7
star
22

toolsdirectory

PowerShell
7
star
23

CVE-2021-37832

CVE-2021-37832 - Hotel Druid 3.0.2 SQL Injection Vulnerability - 9.8 CVSS 3.1
6
star
24

CVE-2020-28351

CVE-2020-28351 - Reflected Cross-Site Scripting attack in ShoreTel version 19.46.1802.0.
5
star
25

CVE-2021-37833

CVE 2021-37833 Hotel Druid 3.0.2 Reflected Cross Site Scripting
4
star
26

reverse-shells

3
star
27

Wordlists

3
star
28

mayorscan

Mayor's Toolkit
Shell
3
star
29

MayorSecWorkoutTracker

MayorSec Workout Tracker
Python
3
star
30

Project_Plus

HTML
2
star
31

PythonBOF

Python
2
star
32

msesxicontroller

Python ESXi CLI Controller
Python
2
star
33

pingsweep

The first tool I wrote when I started Pentesting.
Shell
2
star
34

MayorSec-SecuroText3000

SecuroText3000 will take unencrypted text files and encrypt the content utilizing a highly modified Vigenere cipher key. The increased key deviates from the typical alphabetical system, which increases the difficulty in cracking when the full key is not known.
Python
2
star
35

dievus

Config files for my GitHub profile.
1
star
36

skidnomore3000

Shell
1
star