Home Unlabelled Nebulousad - Automated Credential Auditing Tool

Nebulousad - Automated Credential Auditing Tool

By
Thursday, January 24, 2013
Read
Add Comment

NebulousAD Automated Credential Auditing Tool.

Installation
Simply download the precompiled liberate (requires no python interpreter), or gear upwards from source:
Requires Python2.7 (for now)
Run git clone git@github.com:NuID/nebulousAD.git
Next, install amongst python setup.py install
Then initialize your key. You tin sack kicking the bucket your primal past times visiting: https://nebulous.nuid.io/#/register Once registered, click the push to generate your API primal together with re-create it.
Now y'all tin sack initialize them similar so: nebulousAD -init-key
You tin sack instantly run the tool. If it can't uncovering your API key, y'all may demand to restart your end session. The API primal is stored inwards an surroundings variable. Logging out together with dorsum inwards also works.

Usage
Example to dump all hashes together with cheque them against NuID's api: nebulousAD.exe -v -snap -check
NuID Credential Auditing tool.  optional arguments:   -h, --help            present this assistance message together with move out   -ntds NTDS            NTDS.DIT file to parse   -system SYSTEM        SYSTEM registry hive to parse   -csv CSV              Output results to CSV file at this PATH.   -json JSON            Output results to JSON file at this PATH   -init-key INIT_KEY    Install your Nu_I.D. API primal to the electrical flow users                         PATH.   -c, -check           Check against Nu_I.D. API for compromised                         credentials.   -snap                 Use ntdsutil.exe to snapshot the organisation registry                         hive together with ntds.dit file to :\NuID\   -shred                When performing delete o   perations on files, purpose a vii                         overstep overwrite amongst sdelete.exe. Download here:                         https://docs.microsoft.com/en-                         us/sysinternals/downloads/sdelete   -no-backup            Do non backup the existing snapshots, but overwrite                         them instead.   -clean-old-snaps CLEAN_OLD_SNAPS                         Clean backups older than northward days.  display options:   -user-status          Display whether or non the user is disabled   -pwd-last-set         Shows pwdLastSet attribute for each draw of piece of employment concern human relationship works life                         inside the NTDS.DIT database.   -history              Dump NTLM hash history of the users.   -v                    Enable verbose mode.

-snap
The -snap param volition automatically snapshot Active Directory (using ntdsutil.exe), together with dump the ntds.dit file equally good equally the SYSTEM registry hive, if y'all cause got the privledges. You tin sack dump this manually using whatever multifariousness of methods or the ntdsutil.exe tool.
If dumping manually y'all tin sack betoken to the files amongst -system path\to\SYSTEM together with -ntds path\to\ntds.dit. This is useful if y'all desire to audit quondam snapshots.

-check
This requires an API primal from https://nebulous.nuid.io/#/register. Once y'all cause got that together with installed amongst -init-key, y'all tin sack cheque the hashes against the NuID API. If y'all cause got specified -history it volition also cheque each accounts password history to encounter if in that place was a password the user previously used that was compromised.

-user-status
Adds output indicating whether or non the draw of piece of employment concern human relationship is Enabled or Disabled inwards Active Directory

-pwd-last-set
Adds output indicating the appointment the account's password was final set. This tin sack live useful inwards detecting violations of safety policy of accounts that create non kicking the bucket reset automatically equally defined inwards GPO, such equally Service Accounts.

-history
Also audit or dump the accounts stored password history

-shred
Use a DoD vii overstep overwrite when wiping snapshots. This requires having sdelete.exe inwards your path. You tin sack kicking the bucket that here: https://docs.microsoft.com/en-us/sysinternals/downloads/sdelete
Just download that together with house it inwards your %SYSTEMDRIVE\Windows\System32\ directory, or setup the surroundings variable.

-clean-old-snaps
Useful on cleaning backups when setting this application to run amongst the Task Scheduler. The SYSTEM hive together with .dit file tin sack live rather large inwards bigger domains together with accept a practiced amount of disk space. If y'all purpose Task Scheduler to brand a daily audit, y'all tin sack purpose this selection similar so: -clean-old-snaps 7 to solely shop 1 weeks worth of snapshots.

-no-backup
If nosotros uncovering an quondam snapshot, nosotros dorsum it upwards to %SYSTEMDRIVE%\Program Files\NuID\snapshot-backups past times default. This is due to ntdsutil.exe requiring an empty directory. If y'all desire to disable this backup together with but wipe the electrical flow snapshot, purpose this argument.


Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us