Ldap_Search - Tool To Perform Ldap Queries Too Enumerate Users, Groups, Too Computers From Windows Domains


LDAP_Search tin live on used to enumerate Users, Groups, as well as Computers on a Windows Domain. Authentication tin live on performed using traditional username as well as password, or NTLM hash. In addition, this tool has been modified to permit animate beingness force/password-spraying via LDAP. Ldap_Search makes role of Impackets python36 branch to perform the primary operations. (These are the guys that did the existent heavy lifting as well as deserve the credit!)

Installation
git clone --recursive https://github.com/m8r0wn/ldap_search cd ldap_search sudo chmod +x setup.sh sudo ./setup.sh

Usage
Enumerate all active users on a domain:
python3 ldap_search.py users -u user1 -p Password1 -d demo.local
Lookup a unmarried user as well as display champaign headings:
python3 ldap_search.py users -q AdminUser -u user1 -p Password1 -d demo.local
Enumerate all computers on a domain:
python3 ldap_search.py computers -u user1 -p Password1 -d demo.local
Search for cease of life systems on the domain:
python3 ldap_search.py computers -q eol -u user1 -p Password1 -d demo.local -s DC01.demo.local
Enumerate all groups on the domain:
python3 ldap_search.py groups -u user1 -p Password1 -d demo.local -s 192.168.1.1
Query grouping members:
python3 ldap_search.py groups -q "Domain Admins" -u user1 -p Password1 -d demo.local

Queries
Below are the inquiry options that tin live on specified using the "-q" argument:
User   active / [None] - All active users (Default)   all - All users, fifty-fifty disabled   [specific concern human relationship or email] - lookup user, ex. "m8r0wn"    grouping   [None] - All domain groups   [Specific grouping name] - lookup grouping members, ex. "Domain Admins"   estimator   [None] - All Domain Computers   eol - await for all cease of life systems on domain

Options
positional arguments:   lookup_type       Lookup Types: user, group, estimator  optional arguments:   -q QUERY          Specify user or grouping to inquiry or role eol.   -u USER           Single username   -U USER           Users.txt file   -p PASSWD         Single password   -P PASSWD         Password.txt file   -H HASH           Use Hash for Authentication   -d DOMAIN         Domain (Ex. demo.local)   -s SRV, -srv SRV  LDAP Server (optional)   -t TIMEOUT        Connection Timeout (Default: 4)   -v                Show Search Result Attribute Names   -vv               Show Failed Logins & Errors