ACLight

ACLight is a tool for discovering privileged accounts through advanced ACLs analysis (objects’ ACLs - Access Lists, aka DACL\ACEs).
It includes the discovery of Shadow Admins in the scanned network.

The tool queries the Active Directory (AD) for its objects' ACLs and then filters and analyzes the sensitive permissions of each one. The result is a list of most privileged accounts in the network (from the advanced ACLs perspective of the AD). You can run the scan with just any regular user, it could be a non-privileged user because it only performs legitimate read-only LDAP queries to the AD.

ACLight2 is the new version of ACLight scan. It’s much quicker, has a new scan architecture and better results. It solves scalability and performance issues from the previous version.

In addition, ACLight2 is built on a recursive scan and provides multi-layered privileged accounts analysis.
As a first step, the scan starts by building the first layer of privileged accounts. Those are the accounts who have direct privileges over the domain’s sensitive objects. Then, as a second step, the tool continues and scans the ACLs over those newly discovered privileged accounts from layer 1 and builds an optional second layer of new privileged accounts who have privileges over the accounts from the first layer. This second step is recursive, the tool keeps scanning for more optional layers of privileged accounts until all the privileged accounts chains are being enumerated.