Active Directory assessment and privilege escalation script.
This script will do the following:
- Gather hashes via WPAD, LLMNR, and NBT-NS spoofing
- Check for GPP password (MS14-025)
- Gather hashes for accounts via Kerberoast
- Map out the domain and identify targets via BloodHound
- Check for privilege escalation methods
- Search for open SMB shares on the network
- Search those shares and other accessible directories for sensitive files and strings
- Check patches of systems on the network
- Search for file servers
- Search attached shares
- Gather the domain policy
This script requires access to Github, as it just pulls the scripts from Github and automates the collection process.