reddit hackernews mail facebook facebook linkedin


Anonymously bruteforce Active Directory usernames by abusing LDAP Ping requests.

- Tries to autodetect DC from environment variables on domain joined machines or falls back to machine hostname FQDN DNS suffix
- Reads usernames to test from stdin (default) or file
- Outputs to stdout (default) or file
- Parallelized, multiple connections to multiple servers (defaults to 8 servers, 8 connections per server)
- Shows progressbar if you're using both input and output files
- Evasive maneuvers: Use --throttle 20 for a 20ms delay between each request (slows everything down to a crawl)
- Evasive maneuvers: Use --maxrequests 1000 to close connection and reconnect after 1000 requests in each connection (try to avoid detection based on traffic volume)