msLDAPDump
LDAP enumeration tool implemented in Python3.
msLDAPDump simplifies LDAP enumeration in a domain environment by wrapping the lpap3 library from Python in an easy-to-use interface. Like most of my tools, this one works best on Windows. If using Unix, the tool will not resolve hostnames that are not accessible via eth0 currently.
Users can bind to LDAP utilizing valid user account credentials or a valid NTLM hash. Using credentials will obtain the same information as the anonymously binded request, as well as checking for the following:
- Subnet scan for systems with ports 389 and 636 open
- Basic Domain Info (current user permissions, domain SID, password policy, machine account quota)
- Users
- Groups
- Kerberoastable Accounts
- ASREPRoastable Accounts
- Constrained Delegation
- Unconstrained Delegation
- Computer Accounts - will also attempt DNS lookups on the hostname to identify IP addresses
- Identify Domain Controllers
- Identify Servers
- Identify Deprecated Operating Systems
- Identify MSSQL Servers
- Identify Exchange Servers
- Group Policy Objects (GPO)
- Passwords in User description fields
Each check outputs the raw contents to a text file, and an abbreviated, cleaner version of the results in the terminal environment. The results in the terminal are pulled from the individual text files.