AD-LDAP-Enum — LDAP Based Active Directory Enumeration

ad-ldap-enum is a Python script that was developed to discover users and their group memberships from Active Directory. In large Active Directory environments, tools such as NBTEnum were not performing fast enough. By executing LDAP queries against a domain controller, ad-ldap-enum is able to target specific Active Directory attributes and build out group membership quickly.

ad-ldap-enum outputs two tab delimited files ‘Domain Group Membership.txt’ and ‘Extended Domain User Information.txt’. The first file contains users, computers, groups, and their memberships. The second file contains users and extra informtion about the users from Active Directory (e.g. a user’s home folder or email address).

ad-ldap-enum supports both authenticated and unauthenticated LDAP connections. Additionally, ad-ldap-enum can process nested groups and display a user’s actual group membership.

Requirements for Active Directory Enumeration

The package python-ldap is required for the script to execute. This can be installed with the following command:

pip install python-ldap

[adsense size='1']

Usage

ad-ldap-enum.py [-h] -l LDAP_SERVER -d DOMAIN [-e] [-n] [-u USERNAME] [-p PASSWORD] [-v]

Active Directory LDAP Enumerator

optional arguments:
  -h, --help                            show this help message and exit
  -v, --verbose                         Display Debugging Information

Server Parameters:
  -l LDAP_SERVER, --server LDAP_SERVER  LDAP Server
  -d DOMAIN, --domain DOMAIN            Fully Qualified Domain Name
  -e, --nested                          Expand Nested Groups

Authentication Parameters:
  -n, --null                            Use Null Authentication
  -u USERNAME, --username USERNAME      Username
  -p PASSWORD, --password PASSWORD      Password

Source && Download

https://github.com/CroweCybersecurity/ad-ldap-enum