• Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Menu
  • Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Search
Close
  • Home
  • 2019
  • August
  • 10
  • ADRecon – Active Directory Recon

ADRecon – Active Directory Recon

August 10, 2019 Comments Off on ADRecon – Active Directory Recon

ADRecon provides a holistic picture of the current state of AD environment. This tool can be used by Blue Team, Purple Team, Red Team, System Administrators or just security professional to extract and combines various artifacts out of an AD environment.

The information can be presented in a specially formatted Microsoft Excel report that includes summary views with metrics to facilitate analysis.

The tool is useful to various classes of security professionals like auditors, DFIR, students, administrators, etc. It can also be an invaluable post-exploitation tool for a penetration tester.

The following modules included with the tool:

  • Forest
  • Domain
  • Trusts
  • Sites
  • Subnets
  • Default Password Policy
  • Fine Grained Password Policy (if implemented)
  • Domain Controllers, SMB versions, whether SMB Signing is supported and FSMO roles
  • Users and their attributes
  • Service Principal Names (SPNs)
  • Groups and memberships
  • Organizational Units (OUs)
  • ACLs for the Domain, OUs, Root Containers and GroupPolicy objects
  • Group Policy Object details
  • DNS Zones and Records
  • Printers
  • Computers and their attributes
  • LAPS passwords (if implemented)
  • BitLocker Recovery Keys (if implemented)
  • GPOReport (requires RSAT).

Getting Started

These instructions will get you a copy of the tool up and running on your local machine.

Prerequisites

  • .NET Framework 3.0 or later (Windows 7 includes 3.0)
  • PowerShell 2.0 or later (Windows 7 includes 2.0)

Optional

  • Microsoft Excel (to generate the report)
  • Remote Server Administration Tools (RSAT):
    • Windows 10 (https://www.microsoft.com/en-au/download/details.aspx?id=45520)
    • Windows 7 (https://www.microsoft.com/en-au/download/details.aspx?id=7887)

Installing

If you have git installed, you can start by cloning the repository:

git clone https://github.com/sense-of-security/ADRecon.git

Otherwise, you can download a zip archive of the latest release. The intent is to always keep the master branch in a working state.

Usage

Examples

To run ADRecon on a domain member host.

PS C:\> .\ADRecon.ps1

To run ADRecon on a domain member host as a different user.

PS C:\>.\ADRecon.ps1 -DomainController <IP or FQDN> -Credential <domain\username>

To run ADRecon on a non-member host using LDAP.

PS C:\>.\ADRecon.ps1 -Protocol LDAP -DomainController <IP or FQDN> -Credential <domain\username>

To run ADRecon with specific modules on a non-member host with RSAT. (Default OutputType is STDOUT with -Collect parameter)

PS C:\>.\ADRecon.ps1 -Protocol ADWS -DomainController <IP or FQDN> -Credential <domain\username> -Collect Domain, DomainControllers

To generate the ADRecon-Report.xlsx based on ADRecon output (CSV Files).

PS C:\>.\ADRecon.ps1 -GenExcel C:\ADRecon-Report-<timestamp>

When you run ADRecon, a ADRecon-Report-<timestamp> folder will be created which will contain ADRecon-Report.xlsx and CSV-Folder with the raw files.

Parameters

-Protocol <String>
    Which protocol to use; ADWS (default) or LDAP

-DomainController <String>
    Domain Controller IP Address or Domain FQDN.

-Credential <PSCredential>
    Domain Credentials.

-GenExcel <String>
    Path for ADRecon output folder containing the CSV files to generate the ADRecon-Report.xlsx. Use it to generate the ADRecon-Report.xlsx when Microsoft Excel is not installed on the host used to run ADRecon.

-OutputDir <String>
    Path for ADRecon output folder to save the CSV/XML/JSON/HTML files and the ADRecon-Report.xlsx. (The folder specified will be created if it doesn't exist) (Default pwd)

-Collect <String>
    Which modules to run (Comma separated; e.g Forest,Domain. Default all except Kerberoast)
    Valid values include: Forest, Domain, Trusts, Sites, Subnets, PasswordPolicy, FineGrainedPasswordPolicy, DomainControllers, Users, UserSPNs, PasswordAttributes, Groups, GroupMembers, OUs, ACLs, GPOs, gPLinks, GPOReport, DNSZones, Printers, Computers, ComputerSPNs, LAPS, BitLocker, Kerberoast DomainAccountsusedforServiceLogon.

-OutputType <String>
    Output Type; Comma seperated; e.g CSV,STDOUT,Excel (Default STDOUT with -Collect parameter, else CSV and Excel).
    Valid values include: STDOUT, CSV, XML, JSON, HTML, Excel, All (excludes STDOUT).

-DormantTimeSpan <Int>
    Timespan for Dormant accounts. (Default 90 days)

-PassMaxAge <Int>
    Maximum machine account password age. (Default 30 days)

-PageSize <Int>
    The PageSize to set for the LDAP searcher object. (Default 200)

-Threads <Int>
    The number of threads to use during processing objects (Default 10)

-Log <Switch>
    Create ADRecon Log using Start-Transcript

You can download the latest release over here: https://github.com/sense-of-security/

Post navigation

PoshC2 – Powershell C2 Server and Implants
Keylogger Detector – Detects Stealth Keyloggers

Related Articles

DeTTecT – Detect Tactics, Techniques & Combat Threats

- Incident Response
October 15, 2019

DumpsterFire Toolset – Security Incidents In A Box!

- Incident Response
October 4, 2019

SysmonX – An Augmented Drop-In Replacement of Sysmon

- Incident Response
September 6, 2019
hacker gadgets
hacker phone covers

Recent Posts

Winevt_Logs_Analysis - Searching .Evtx Logs For Remote Connections

Winevt_Logs_Analysis – Searching .Evtx Logs For Remote Connections

February 5, 2023
NJ Man Attempted to Hire a Hitman on the Dark Web

NJ Man Attempted to Hire a Hitman on the Dark Web

February 5, 2023
PlumHound v1.5.1 releases: Bloodhound for Blue and Purple Teams

PlumHound v1.5.1 releases: Bloodhound for Blue and Purple Teams

February 4, 2023
EAST - Extensible Azure Security Tool - Documentation

EAST – Extensible Azure Security Tool – Documentation

February 4, 2023
Dutchman Sold Counterfeit Banknotes on the Dark Web

Dutchman Sold Counterfeit Banknotes on the Dark Web

February 4, 2023
CVE-2023-22501: Critical Flaw in Atlassian Jira Service Management Server and Data Center

CVE-2023-22501: Critical Flaw in Atlassian Jira Service Management Server and Data Center

February 4, 2023

Social Media Hacking

SocialPath – Track users across Social Media Platforms

SocialPath – Track users across Social Media Platforms

- Social Media Hacking
October 16, 2019October 16, 2019

SocialPath is a django application for gathering social media intelligence on specific username. It checks for Twitter, Instagram, Facebook, Reddit...

SocialScan – Check Email Address and Username Availability on Online Platforms

SocialScan – Check Email Address and Username Availability on Online Platforms

June 17, 2019
Shellphish – Phishing Tool For 18 Social Media Apps

Shellphish – Phishing Tool For 18 Social Media Apps

June 10, 2019July 27, 2019
WhatsApp Hacking using QRLJacking

WhatsApp Hacking using QRLJacking

May 2, 2019May 19, 2019
How to Hack any Facebook Account with Z-Shadow

How to Hack any Facebook Account with Z-Shadow

April 26, 2019June 29, 2020
hacker buffs

About Us

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Join Our Community!

Please wait...
Get the latest News and Hacking Tools delivered to your inbox.
Don't Worry ! You will not be spammed

Active Members

Submit a Tool

Hackers Handbook 2018


Grab your copy here

ABOUT US

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Our primary focus revolves around the latest tools released in the Infosec community and provide a platform for developers to showcase their skillset and current projects.

COMPANY
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Menu
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Live Chat
RESOURCES
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Menu
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Get Started
TOOLBOX
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Menu
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Tools Directory

2014 – 2020 | Haxf4rall.com               Stay Connected:

Facebook Twitter Google-plus Wordpress
Please wait...

Join Our Community

Subscribe now and get your free HACKERS HANDBOOK

Don't Worry ! You will not be spammed
SIGN UP FOR NEWSLETTER NOW