Quietly enumerate an Energetic Listing Area through LDAP parsing customers, admins, teams, and so forth. Created by Nick Swink from Layer 8 Safety.
Set up
Utilizing pipenv (advisable methodology)
sudo python3 -m pip set up --user pipenv
git clone https://github.com/layer8secure/SilentHound.git
cd silenthound
pipenv set up
It will create an remoted digital atmosphere with dependencies wanted for the challenge. To make use of the challenge you’ll be able to both open a shell within the virtualenv with
pipenv shell
or run instructions immediately withpipenv run
.
From necessities.txt (legacy)
This methodology isn’t advisable as a result of python-ldap could cause many dependency errors.
Set up dependencies with pip
:
python3 -m pip set up -r necessities.txt
python3 silenthound.py -h
Utilization
$ pipenv run python silenthound.py -h
utilization: silenthound.py [-h] [-u USERNAME] [-p PASSWORD] [-o OUTPUT] [-g] [-n] [-k] TARGET areaQuietly enumerate an Energetic Listing atmosphere.
positional arguments:
TARGET Area Controller IP
area Dot (.) separated Area title together with each contexts e.g. ACME.com / HOME.native / htb.web
non-compulsory arguments:
-h, --help present this assist message and exit
-u USERNAME, --username USERNAME
LDAP username - not the identical as consumer principal title. E.g. Username: bob.dole may be 'bob
dole'
-p PASSWORD, --password PASSWORD
LDAP passwo rd - use single quotes 'password'
-o OUTPUT, --output OUTPUT
Identify for output information. Creates output information for hosts, customers, area admins, and descriptions
within the present working listing.
-g, --groups Show Group names with consumer members.
-n, --org-unit Show Organizational Models.
-k, --keywords Seek for key phrases in LDAP objects.
About
A light-weight software to shortly and quietly enumerate an Energetic Listing atmosphere. The aim of this software is to get a Lay of the Land while making as little noise on the community as doable. The software will make one LDAP question that’s used for parsing, and create a cache file to forestall additional queries/noise on the community. If no credentials are handed it’ll try nameless BIND.
Utilizing the -o
flag will lead to output information for every part usually in stdout. The information created utilizing all flags will probably be:
-rw-r--r-- 1 kali kali 122 Jun 30 11:37 BASENAME-descriptions.txt
-rw-r--r-- 1 kali kali 60 Jun 30 11:37 BASENAME-domain_admins.txt
-rw-r--r-- 1 kali kali 2620 Jun 30 11:37 BASENAME-groups.txt
-rw-r--r-- 1 kali kali 89 Jun 30 11:37 BASENAME-hosts.txt
-rw-r--r-- 1 kali kali 1940 Jun 30 11:37 BASENAME-keywords.txt
-rw-r--r-- 1 kali kali 66 Jun 30 11:37 BASENAME-org.txt
-rw-r--r-- 1 kali kali 529 Jun 30 11:37 BASENAME-users.txt
Writer
Roadmap
- Parse customers belonging to particular OUs
- Refine output
- Constantly cleanup code
- Transfer in the direction of OOP
For extra function requests please submit an problem and add the enhancement
tag.