A Golang programme called ADReaper was created to quickly renumber an Active Directory environment using LDAP queries. It enables a number of commands that carry out LDAP searches in relation to particular elements of the Active Directory.

ADReaper is a tool developed in Golang with the purpose of quickly enumerating an Active Directory environment through LDAP queries. It provides several commands for conducting LDAP queries that target specific aspects of the Active Directory. This tool is particularly useful for efficiently gathering information about an Active Directory setup during security assessments, network analysis, or similar tasks.


The most recent editions of Windows and Linux have precompiled executable binaries for download.To install from source, take the following actions:


ADReaper performs enumeration with various commands that execute LDAP queries. Examples of commands include:

PS C:\Users\redteamer\Desktop\shared> .\ADReaper.exe

 -command string

Command to run

          dc - list domain controllers

          domain-trust - list domain trust

          users - list all users

          computers - list all computers

          groups - list all group swith members

          spn - list service principal objects

          never-loggedon - list users never logged on

          gpo - list group policy objects

          ou - list organizational units

          ms-sql  - list MS-SQLservers

          asreproast - list AS-REP roastable accounts

          unconstrained  - list Unconstrained Delegated accounts

          admin-priv - list AD object swith admin privilege

-dc string

Enter the DC

-filter string

         Filters to use for users/groups/computers

         list - list sall objects only

         full-data -list all objects with properties

         membership -lists all members from an object


 -name string

Pass object name of user/group/computer

 -password string

Enter the Password

 -user string

Enter the Username

Examples of commands

  • To     enumerate properties of the Domain Controller of the domain:
  • To     enumerate Trust Attributes of the domain:
  • To     list all Users from the domain:
  • To     list all Users with attributes from the domain:

Table of Contents: