ADReaper is a tool developed in Golang with the purpose of quickly enumerating an Active Directory environment through LDAP queries. It provides several commands for conducting LDAP queries that target specific aspects of the Active Directory. This tool is particularly useful for efficiently gathering information about an Active Directory setup during security assessments, network analysis, or similar tasks.
Installation
The most recent editions of Windows and Linux have precompiled executable binaries for download.To install from source, take the following actions:
Usage
ADReaper performs enumeration with various commands that execute LDAP queries. Examples of commands include:
PS C:\Users\redteamer\Desktop\shared> .\ADReaper.exe
-command string
Command to run
dc - list domain controllers
domain-trust - list domain trust
users - list all users
computers - list all computers
groups - list all group swith members
spn - list service principal objects
never-loggedon - list users never logged on
gpo - list group policy objects
ou - list organizational units
ms-sql - list MS-SQLservers
asreproast - list AS-REP roastable accounts
unconstrained - list Unconstrained Delegated accounts
admin-priv - list AD object swith admin privilege
-dc string
Enter the DC
-filter string
Filters to use for users/groups/computers
list - list sall objects only
full-data -list all objects with properties
membership -lists all members from an object
(default"list")
-name string
Pass object name of user/group/computer
-password string
Enter the Password
-user string
Enter the Username
Examples of commands
- To enumerate properties of the Domain Controller of the domain:
- To enumerate Trust Attributes of the domain:
- To list all Users from the domain:
- To list all Users with attributes from the domain:
