ADReaper is a tool developed in Golang with the purpose of quickly enumerating an Active Directory environment through LDAP queries. It provides several commands for conducting LDAP queries that target specific aspects of the Active Directory. This tool is particularly useful for efficiently gathering information about an Active Directory setup during security assessments, network analysis, or similar tasks.
Usage and Features
Information Gathered:
- Forest, Domain, Trusts, Sites, Subnets
- Password Policies (Default and Fine Grained)
- Domain Controllers, SMB versions, SMB Signing support, FSMO roles
- Users and their attributes
- Service Principal Names (SPNs)
- Groups and memberships
- Organizational Units (OUs)
- Group Policy objects and gPLink details
- DNS Zones and Records
- Printers
- Computers and their attributes
- Password Attributes (Experimental)
- LAPS passwords (if implemented)
- BitLocker Recovery Keys (if implemented)
- ACLs (DACLs and SACLs) for various AD objects
- GPOReport (requires RSAT)
- Kerberoast (not included in the default collection method)
- Domain accounts used for service accounts (requires privileged account and not included in the default collection method)
Usage Prerequisites:
- .NET Framework 3.0 or later
- PowerShell 2.0 or later
- Optional: Microsoft Excel (for report generation)
- Optional: Remote Server Administration Tools (RSAT)
Installation
Clone the repository using Git or download the latest release.
Usage Examples
Run ADRecon on a domain member host:
Run ADRecon on a domain member host as a different user:
Run ADRecon on a non-member host using LDAP:
Report Generation
Generate the ADRecon-Report.xlsx based on ADRecon output(CSV Files):
When you run ADRecon, a folder will be created containing ADRecon-Report.xlsx and CSV files with the raw data.
