A (partial) Python rewriting of PowerSploit's PowerView
get-objectowner
. You can use this function to retrieve owner of any Active Directory object._well_known_rids
in ADObject
. A (partial) list of well known RIDs.--hashes :deadbeefdeadbeefdeadbeef
)ldap3
special branch to work against hardened DCs. Thus, if the targeted DC enforces LDAP Signing and/or Channel Binding, please use this custom ldap3
version. S/O @CravateRougeget-objectacl
when used with --resolve-guid
get-netsmsa
and get-netgmsa
(by @pbalmelle)get-adservices
no longer exists, use get-netgmsa
to retrieve gMSAREADME
for details)get_adserviceaccount
to works with kerberos authenticationget-netdomaintrust
no longer tries to interpret results--full-data
flag to get-netdomaintrust
--laps-passwords
option to get-netcomputer
to query only computers for which the user can read LAPS passwords (thanks @SAERXCIT).allowed-to-authenticate
in the right filter list for get-objectacl
. This can be useful when Selective Authentication is set (see https://twitter.com/AlmondOffSec/status/1577958969523535873).--pre-created
option to get-netcomputer
to return potentially vulnerable computer accounts (see https://www.trustedsec.com/blog/diving-into-pre-created-computer-accounts/). Caution: This option is prone to false positives and negatives.useraccountcontrol
attribute is now returned when using get-netgroupmember
function. This can be useful to detect disabled admin accounts or accounts that are not allowed for delegation.beautifulsoup4
instead of bs4
package (thanks @fabaff).ms-Mcs-AdmPwdExpirationTime
is now formatted as a timestamp.get-netcomputer
now returns all computer accounts even those without dnshostname
.samaccountype
attribute is now formatted as a string.get-netgroupmember
now returns also computer accountsREADME
for details)get-adserviceaccount
functionality--logging
option to get different debug levels and messages--json
--tls
find-gpocomputeradmin
: there was a bug when setting isgroup
attribute in GPOComputerAdmin
objectget-domainpolicy
: fixed a bug in SID resolvingget-objectacl
: can be used to list ACL on a domain objectget-netpso
: lists Password Settings Objects (fine-grained password policies)ADObject
was simplified, both in its management by the code and its pretty-printing.StringsIO
changed to BytesIO
in GPO parsing functionsimpacket
, bs4
, and lxml
are neededclose()
were changed to unbind()
(due to the change of LDAP library)get-netgroup
when group names have parenthesis (this will have to be done for other functions, and maybe at another place of the code)get-netfileserver
when file server attributes are absentldap3
library instead of impacket
, since ldap3
is a "perfect" implementation of LDAP RFCs.--attributes
for certain get-*
functions, thanks to @99red!get-netsite
is functioning again.