🏠 Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeiträge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden Überblick über die wichtigsten Aspekte der IT-Sicherheit in einer sich ständig verändernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch übersetzen, erst Englisch auswählen dann wieder Deutsch!

Google Android Playstore Download Button für Team IT Security

800+ IT News als RSS Feed abonnieren

Thema auswählen:

📚 SilentHound - Quietly Enumerate An Active Directory Domain Via LDAP Parsing Users, Admins, Groups, Etc.

🕛 Zeit seit Veröffentlichung: 635 Tage, 22 Stunden 3 Minuten
📆 Veröffentlicht am: 01.08.2022 um 14:30 Uhr
💡 Newskategorie: IT Security Nachrichten
🔗 Quelle: kitploit.com

Quietly enumerate an Active Directory Domain via LDAP parsing users, admins, groups, etc. Created by Nick Swink from Layer 8 Security.

Installation

Using pipenv (recommended method)

sudo python3 -m pip install --user pipenv
git clone https://github.com/layer8secure/SilentHound.git
cd silenthound
pipenv install

This will create an isolated virtual environment with dependencies needed for the project. To use the project you can either open a shell in the virtualenv with pipenv shell or run commands directly with pipenv run.

From requirements.txt (legacy)

This method is not recommended because python-ldap can cause many dependency errors.

Install dependencies with pip:

python3 -m pip install -r requirements.txt
python3 silenthound.py -h

Usage

$ pipenv run python silenthound.py -h
usage: silenthound.py [-h] [-u USERNAME] [-p PASSWORD] [-o OUTPUT] [-g] [-n] [-k] TARGET domain

Quietly enumerate an Active Directory environment.

positional arguments:
  TARGET                Domain Controller IP
  domain                Dot (.) separated Domain name including both contexts e.g. ACME.com / HOME.local / htb.net

optional arguments:
  -h, --help            show this help message and exit
  -u USERNAME, --username USERNAME
                        LDAP username - not the same as user principal name. E.g. Username: bob.dole might be 'bob
                        dole'
  -p PASSWORD, --password PASSWORD
                        LDAP passwo   rd - use single quotes 'password'
  -o OUTPUT, --output OUTPUT
                        Name for output files. Creates output files for hosts, users, domain admins, and descriptions
                        in the current working directory.
  -g, --groups          Display Group names with user members.
  -n, --org-unit        Display Organizational Units.
  -k, --keywords        Search for key words in LDAP objects.

About

A lightweight tool to quickly and quietly enumerate an Active Directory environment. The goal of this tool is to get a Lay of the Land whilst making as little noise on the network as possible. The tool will make one LDAP query that is used for parsing, and create a cache file to prevent further queries/noise on the network. If no credentials are passed it will attempt anonymous BIND.

Using the -o flag will result in output files for each section normally in stdout. The files created using all flags will be:

-rw-r--r--  1 kali  kali   122 Jun 30 11:37 BASENAME-descriptions.txt
-rw-r--r--  1 kali  kali    60 Jun 30 11:37 BASENAME-domain_admins.txt
-rw-r--r--  1 kali  kali  2620 Jun 30 11:37 BASENAME-groups.txt
-rw-r--r--  1 kali  kali    89 Jun 30 11:37 BASENAME-hosts.txt
-rw-r--r--  1 kali  kali  1940 Jun 30 11:37 BASENAME-keywords.txt
-rw-r--r--  1 kali  kali    66 Jun 30 11:37 BASENAME-org.txt
-rw-r--r--  1 kali  kali   529 Jun 30 11:37 BASENAME-users.txt