Skip to content

An Active Directory pwn collection written in shell script

Notifications You must be signed in to change notification settings

Shiva108/ADBasher

Repository files navigation

ADBasher

Under Development

Logo

An Active Directory penetration testing framework written in shell script.

This repo is a shell-script implementation of the "Active Directory pentesting mind map" found here: https://github.com/esidate/pentesting-active-directory and seen here:

Orange Pentesting AD

Version 0.4.0

  • Many scripts added
  • Userfriendliness improved with GPT

Version 0.1.1

  • "No credentials" part is "PoC" done.

Tested with:

  • PowerShell 7.2.1 (for linux)
  • zsh 5.8 (x86_64-debian-linux-gnu)
  • GNU bash, version 5.1.4(1)-release
  • Metasploit v6.2.22-dev
  • Parrot OS 5.1 (Electro Ara) x86_64 / 6.0.0-2parrot1-amd64
  • Kali Rolling (2022.3) x64 2022-08-08

Todo:

  • Pretty much everything!

The famous tree:

Will be updated...

*|-- 1 nocreds
*|   |-- 1 nocreds/ADnetscan.sh
*|   |-- 1 nocreds/ADpoison.sh
*|   |-- 1 nocreds/bannergrap.sh
*|   |-- 1 nocreds/Coercer
*|   |-- 1 nocreds/coerce.sh
*|   |-- 1 nocreds/findcertserv.sh
*|   |-- 1 nocreds/FindDCip.sh
*|   |-- 1 nocreds/kerbscan.sh
*|   |-- 1 nocreds/ldapenum.sh
*|   |-- 1 nocreds/nmapldap.sh
*|   |-- 1 nocreds/PetitPotam
*|   `-- 1 nocreds/smbscan.sh
*|-- 2 quick
*|   |-- 2 quick/CVE-2020-1472
*|   |-- 2 quick/eternalblue.sh
*|   |-- 2 quick/log4shell.sh
*|   |-- 2 quick/msfscripts
*|   |-- 2 quick/proxylogon.sh
*|   |-- 2 quick/proxyshell.sh
*|   |-- 2 quick/zerologon
*|   |-- 2 quick/zeroscanmsf.sh
*|   `-- 2 quick/zeroscan.sh
*|-- 3 nopass
*|   |-- 3 nopass/roast
*|   `-- 3 nopass/spray
*|-- 4 mitm
*|-- 5 knownvulns
*|-- 6 validcreds
*|   |-- 6 validcreds/enumAD.sh
*|   `-- 6 validcreds/rpccon.sh
*|-- 7 privesc
*|-- 8 weakADCSconfig
*|-- adenum.sh
*|-- install.sh
*|-- prep.sh
*|-- rainbow.sh
*|-- resources
*|   |-- resources/template.sh
*|   `-- resources/treemaker.sh
*`-- restartNM.sh

License

ADBasher is released under the Creative Commons Attribution-NonCommercial 4.0 International License (CC BY-NC 4.0).