ADReaper
is a tool written in Golang which enumerate a Active Directory environment with LDAP queries within few seconds
You can download precompiled executable binaries for Windows/Linux from latest releases.
To build from source, clone the repo and build it with GO
git clone https://github.com/AidenPearce369/ADReaper
cd ADReaper/
go build
./ADReaper
-command string
Command to run
users - to list all users
user-logs - to list user session activities
never-loggedon - to list users never logged on
groups - to list all groups with members
computers - to list all computers
dc - to list domain controllers
gpo - to list group policy objects
spn - to list service principal objects
admin-priv - to list AD objects with admin privilege
domain-trust - to list domain trust
ou - to list organizational units
ms-sql - to list MS-SQL servers
-dc string
Enter the DC
-password string
Enter the Password
-user string
Enter the Username
$ ./ADReaper -command dc -dc SRV2019.offsec.nl -password Welkom1234 -user johndo@offsec.nl
+--------------------------------------------------------------------------------------------+
| DOMAIN CONTROLLERS |
+--------------------------------------------------------------------------------------------+
| Distinguished Name (DN) : CN=SRV2019,OU=Domain Controllers,DC=offsec,DC=nl |
| SAM Account Name : SRV2019$ |
| Common Name (CN) : SRV2019 |
| Logon Count : 99 |
| DNS Host Name : SRV2019.offsec.nl |
| Service Principal Name (SPN) : Dfsr-12F9A27C-BF97-4787-9364-D31B6C55EB04/SRV2019.offsec.nl |
| Operating System : Windows Server 2019 Standard |
| Operating System Version : 10.0 (17763) |
| UAC Flag : SERVER_TRUST_ACCOUNT,TRUSTED_FOR_DELEGATION |
| Object GUID : 6c808bd9-f8e4-4587-9e9d-539ff59b3346 |
| Object SID : S-1-5-21-3509477529-2169914037-1395257886-1000 |
+--------------------------------------------------------------------------------------------+
| Distinguished Name (DN) : CN=SRV2022,OU=Domain Controllers,DC=offsec,DC=nl |
| SAM Account Name : SRV2022$ |
| Common Name (CN) : SRV2022 |
| Logon Count : 34 |
| DNS Host Name : SRV2022.offsec.nl |
| Service Principal Name (SPN) : HOST/SRV2022.offsec.nl/OFFSEC |
| Operating System : Windows Server 2022 Standard |
| Operating System Version : 10.0 (20348) |
| UAC Flag : SERVER_TRUST_ACCOUNT,TRUSTED_FOR_DELEGATION |
| Object GUID : 492c1af5-48ab-4f3c-9bd0-cc1d658be070 |
| Object SID : S-1-5-21-3509477529-2169914037-1395257886-4188 |
+--------------------------------------------------------------------------------------------+
$ ./ADReaper -command computers -dc SRV2019.offsec.nl -password Welkom1234 -user johndo@offsec.nl
+--------------------------------------------------------------------------------------------------+
| COMPUTERS |
+--------------------------------------------------------------------------------------------------+
| Distinguished Name (DN) : CN=SRV2019,OU=Domain Controllers,DC=offsec,DC=nl |
| SAM Account Name : SRV2019$ |
| Common Name (CN) : SRV2019 |
| DNS Host Name : SRV2019.offsec.nl |
| Service Principal Name (SPN) : Dfsr-12F9A27C-BF97-4787-9364-D31B6C55EB04/SRV2019.offsec.nl |
| Operating System : Windows Server 2019 Standard |
| Operating System Version : 10.0 (17763) |
| UAC Flag : SERVER_TRUST_ACCOUNT,TRUSTED_FOR_DELEGATION |
| Object GUID : 6c808bd9-f8e4-4587-9e9d-539ff59b3346 |
| Object SID : S-1-5-21-3509477529-2169914037-1395257886-1000 |
+--------------------------------------------------------------------------------------------------+
| Distinguished Name (DN) : CN=FINWDBAS1000000,OU=OGC,OU=Stage,DC=offsec,DC=nl |
| SAM Account Name : FINWDBAS1000000$ |
| Common Name (CN) : FINWDBAS1000000 |
[...]
$ ./ADReaper -command users -dc SRV2019.offsec.nl -password Welkom1234 -user johndo@offsec.nl
+-------------------------+
| USERS |
+-------------------------+
| - Administrator |
| - Guest |
| - SRV2019$ |
| - krbtgt |
| - MARSHALL_FRANKS |
| - JAMES_VAUGHAN |
| - WARD_CONTRERAS |
| - EDDY_MILES |
| - ANDREW_VASQUEZ |
| - ULYSSES_COTE |
| - RICKIE_WEAVER |
| - SALLIE_SHANNON |
| - AUBREY_WISE |
| - MARCY_TANNER |
| - CHARLEY_KLEIN |
[...]