Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)
No Windows audit logs generated. High speed ~ up to 10K usernames tested per second.
go install github.com/lkarlslund/ldapnomnom@latest
ldapnomnom [--server ipaddress] [--port number] [--tlsmode notls|tls|starttls] [--input filename] [--output filename [--progressbar]] [--parallel number-of-connections]
-dnsdomain string
Domain to connect to in DNS suffix format - will try autodection if not supplied
-ignorecert
Disable certificate checks (default true)
-input string
File to read usernames from, uses stdin if not supplied
-output string
File to write detected usernames to, uses stdout if not supplied
-parallel int
How many connections to run in parallel (default 8)
-port int
LDAP port to connect to (389 or 636 typical) (default 389)
-server string
DC to connect to, use IP or full hostname - will try autodection if not supplied
-tlsmode string
Transport mode (TLS, StartTLS, NoTLS) (default "NoTLS")
ldapnomnom --input 10m_usernames.txt --output results.txt --server 192.168.0.11 --parallel 16