Lazy Pentesting Active Directory
Lazy Pentesting Active Directory aka LazyPAD is a wrapper written in Bash for Linux tools that automate the process of Enumeration and vulnerability detection in an Active Directory.
Check the post Blog for more information about the Tool.
Start
Clone the repository and run LazyPAD.sh -h
git clone https://github.com/Snifer/LazyPentestingAD.git
Verify Tools installed
LazyPAD.sh -T
Null Session
LazyPAD.sh -i <IP-DC> -N
Enumerate Active Directory
LazyPAD.sh -u <USER-DOMAIN> -p <PASSWORD-DOMAIN> -d <DOMAIN-NAME> -i <IP-DC> -E
Vulnerability Active Directory
LazyPAD.sh -u <USER-DOMAIN> -p <PASSWORD-DOMAIN> -d <domain> -i <IP DC> -V
Generate Report
LazyPAD.sh -U <NEO4J-USER> -P <NEO4J-PASSWORD> -R
TODO:
- Complete implementation TOP 16 Activie Directory Vulnerability.
- Implement Password Cracking function.
- Complete the example of how to use the tool in the help menu.
- Start Neo4j and Bloodhound, to import the .json files from ldapdomaindump.
- Add installation and parameterization module.
- Symbolic link with the tools.
- Null Session --rid-brute.
- Configure notifications in Telegram, Slack, Discord.
- Add function to perform tests on network segments.
- Improve the Vulnerability detection module.
- Improve Markdown reporting.
- Improve the Null Session module.
- Add list tool used in the Script.
- Multilanguage support and autodetect OS language feature.
- Compatibility with many Linux distributions.
- Auto update function.
The main branch is the one that works correctly. If you want to see new functions implemented you can follow the dev branch.
Report bugs and Collaborate
- If you want to collaborate pull request, or Create Issue.