From 820dca20fcee73c6f2dcc92ffeb43288799a9db5 Mon Sep 17 00:00:00 2001 From: CoprDistGit Date: Mon, 15 May 2023 07:08:06 +0000 Subject: automatic import of python-activedirectoryenum --- .gitignore | 1 + python-activedirectoryenum.spec | 390 ++++++++++++++++++++++++++++++++++++++++ sources | 1 + 3 files changed, 392 insertions(+) create mode 100644 python-activedirectoryenum.spec create mode 100644 sources diff --git a/.gitignore b/.gitignore index e69de29..b68cd2d 100644 --- a/.gitignore +++ b/.gitignore @@ -0,0 +1 @@ +/ActiveDirectoryEnum-0.5.0.tar.gz diff --git a/python-activedirectoryenum.spec b/python-activedirectoryenum.spec new file mode 100644 index 0000000..7e316b3 --- /dev/null +++ b/python-activedirectoryenum.spec @@ -0,0 +1,390 @@ +%global _empty_manifest_terminate_build 0 +Name: python-ActiveDirectoryEnum +Version: 0.5.0 +Release: 1 +Summary: Enumerate Active Directory with standard vectors +License: MIT License +URL: https://github.com/CasperGN/ActiveDirectoryEnumeration +Source0: https://mirrors.nju.edu.cn/pypi/web/packages/c4/6f/749bde7149555df102d7d14d3722d65cd445de8705c8e01080ba28a3e713/ActiveDirectoryEnum-0.5.0.tar.gz +BuildArch: noarch + +Requires: python3-cffi +Requires: python3-Click +Requires: python3-cryptography +Requires: python3-dnspython +Requires: python3-Flask +Requires: python3-future +Requires: python3-impacket +Requires: python3-itsdangerous +Requires: python3-Jinja2 +Requires: python3-ldap3 +Requires: python3-ldapdomaindump +Requires: python3-MarkupSafe +Requires: python3-progressbar +Requires: python3-pyasn1 +Requires: python3-pycparser +Requires: python3-pycryptodomex +Requires: python3-pyOpenSSL +Requires: python3-six +Requires: python3-termcolor +Requires: python3-Werkzeug +Requires: python3-bloodhound + +%description +[![GitHub stars](https://img.shields.io/github/stars/CasperGN/ActiveDirectoryEnumeration)](https://github.com/CasperGN/ActiveDirectoryEnumeration/stargazers) [![GitHub forks](https://img.shields.io/github/forks/CasperGN/ActiveDirectoryEnumeration)](https://github.com/CasperGN/ActiveDirectoryEnumeration/network) [![GitHub license](https://img.shields.io/github/license/CasperGN/ActiveDirectoryEnumeration)](https://github.com/CasperGN/ActiveDirectoryEnumeration/blob/master/LICENSE) [![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2FCasperGN%2FActiveDirectoryEnumeration.svg?type=shield)](https://app.fossa.com/projects/git%2Bgithub.com%2FCasperGN%2FActiveDirectoryEnumeration?ref=badge_shield) [![Total alerts](https://img.shields.io/lgtm/alerts/g/CasperGN/ActiveDirectoryEnumeration.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/CasperGN/ActiveDirectoryEnumeration/alerts/) [![Language grade: Python](https://img.shields.io/lgtm/grade/python/g/CasperGN/ActiveDirectoryEnumeration.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/CasperGN/ActiveDirectoryEnumeration/context:python) + +[![Packaging status](https://repology.org/badge/vertical-allrepos/activedirectoryenum.svg)](https://repology.org/project/activedirectoryenum/versions) + +## ADE - ActiveDirectoryEnum +``` + python -m ade +usage: ade [-h] [--dc DC] [-o OUT_FILE] [-u USER] [-s] [-smb] [-kp] [-bh] [-spn] [-sysvol] [--all] [--no-creds] [--dry-run] + [--exploit EXPLOIT] + + ___ __ _ ____ _ __ ______ + / | _____/ /_(_) _____ / __ \(_)_______ _____/ /_____ _______ __/ ____/___ __ ______ ___ + / /| |/ ___/ __/ / | / / _ \/ / / / / ___/ _ \/ ___/ __/ __ \/ ___/ / / / __/ / __ \/ / / / __ `__ \ + / ___ / /__/ /_/ /| |/ / __/ /_/ / / / / __/ /__/ /_/ /_/ / / / /_/ / /___/ / / / /_/ / / / / / / + /_/ |_\___/\__/_/ |___/\___/_____/_/_/ \___/\___/\__/\____/_/ \__, /_____/_/ /_/\__,_/_/ /_/ /_/ + /____/ + +/*----------------------------------------------------------------------------------------------------------*/ + +optional arguments: + -h, --help show this help message and exit + --dc DC Hostname of the Domain Controller + -o OUT_FILE, --out-file OUT_FILE + Path to output file. If no path, CWD is assumed (default: None) + -u USER, --user USER Username of the domain user to query with. The username has to be domain name as `user@domain.org` + -s, --secure Try to estalish connection through LDAPS + -smb, --smb Force enumeration of SMB shares on all computer objects fetched + -kp, --kerberos_preauth + Attempt to gather users that does not require Kerberos preauthentication + -bh, --bloodhound Output data in the format expected by BloodHound + -spn Attempt to get all SPNs and perform Kerberoasting + -sysvol Search sysvol for GPOs with cpassword and decrypt it + --all Run all checks + --no-creds Start without credentials + --dry-run Don't execute a test but run as if. Used for testing params etc. + --exploit EXPLOIT Show path to PoC exploit code + +``` + +The new inclusion of imbedded exploits can yield results such as: +``` +... +[ WARN ] DC may be vulnerable to: [ cve-2020-1472 ] +... +``` + +To query an exploit do for PoC code: +``` +$ python -m ade --exploit cve-2020-1472 +Exploit for: cve-2020-1472 can be found at: https://github.com/dirkjanm/CVE-2020-1472 +``` + +## Install + +Run installation through pip3: +``` +pip3 install ActiveDirectoryEnum +python -m ade +``` + +If you run BlackArch, ActiveDirectoryEnum is available through `pacman` as such: +``` +pacman -S activedirectoryenum +``` + +## Included attacks/vectors + +- [X] ASREPRoasting +- [X] Kerberoasting +- [X] Dump AD as BloodHound JSON files +- [X] Searching GPOs in SYSVOL for cpassword and decrypting +- [X] Run without creds and attempt to gather for further enumeration during the run +- [X] Sample exploits included: + - CVE-2020-1472 + +## Collaboration + +While this project is developed to fit my need, any collaboration is appriciated. Please feel free to fork the project, make changes according to the License agreements and make a Pull Request. +I only ask that: +- Keep equivilent naming standard as the base project +- Keep equivilent syntaxing +- Test your code +- Error handling is incorporated +- Document the feature - both in code but also for potential Wiki page + +## Thanks & Acknowledgements + +Big thanks to the creators of: +`Impacket` [@github](https://github.com/SecureAuthCorp/impacket) +`BloodHound` [@github](https://github.com/BloodHoundAD/BloodHound) +`BloodHound.py` [@github](https://github.com/fox-it/BloodHound.py) +`CVE-2020-1472` by Tom Tervoort of [Secura](https://github.com/SecuraBV/CVE-2020-1472) + +Without the above this wrapper was not possible. + + +## License +[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2FCasperGN%2FActiveDirectoryEnumeration.svg?type=large)](https://app.fossa.com/projects/git%2Bgithub.com%2FCasperGN%2FActiveDirectoryEnumeration?ref=badge_large) + + + +%package -n python3-ActiveDirectoryEnum +Summary: Enumerate Active Directory with standard vectors +Provides: python-ActiveDirectoryEnum +BuildRequires: python3-devel +BuildRequires: python3-setuptools +BuildRequires: python3-pip +%description -n python3-ActiveDirectoryEnum +[![GitHub stars](https://img.shields.io/github/stars/CasperGN/ActiveDirectoryEnumeration)](https://github.com/CasperGN/ActiveDirectoryEnumeration/stargazers) [![GitHub forks](https://img.shields.io/github/forks/CasperGN/ActiveDirectoryEnumeration)](https://github.com/CasperGN/ActiveDirectoryEnumeration/network) [![GitHub license](https://img.shields.io/github/license/CasperGN/ActiveDirectoryEnumeration)](https://github.com/CasperGN/ActiveDirectoryEnumeration/blob/master/LICENSE) [![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2FCasperGN%2FActiveDirectoryEnumeration.svg?type=shield)](https://app.fossa.com/projects/git%2Bgithub.com%2FCasperGN%2FActiveDirectoryEnumeration?ref=badge_shield) [![Total alerts](https://img.shields.io/lgtm/alerts/g/CasperGN/ActiveDirectoryEnumeration.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/CasperGN/ActiveDirectoryEnumeration/alerts/) [![Language grade: Python](https://img.shields.io/lgtm/grade/python/g/CasperGN/ActiveDirectoryEnumeration.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/CasperGN/ActiveDirectoryEnumeration/context:python) + +[![Packaging status](https://repology.org/badge/vertical-allrepos/activedirectoryenum.svg)](https://repology.org/project/activedirectoryenum/versions) + +## ADE - ActiveDirectoryEnum +``` + python -m ade +usage: ade [-h] [--dc DC] [-o OUT_FILE] [-u USER] [-s] [-smb] [-kp] [-bh] [-spn] [-sysvol] [--all] [--no-creds] [--dry-run] + [--exploit EXPLOIT] + + ___ __ _ ____ _ __ ______ + / | _____/ /_(_) _____ / __ \(_)_______ _____/ /_____ _______ __/ ____/___ __ ______ ___ + / /| |/ ___/ __/ / | / / _ \/ / / / / ___/ _ \/ ___/ __/ __ \/ ___/ / / / __/ / __ \/ / / / __ `__ \ + / ___ / /__/ /_/ /| |/ / __/ /_/ / / / / __/ /__/ /_/ /_/ / / / /_/ / /___/ / / / /_/ / / / / / / + /_/ |_\___/\__/_/ |___/\___/_____/_/_/ \___/\___/\__/\____/_/ \__, /_____/_/ /_/\__,_/_/ /_/ /_/ + /____/ + +/*----------------------------------------------------------------------------------------------------------*/ + +optional arguments: + -h, --help show this help message and exit + --dc DC Hostname of the Domain Controller + -o OUT_FILE, --out-file OUT_FILE + Path to output file. If no path, CWD is assumed (default: None) + -u USER, --user USER Username of the domain user to query with. The username has to be domain name as `user@domain.org` + -s, --secure Try to estalish connection through LDAPS + -smb, --smb Force enumeration of SMB shares on all computer objects fetched + -kp, --kerberos_preauth + Attempt to gather users that does not require Kerberos preauthentication + -bh, --bloodhound Output data in the format expected by BloodHound + -spn Attempt to get all SPNs and perform Kerberoasting + -sysvol Search sysvol for GPOs with cpassword and decrypt it + --all Run all checks + --no-creds Start without credentials + --dry-run Don't execute a test but run as if. Used for testing params etc. + --exploit EXPLOIT Show path to PoC exploit code + +``` + +The new inclusion of imbedded exploits can yield results such as: +``` +... +[ WARN ] DC may be vulnerable to: [ cve-2020-1472 ] +... +``` + +To query an exploit do for PoC code: +``` +$ python -m ade --exploit cve-2020-1472 +Exploit for: cve-2020-1472 can be found at: https://github.com/dirkjanm/CVE-2020-1472 +``` + +## Install + +Run installation through pip3: +``` +pip3 install ActiveDirectoryEnum +python -m ade +``` + +If you run BlackArch, ActiveDirectoryEnum is available through `pacman` as such: +``` +pacman -S activedirectoryenum +``` + +## Included attacks/vectors + +- [X] ASREPRoasting +- [X] Kerberoasting +- [X] Dump AD as BloodHound JSON files +- [X] Searching GPOs in SYSVOL for cpassword and decrypting +- [X] Run without creds and attempt to gather for further enumeration during the run +- [X] Sample exploits included: + - CVE-2020-1472 + +## Collaboration + +While this project is developed to fit my need, any collaboration is appriciated. Please feel free to fork the project, make changes according to the License agreements and make a Pull Request. +I only ask that: +- Keep equivilent naming standard as the base project +- Keep equivilent syntaxing +- Test your code +- Error handling is incorporated +- Document the feature - both in code but also for potential Wiki page + +## Thanks & Acknowledgements + +Big thanks to the creators of: +`Impacket` [@github](https://github.com/SecureAuthCorp/impacket) +`BloodHound` [@github](https://github.com/BloodHoundAD/BloodHound) +`BloodHound.py` [@github](https://github.com/fox-it/BloodHound.py) +`CVE-2020-1472` by Tom Tervoort of [Secura](https://github.com/SecuraBV/CVE-2020-1472) + +Without the above this wrapper was not possible. + + +## License +[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2FCasperGN%2FActiveDirectoryEnumeration.svg?type=large)](https://app.fossa.com/projects/git%2Bgithub.com%2FCasperGN%2FActiveDirectoryEnumeration?ref=badge_large) + + + +%package help +Summary: Development documents and examples for ActiveDirectoryEnum +Provides: python3-ActiveDirectoryEnum-doc +%description help +[![GitHub stars](https://img.shields.io/github/stars/CasperGN/ActiveDirectoryEnumeration)](https://github.com/CasperGN/ActiveDirectoryEnumeration/stargazers) [![GitHub forks](https://img.shields.io/github/forks/CasperGN/ActiveDirectoryEnumeration)](https://github.com/CasperGN/ActiveDirectoryEnumeration/network) [![GitHub license](https://img.shields.io/github/license/CasperGN/ActiveDirectoryEnumeration)](https://github.com/CasperGN/ActiveDirectoryEnumeration/blob/master/LICENSE) [![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2FCasperGN%2FActiveDirectoryEnumeration.svg?type=shield)](https://app.fossa.com/projects/git%2Bgithub.com%2FCasperGN%2FActiveDirectoryEnumeration?ref=badge_shield) [![Total alerts](https://img.shields.io/lgtm/alerts/g/CasperGN/ActiveDirectoryEnumeration.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/CasperGN/ActiveDirectoryEnumeration/alerts/) [![Language grade: Python](https://img.shields.io/lgtm/grade/python/g/CasperGN/ActiveDirectoryEnumeration.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/CasperGN/ActiveDirectoryEnumeration/context:python) + +[![Packaging status](https://repology.org/badge/vertical-allrepos/activedirectoryenum.svg)](https://repology.org/project/activedirectoryenum/versions) + +## ADE - ActiveDirectoryEnum +``` + python -m ade +usage: ade [-h] [--dc DC] [-o OUT_FILE] [-u USER] [-s] [-smb] [-kp] [-bh] [-spn] [-sysvol] [--all] [--no-creds] [--dry-run] + [--exploit EXPLOIT] + + ___ __ _ ____ _ __ ______ + / | _____/ /_(_) _____ / __ \(_)_______ _____/ /_____ _______ __/ ____/___ __ ______ ___ + / /| |/ ___/ __/ / | / / _ \/ / / / / ___/ _ \/ ___/ __/ __ \/ ___/ / / / __/ / __ \/ / / / __ `__ \ + / ___ / /__/ /_/ /| |/ / __/ /_/ / / / / __/ /__/ /_/ /_/ / / / /_/ / /___/ / / / /_/ / / / / / / + /_/ |_\___/\__/_/ |___/\___/_____/_/_/ \___/\___/\__/\____/_/ \__, /_____/_/ /_/\__,_/_/ /_/ /_/ + /____/ + +/*----------------------------------------------------------------------------------------------------------*/ + +optional arguments: + -h, --help show this help message and exit + --dc DC Hostname of the Domain Controller + -o OUT_FILE, --out-file OUT_FILE + Path to output file. If no path, CWD is assumed (default: None) + -u USER, --user USER Username of the domain user to query with. The username has to be domain name as `user@domain.org` + -s, --secure Try to estalish connection through LDAPS + -smb, --smb Force enumeration of SMB shares on all computer objects fetched + -kp, --kerberos_preauth + Attempt to gather users that does not require Kerberos preauthentication + -bh, --bloodhound Output data in the format expected by BloodHound + -spn Attempt to get all SPNs and perform Kerberoasting + -sysvol Search sysvol for GPOs with cpassword and decrypt it + --all Run all checks + --no-creds Start without credentials + --dry-run Don't execute a test but run as if. Used for testing params etc. + --exploit EXPLOIT Show path to PoC exploit code + +``` + +The new inclusion of imbedded exploits can yield results such as: +``` +... +[ WARN ] DC may be vulnerable to: [ cve-2020-1472 ] +... +``` + +To query an exploit do for PoC code: +``` +$ python -m ade --exploit cve-2020-1472 +Exploit for: cve-2020-1472 can be found at: https://github.com/dirkjanm/CVE-2020-1472 +``` + +## Install + +Run installation through pip3: +``` +pip3 install ActiveDirectoryEnum +python -m ade +``` + +If you run BlackArch, ActiveDirectoryEnum is available through `pacman` as such: +``` +pacman -S activedirectoryenum +``` + +## Included attacks/vectors + +- [X] ASREPRoasting +- [X] Kerberoasting +- [X] Dump AD as BloodHound JSON files +- [X] Searching GPOs in SYSVOL for cpassword and decrypting +- [X] Run without creds and attempt to gather for further enumeration during the run +- [X] Sample exploits included: + - CVE-2020-1472 + +## Collaboration + +While this project is developed to fit my need, any collaboration is appriciated. Please feel free to fork the project, make changes according to the License agreements and make a Pull Request. +I only ask that: +- Keep equivilent naming standard as the base project +- Keep equivilent syntaxing +- Test your code +- Error handling is incorporated +- Document the feature - both in code but also for potential Wiki page + +## Thanks & Acknowledgements + +Big thanks to the creators of: +`Impacket` [@github](https://github.com/SecureAuthCorp/impacket) +`BloodHound` [@github](https://github.com/BloodHoundAD/BloodHound) +`BloodHound.py` [@github](https://github.com/fox-it/BloodHound.py) +`CVE-2020-1472` by Tom Tervoort of [Secura](https://github.com/SecuraBV/CVE-2020-1472) + +Without the above this wrapper was not possible. + + +## License +[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2FCasperGN%2FActiveDirectoryEnumeration.svg?type=large)](https://app.fossa.com/projects/git%2Bgithub.com%2FCasperGN%2FActiveDirectoryEnumeration?ref=badge_large) + + + +%prep +%autosetup -n ActiveDirectoryEnum-0.5.0 + +%build +%py3_build + +%install +%py3_install +install -d -m755 %{buildroot}/%{_pkgdocdir} +if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi +if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi +if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi +if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi +pushd %{buildroot} +if [ -d usr/lib ]; then + find usr/lib -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/lib64 ]; then + find usr/lib64 -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/bin ]; then + find usr/bin -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/sbin ]; then + find usr/sbin -type f -printf "/%h/%f\n" >> filelist.lst +fi +touch doclist.lst +if [ -d usr/share/man ]; then + find usr/share/man -type f -printf "/%h/%f.gz\n" >> doclist.lst +fi +popd +mv %{buildroot}/filelist.lst . +mv %{buildroot}/doclist.lst . + +%files -n python3-ActiveDirectoryEnum -f filelist.lst +%dir %{python3_sitelib}/* + +%files help -f doclist.lst +%{_docdir}/* + +%changelog +* Mon May 15 2023 Python_Bot - 0.5.0-1 +- Package Spec generated diff --git a/sources b/sources new file mode 100644 index 0000000..a4f2710 --- /dev/null +++ b/sources @@ -0,0 +1 @@ +83bf795926e0b6d8d669b19d7ee9df61 ActiveDirectoryEnum-0.5.0.tar.gz -- cgit v1.2.3