AD-AssessmentKit: comprehensive security audits and network mapping of AD environments

AD-AssessmentKit

These tools are ideal for network administrators and cybersecurity professionals seeking to assess and enhance the security posture of AD environments and network infrastructures.

AD-SecurityAudit.sh

It focuses on initial reconnaissance and vulnerability identification in AD domains, requiring only the domain name and Domain Controller IP address.

Key Features:

• LDAP and Service Account Queries: Conduct LDAP searches targeting service accounts in the AD.
• Kerberos Ticket Analysis: Uses Impacket’s tools for analyzing Kerberos ticket vulnerabilities and identifying accounts without pre-authentication
• Comprehensive Kerberos and SMB Enumeration: Employs SilentHound and Enum4linux-ng for Kerberos auditing and detailed SMB, user, and system information scanning.
• Enumeration Techniques: Implements RID brute-force and NetExec SMB enumeration for discovering user accounts, groups, and security policies.
• Exploitation of Windows Services: Executes Zerologon and PetitPotam attacks to target known vulnerabilities.
• Execution Summary and Actionable Guidance: Completes with a success message and provides insights for further actions, such as hash cracking.

AutoMapExec.sh

Provides in-depth security assessment and penetration testing, requiring domain, Domain Controller IP, and user credentials for a more thorough analysis.

Key Features:

• Credential-Based Targeting: Uses user-provided credentials for a more thorough analysis.
• Kerberos Auditing and Extensive SMB Enumeration: Combines SilentHound and multiple NetExec commands for a deeper level of SMB and security analysis.
• Network and AD Comprehensive Scanning: Utilizes CrackMapExec for an extensive network view, including computer listings, local groups, and NTDS extraction. Testing Against Major Vulnerabilities: Incorporates exploitation of significant
• Testing Against Major Vulnerabilities: Incorporates exploitation of significant vulnerabilities like Zerologon, PetitPotam, and NoPAC.
• BloodHound Integration and RDP Enablement: Facilitates AD data collection for BloodHound analysis and enables Remote Desktop Protocol.
• Diverse Command Execution and Data Retrieval: Performs a range of system commands and retrieves the SAM database for in-depth credential analysis.
• Detailed Execution Overview: Concludes with a summary of successful execution, signifying the completion of a comprehensive scanning and enumeration process.

Install

git clone https://github.com/emrekybs/AD-AssessmentKit.git && cd AD-AssessmentKit && chmod +x * && ./install.sh

Source: https://github.com/emrekybs/