adPEAS v0.8.7 releases: automate Active Directory enumeration
adPEAS
adPEAS is a Powershell tool to automate Active Directory enumeration. In fact, adPEAS is like a wrapper for different other cool projects like
- PowerView
- Empire
- Bloodhound
- and some own written lines of code
As said, adPEAS is a wrapper for other tools. They are almost all written in pure Powershell but some of them are included as a compressed binary blob or C# code.
adPEAS-Light is a version without Bloodhound and vulnerability checks and it is more likely that it will not be blocked by an AV solution.
How It Works
adPEAS can be run simply by starting the script via ‘invoke-adPEAS’ if it is started on a domain-joined computer. If the system you are running adPEAS from is not domain joined or you want to enumerate another domain, use a certain domain controller to connect to, use different credentials or just to enumerate for credential exposure only, you can do it by using defined parameters.
adPEAS Modules
adPEAS consists of the following enumeration modules:
- Domain – Searching for basic Active Directory information, like Domain Controllers, Sites und Subnets, Trusts, and DCSync rights
- CA – Searching for basic Enterprise Certificate Authority information, like CA Name, CA Server and Templates
- Creds – Searching for a different kind of credential exposure, like ASREPRoast, Kerberoasting, GroupPolicies, Netlogon scripts, LAPS, gMSA, certain account attributes, e.g. UnixPassword, etc.
- Delegation – Searching for delegation issues, like ‘Constrained Delegation’, ‘Unconstrained Delegation’ and ‘Resource-Based Unconstrained Delegation’, for computer and user accounts
- Accounts – Searching for high privileged user accounts in predefined groups, account issues like e.g. password not expire
- Computer – Enumerating Domain Controllers and Exchange server, with the switch -Vulns it checks the systems for EternalBlue, BlueKeep, ZeroLogon, and critical Exchange vulnerabilities
- Bloodhound – Enumerating Active Directory with BloodHound
