DC Sonar: Analyzing AD domains for security risks related to user accounts

Architecture

For the visual descriptions, open the diagram files using the diagrams.net tool.

The app consists of:

• The dc-sonar-frontend is the fronted part of the user web interface bases on:
  • Angular
  • Angular Material
• The dc-sonar-user-layer is the backend part of the web app bases on:
  • Python 3.10
  • Django
  • Django ORM
  • Django REST framework
  • Celery
  • RabbitMQ
  • PostgreSQL
• The dc-sonar-workers-layer is the logic layer that performs and runs analyzing processes which base on:
  • Python 3.10
  • SQLAlchemy
  • Alembic
  • APScheduler
  • RabbitMQ
  • PostgreSQL
• The ntlm-scrutinizer is the NTLM hashes performer with REST API based on:
  • Python 3.10
  • FastAPI
  • hashcat
  • impacket

Functionality

The DC Sonar Community provides functionality for analyzing AD domains for security risks related to accounts:

• Register analyzing AD domain in the app

  

• See the statuses of domain analyzing processes

  

• Dump and brute NTLM hashes from set AD domains to list accounts with weak and vulnerable passwords

  

• Analyze AD domain accounts to list ones with never expired passwords

  

• Analyze AD domain accounts by their NTLM password hashes to determine accounts and domains where passwords repeat

  

Install & Use

Copyright (c) 2022 https://github.com/ST1LLY