SilentHound: Quietly enumerate an Active Directory Domain

SilentHound

Quietly enumerate an Active Directory Domain via LDAP parsing users, admins, groups, etc. Created by Nick Swink from Layer 8 Security.

A lightweight tool to quickly and quietly enumerate an Active Directory environment. The goal of this tool is to get a Lay of the Land whilst making as little noise on the network as possible. The tool will make one LDAP query that is used for parsing, and create a cache file to prevent further queries/noise on the network. If no credentials are passed it will attempt anonymous BIND.

Install

Debian

Packages for building and testing

sudo apt-get install build-essential python3-dev python2.7-dev \
libldap2-dev libsasl2-dev slapd ldap-utils tox \
lcov valgrind

Using pipenv (recommended method)

sudo python3 -m pip install –user pipenv
git clone https://github.com/layer8secure/SilentHound.git
cd SilentHound
pipenv install

This will create an isolated virtual environment with dependencies needed for the project. To use the project you can either open a shell in the virtualenv with pipenv shell or run commands directly with pipenv run.

From requirements.txt (legacy)

⚠️ This method is not recommended because python-ldap can cause many dependency errors.

Install dependencies with pip:

python3 -m pip install -r requirements.txt
python3 silenthound.py -h

Use

Copyright (c) 2022 Layer 8 Security

Source: https://github.com/layer8secure/