Movatterモバイル変換

p0dalirius/LDAPmonitorPublic

NotificationsYou must be signed in to change notification settings
Fork75
Star890

Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration!

podalirius.net/

License

GPL-3.0 license

890 stars 75 forks Branches Tags Activity

Star

Notifications

You must be signed in to change notification settings

Branches Tags

Folders and files

Name		Name	Last commit message	Last commit date
Latest commit History 58 Commits
.github		.github
csharp		csharp
powershell		powershell
python		python
.gitignore		.gitignore
LICENCE		LICENCE
README.md		README.md

Repository files navigation

Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration!

With this tool you can quickly see if your attack worked and if it changed LDAP attributes of the target object.

Features

Feature	Python (.py)	CSharp (.exe)	Powershell (.ps1)
LDAPS support	✔️	✔️	✔️
Random delay in seconds between queries	✔️	✔️	✔️
Custom delay in seconds between queries	✔️	✔️	✔️
Save output to logfile	✔️	✔️	✔️
Colored or not colored output with`--no-colors`	✔️	❌	❌
Custom page size for paged queries	✔️	✔️	✔️
Authenticate with user and password	✔️	✔️	✔️
Authenticate as current shell user	❌	✔️	✔️
Authenticate with LM:NT hashes	✔️	❌	❌
Authenticate with kerberos tickets	✔️	❌	❌
Option to ignore user logon events	✔️	✔️	✔️
Custom search base	✔️	✔️	✔️
Iterate over all naming contexts	✔️	✔️	✔️

Typical use cases

Here is a few use cases where this tool can be useful:

Detect account lockout in real time
Check if your privilege escalation worked (with ntlmrelay's--escalate-user option)
Detect when users are login in to know when to start a network poisoning.

Cross platform !

Demonstration

ldapmonitor_demo.mp4

Limitations

LDAP paged queries returnspageSize results per page, and it takes approximately 1 second to query a page. Therefore your monitoring refresh rate is(number of LDAP objects // pageSize) seconds. On most domain controllerspageSize = 5000.

Contributing

Pull requests are welcome. Feel free to open an issue if you want to add other features.

About

Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration!

podalirius.net/

Releases4

1.4 Latest

Jan 12, 2023

+ 3 releases

Sponsor this project

patreon.com/Podalirius

Learn more about GitHub Sponsors

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

License

Uh oh!

Folders and files

Latest commit

History

Repository files navigation

Features

Typical use cases

Cross platform !

In Python (.py)

In CSharp (.exe)

In Powershell (.ps1)

Demonstration

Limitations

Contributing

About

Topics

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases4

Sponsor this project

Uh oh!

Uh oh!

Contributors6

Uh oh!

Languages

Movatterモバイル変換

Uh oh!

License

p0dalirius/LDAPmonitor

Folders and files

Latest commit

History

Repository files navigation

Features

Typical use cases

Cross platform !

In Python (.py)

In CSharp (.exe)

In Powershell (.ps1)

Demonstration

Limitations

Contributing

About

Topics

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases4

Sponsor this project

Uh oh!

Uh oh!

Contributors6

Uh oh!

Languages