Credentialed Enumeration
Credentialed Enumeration - Linux
CrackMapExec
Domain User Enumeration
sudo crackmapexec smb <IP> -u forend -p Klmcargo2 --usersDomain Groups Enumeration
sudo crackmapexec smb <IP> -u forend -p Klmcargo2 --groupsDomain Logged On Users
sudo crackmapexec smb <IP> -u forend -p Klmcargo2 --loggedon-usersDomain Share Searching
sudo crackmapexec smb <IP> -u forend -p Klmcargo2 --shares
sudo crackmapexec smb <IP> -u forend -p Klmcargo2 -M spider_plus --share 'Department Shares'SMBMap
List Shares
Recursive List Shares
RPCclient
UserEnum by RID
WindapSearch
Search Domain Admins
Search Privileged Users
BloodHound-py
Enumerating Everything
Credentialed Enumeration - Windows
Active Directory PowerShell Module
Domain Info
Users Info
Trust Relations
Group Info
Detailed Group Info
Group Memebership
PowerView
Domain Information
Show Domain Controller
Show all Users
Show All Computers
Show all Groups
Showe specific OU objects in AD
Show Specific ACL's
Show members of a specific domain group
Show all GPO
Show User GPO Rights
Show Domain Policy
Show Local Groups
Show members of a specific local group
Show Domain Shares
Show machines on the local domain
Show Domain Trust
Show all forest trusts for the current forest or a specified forest
Show Trusts in all
Find Password In Users Description
Find Passwd_NOTREQ
DONT_REQ_PREAUTH
Snaffler
https://github.com/SnaffCon/Snaffler
Help us acquire credentials or other sensitive data in an Active Directory environment. Snaffler works by obtaining a list of hosts within the domain and then enumerating those hosts for shares and readable directories.
Credentialed Enumeration With Built-In Tools
Basic Enumeration Commands
PowerShell Enumeration Commands
Net Commands
Last updated