AD-AssesmentKit – Security Audits and Network Mapping Of Active Directory

January 14, 20242 min read


Contains a collection of Bash scripts designed for comprehensive security audits and network mapping of Active Directory (AD) environments. The scripts automate various tasks including LDAP querying, Kerberos ticket analysis, SMB enumeration, and exploitation of known vulnerabilities like Zerologon and PetitPotam.


Focuses on initial reconnaissance and vulnerability identification in AD domains, requiring only the domain name and Domain Controller IP address.

Key Features:

  • LDAP and Service Account Queries: Conducts LDAP searches targeting service accounts in the AD.
  • Kerberos Ticket Analysis: Uses Impacket’s tools for analyzing Kerberos ticket vulnerabilities and identifying accounts without pre-authentication
  • Comprehensive Kerberos and SMB Enumeration: Employs SilentHound and Enum4linux-ng for Kerberos auditing and detailed SMB, user, and system information scanning.
  • Enumeration Techniques: Implements RID brute-force and NetExec SMB enumeration for discovering user accounts, groups, and security policies.
  • Exploitation of Windows Services: Executes Zerologon and PetitPotam attacks to target known vulnerabilities.
  • Execution Summary and Actionable Guidance: Completes with a success message and provides insights for further actions, such as hash cracking.


AProvides in-depth security assessment and penetration testing, requiring domain, Domain Controller IP, and user credentials for a more thorough analysis.

Key Features:

  • Credential-Based Targeting: Uses user-provided credentials for a more thorough analysis.
  • Kerberos Auditing and Extensive SMB Enumeration: Combines SilentHound and multiple NetExec commands for a deeper level of SMB and security analysis.
  • Network and AD Comprehensive Scanning: Utilizes CrackMapExec for an extensive view of the network, including computer listings, local groups, and NTDS extraction.Testing Against Major Vulnerabilities: Incorporates exploitation of significant
  • Testing Against Major Vulnerabilities: Incorporates exploitation of significant vulnerabilities like Zerologon, PetitPotam, and NoPAC.
  • BloodHound Integration and RDP Enablement: Facilitates AD data collection for BloodHound analysis and enables Remote Desktop Protocol.
  • Diverse Command Execution and Data Retrieval: Performs a range of system commands and retrieves the SAM database for in-depth credential analysis.
  • Detailed Execution Overview: Concludes with a summary of successful execution, signifying the completion of a comprehensive scanning and enumeration process.

π—œπ—‘π—¦π—§π—”π—Ÿπ—Ÿπ—”π—§π—œπ—’π—‘ π—œπ—‘π—¦π—§π—₯π—¨π—–π—§π—œπ—’π—‘π—¦

  $ git clone https://github.com/emrekybs/AD-AssessmentKit.git
  $ cd AD-AssessmentKit
  $ chmod +x * && bash install.sh

How do you vote?

0 People voted this article. 0 Upvotes - 0 Downvotes.

What do you think?

Show comments / Leave a comment

Leave a reply