Hacking Tools

ADSpider : Advanced Real-Time Monitoring Of Active Directory Changes

Tool for monitor Active Directory changes in real time without getting all objects. Instead of this it use replication metadata and Update Sequence Number (USN) to filter current properties of objects.

Parameters

DC – domain controller FQDN.
Formatlist – output in list instead of table.
ExcludelastLogonTimestamp – exclude lastLogonTimestamp events from output
DumpAllObjects – dump all active directory before start. In case of changes It will show you all previous values. But in large domains use it on your own risk (time and resource consuming).
Short – in output will be only AttributeName, AttributeValue, LastOriginChangeTime and Explanation.
Output – create XML file with all output.
ExcludeObjectGUID – exclude Active Directory object with specific GUID.
Sleep – time interval between requests for USN number. By default – 30 seconds.
USN – specify started USN.
DisplayXML – display previous captured XML file.

How To Use

Prerequisites

PowerShell module for Active Directory

Domain Computer

Just run module in powershell session from domain user. For better performance use domain controller FQDN instead of IP address.

Import-module .\ADSpider.ps1
Invoke-ADSpider -DC DC01.domain.com

Non-Domain Computer

Start powershell session with domain user with runas. Check that domain controller accessible. For better performance use domain controller FQDN instead of IP address.

## From cmd or powershell
runas /netonly /u:domain.com\MyUser powershell
## From powershell
Import-module .\ADSpider.ps1
Invoke-ADSpider -DC DC01.domain.com
Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Leave a Comment
Share
Published by
Varshini
Tags: ADSpidercybersecurityinformationsecuritykalilinuxkalilinuxtools
7 months ago

Recent Posts

Tokio : Unleashing Asynchronous Power In Rust For Network Applications

Tokio is a high-performance, asynchronous runtime designed for the Rust programming language. It provides the…

19 hours ago

AntiCrack DotNet : Advanced Protection For .NET Assemblies

AntiCrack DotNet is a sophisticated .NET project designed to safeguard software by implementing advanced anti-debugging,…

19 hours ago

StoneKeeper C2 : A Research-Oriented Command-And-Control Framework For EDR Evasion

The StoneKeeper C2 is an experimental command-and-control (C2) framework designed for research purposes, focusing on…

19 hours ago

Biome : The Ultimate Toolchain For Web Development

Biome is a cutting-edge toolchain designed to simplify and enhance web development by combining powerful…

21 hours ago

The Silk Wasm : Revolutionizing HTML Smuggling Through WebAssembly

The Silk Wasm is a tool designed to obfuscate HTML smuggling techniques using WebAssembly (Wasm).…

23 hours ago

TokenSmith : A Versatile Tool For Entra ID Token Management

TokenSmith is a powerful tool designed to generate Entra ID access and refresh tokens, catering…

23 hours ago