Kali Linux

EDD : Enumerate Domain Data

EDD (Enumerate Domain Data) is designed to be similar to Power View but in .NET. Power View is essentially the ultimate domain enumeration tool, and we wanted a .NET implementation that we worked on ourselves. This tool was largely put together by viewing implementations of different functionality across a wide range of existing projects and combining them into EDD.

Usage

To use EDD, you just need to call the application, provide the function that you want to run (listed below) and provide any optional/required parameters used by the function.

Functions

The following functions can be used with the -f flag to specify the data you want to enumerate/action you want to take.

Forest/Domain Information

getdomainsid – Returns the domain sid (by default current domain if no domain is provided)
getforest – returns the name of the current forest
getforestdomains – returns the name of all domains in the current forest
convertsidtoname – Converts a SID to the corresponding group or domain name (use the -u option for providing the SID value)
getadcsservers – Get a list of servers running AD CS within the current domain

Computer Information

getdomaincomputers – Get a list of all computers in the domain
getdomaincontrollers – Gets a list of all domain controllers
getdomainshares – Get a list of all accessible domain shares

User Information

getnetlocalgroupmember – Returns a list of all users in a local group on a remote system
getnetdomaingroupmember – Returns a list of all users in a domain group
getdomainuser – Retrieves info about specific user (name, description, SID, Domain Groups)
getnetsession – Returns a list of accounts with sessions on the targeted system
getnetloggedon – Returns a list of accounts logged into the targeted system
getuserswithspns – Returns a list of all domain accounts that have a SPN associated with them

Chained Information

finddomainprocess – Search for a specific process across all systems in the domain (requires admin access on remote systems)
finddomainuser – Searches the domain environment for a specified user or group and tries to find active sessions (default searches for Domain Admins)
findinterestingdomainsharefile – Searches the domain environment for all accessible shares. Once found, it parses all filenames for “interesting” strings
findwritableshares – Enumerates all shares in the domain and then checks to see if the current account can create a text file in the root level share, and one level deep.

R K

Recent Posts

Nmap cheat sheet for beginners

Nmap (Network Mapper) is a free tool that helps you find devices on a network,…

4 hours ago

Understanding the Model Context Protocol (MCP) and How It Works

Introduction to the Model Context Protocol (MCP) The Model Context Protocol (MCP) is an open…

1 week ago

The file Command – Quickly Identify File Contents in Linux

While file extensions in Linux are optional and often misleading, the file command helps decode what a…

1 week ago

How to Use the touch Command in Linux

The touch command is one of the quickest ways to create new empty files or update timestamps…

1 week ago

How to Search Files and Folders in Linux Using the find Command

Handling large numbers of files is routine for Linux users, and that’s where the find command shines.…

1 week ago

How to Move and Rename Files in Linux with the mv Command

Managing files and directories is foundational for Linux workflows, and the mv (“move”) command makes it easy…

1 week ago