linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks. The script leverages and is dependent of a number of tools including: impacket, bloodhound, crackmapexec, ldapdomaindump, lsassy, smbmap, kerbrute, adidnsdump.
Git clone the repository and make the script executable
git clone https://github.com/lefayjey/linWinPwn
cd linWinPwn; chmod +x linWinPwn.sh
Install requirements on Kali machines using the install.sh
script
chmod +x install.sh
sudo ./install.sh
On non-Kali machines, run the install_nonkali.sh
script instead
chmod +x install_nonkali.sh
sudo ./install_nonkali.sh
If you’re having DNS issues or time sync errors, run the configure.sh
script with -d
for DNS update and -n
for NTP sync
WARNING: The script will update /etc/resolv.conf
chmod +x configure.sh
sudo ./configure.sh -t -d -n
The linWinPwn script contains 4 modules that can be used either separately or simultaneously.
Default (fastest): ad_enum,kerberos (Optional: run OPSEC safe checks only by using -O
)
./linWinPwn.sh -d -u -p -t -o
User modules: ad_enum,kerberos,scan_shares,vuln_checks,mssql_enum
./linWinPwn.sh -M user -d -u -p -t -o
All modules: ad_enum,kerberos,scan_shares,vuln_checks,mssql_enum,pwd_dump
./linWinPwn.sh -M all -d -u -p -t -o
Module ad_enum: Active Directory Enumeration
./linWinPwn.sh -M ad_enum -d -u -p -t -o
For each of the cases described, the linWinPwn script performs different checks as shown below.
Case 1: Unauthenticated
./linWinPwn.sh -M user -t
Case 2: Standard Account (using password, NTLM hash or Kerberos ticket)
./linWinPwn.sh -M user -d -u -p -t
Case 3: Administrator Account (using password, NTLM hash or Kerberos ticket)
-S
-S
./linWinPwn.sh -M all -d -u -p -t -S
Burrow is an open source tool for burrowing through firewalls, built by teenagers at Hack Club.…
Simple golang webserver that listens for basic auth or post requests and sends a notification…
Nutek Security Platform for macOS and Linux operating systems. Tools for hackers, bug hunters and…
Welcome to SecureSphere Labs, your go-to destination for a curated collection of powerful hacking tools…
All in one Docker-based workstation with hacking tools for Pentesting and offsec Labs by maintained…
Got it! Below is the updated README.md file with instructions for downloading the project on…