ShadowHound is a set of PowerShell scripts for Active Directory enumeration without the need for introducing known-malicious binaries like SharpHound.
It leverages native PowerShell capabilities to minimize detection risks and offers two methods for data collection:
DirectorySearcher
.For more details and context, check out the blog post.
Get-ADObject
via ADWS).-SplitSearch
, -Recurse
, and -LetterSplitSearch
options.-Certificates
flag.DirectorySearcher
.-Certificates
flag.-Credential
parameter.# Basic usage
ShadowHound-ADM -OutputFilePath "C:\Results\ldap_output.txt"
# Specify a domain controller and custom LDAP filter
ShadowHound-ADM -Server "dc.domain.local" -OutputFilePath "C:\Results\ldap_output.txt" -LdapFilter "(objectClass=user)"
# Use alternate credentials
$cred = Get-Credential
ShadowHound-ADM -OutputFilePath "C:\Results\ldap_output.txt" -Credential $cred -SearchBase "DC=domain,DC=local"
# Basic usage
ShadowHound-DS -OutputFile "C:\Results\ldap_output.txt"
# Specify a domain controller
ShadowHound-DS -Server "dc.domain.local" -OutputFile "C:\Results\ldap_output.txt"
# Use a custom LDAP filter
ShadowHound-DS -OutputFile "C:\Results\ldap_output.txt" -LdapFilter "(objectClass=computer)"
For more information click here.
Introduction When it comes to cybersecurity and ethical hacking, one of the most effective ways…
Introduction In the world of cybersecurity, knowledge is power. One of the most powerful skillsets…
Introduction In the vast ocean of the internet, the most powerful tool you already have…
Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…