Enumeration & Discovery โ From Kali
Quick Reference Technique Tool Requires Creds AD port scan nmap No DNS SRV enumeration dig / nslookup No LDAP anonymous bind ldapsearch No Full LDAP dump ldapdomaindump No / Yes SMB/User enumeration enum4linux-ng No / Yes AD enumeration swiss-knife NetExec (nxc) No / Yes Attack path mapping bloodhound-python Yes Kerberos user enum Kerbrute No User / SID enumeration lookupsid.py, GetADUsers.py No / Yes RPC enumeration rpcclient No / Yes LDAP attribute queries windapsearch Yes Share content discovery nxc spider_plus Yes adminCount / SPN / UAC flags ldapsearch Yes Environment Setup Before attacking an AD environment from Kali, configure your local resolver and Kerberos client so tools resolve domain names correctly. ...