Skip to content

Windapsearch

windapsearch is a Python script to help enumerate users, groups and computers from a Windows domain through LDAP queries. By default, Windows Domain Controllers support basic LDAP operations through port 389/tcp. With any valid domain account (regardless of privileges), it is possible to perform LDAP queries against a domain controller for any AD related information. https://github.com/ropnop/windapsearch

windapsearch.py -h

Windapsearch - Domain Admins


python3 windapsearch.py --dc-ip $DC_IP -u $USER@$DOMAIN -p $PASS --da

python3 windapsearch.py --dc-ip 172.16.5.5 -u forend@INLANEFREIGHT.LOCAL -p Klmcargo2 --da

Windapsearch - Privileged Users


python3 windapsearch.py --dc-ip $DC_IP -u $USER@$DOMAIN -p $PASS -PU