Skip to content


windapsearch is a Python script to help enumerate users, groups and computers from a Windows domain through LDAP queries. By default, Windows Domain Controllers support basic LDAP operations through port 389/tcp. With any valid domain account (regardless of privileges), it is possible to perform LDAP queries against a domain controller for any AD related information. -h

Windapsearch - Domain Admins

python3 --dc-ip $DC_IP -u $USER@$DOMAIN -p $PASS --da

python3 --dc-ip -u forend@INLANEFREIGHT.LOCAL -p Klmcargo2 --da

Windapsearch - Privileged Users

python3 --dc-ip $DC_IP -u $USER@$DOMAIN -p $PASS -PU