Pentest User Interface (PentestUI) is an automated web interface with Django for some Active Directory enumeration methods and attacks.Also you can access again result to performed enumeration methods or attacks on Active Directory structure.
$ sudo apt-get update
<Postgresql Installation>
: https://www.postgresql.org/download/
$ sudo apt-get install python3-pip
$ sudo apt-get install libpq-dev
$ sudo pip3 install -r requirements.txt
$ sudo bash install.sh
$ sudo python3 manage.py runserver 0.0.0.0:8000
- SPN User Enumeration
List Service Principal Name (SPN) users in Active Directory domain structrue.
- Domain Admin user Enumeration
List users of admin authority in Active Directory domain structrue.
- DFS Enumeration
List Distributed File System Shares(DFS) Enumeration in Domain.
- DNS Zone Enumeration
Display DNS Zone in Domain structure.
- Sensitive Data Search
Search sensitive Data in Active Directory domain structure.
- DC Enumeration
List Domain Controllers(DC) in Active Directory domain structure.
- Pre-Auth users Enumeration
List Kerberos pre-authentication users in Active Directory domain structure.
-
As-Rep Roasting Attack
-
Password Spray Attack
-
Kerberoasting Attack
https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/as-rep-roasting-using-rubeus-and-hashcat
https://docs.microsoft.com/en-us/windows-server/networking/sdn/security/kerberos-with-spn
https://docs.microsoft.com/en-us/windows/win32/dfs/distributed-file-system-dfs-functions
https://ldap3.readthedocs.io/en/latest/tutorial_searches.html
https://enesergun.net/as-rep-roasting-saldirisi-saldiriyi-anlamak-ve-tespiti.html
https://github.com/SecureAuthCorp/impacket
https://ldap3.readthedocs.io/en/latest/