A cross-platform tool to perform custom LDAP queries against a Windows domain, interactively or as one-off commands, with colored output and XLSX export.
- Authentications:
- Authenticate with password
- Authenticate with LM:NT hashes (Pass the Hash)
- Authenticate with Kerberos (Pass the Ticket)
- LDAP and LDAPS
- Interactive mode
- Colored results
- Preset queries
- Configurable search base and search scope
-
diffbetween the last two queries
- Non-interactive mode
- Colored results
- Exportable to XLSX format with option
--xlsx
$ ./ldapconsole -h
ldapconsole - by Remi GASCOU (Podalirius) @ TheManticoreProject - v2.1.0
Usage: ldapconsole --domain <string> --username <string> [--password <string>] [--hashes <string>] [--debug] [--quiet] --dc-ip <string> [--ldap-port <tcp port>] [--use-ldaps] [--use-kerberos] [--query <string>] [--attribute <string>] [--xlsx <string>]
Authentication:
-d, --domain <string> Active Directory domain to authenticate to.
-u, --username <string> User to authenticate as.
-p, --password <string> Password to authenticate with. (default: "")
-H, --hashes <string> NT/LM hashes, format is LMhash:NThash. (default: "")
Configuration:
--debug Debug mode. (default: false)
--quiet Quiet mode, do not print the banner. (default: false)
LDAP Connection Settings:
-dc, --dc-ip <string> IP Address of the domain controller or KDC (Key Distribution Center) for Kerberos.
-lp, --ldap-port <tcp port> Port number to connect to LDAP server. (default: 389)
-L, --use-ldaps Use LDAPS instead of LDAP. (default: false)
-k, --use-kerberos Use Kerberos instead of NTLM. (default: false)
Non-interactive query:
-q, --query <string> LDAP query to perform. If set, ldapconsole runs in non-interactive mode. (default: "")
-a, --attribute <string> Attributes to extract. Can be specified multiple times.
-x, --xlsx <string> Output results of the query to an XLSX file. (default: "")
./ldapconsole -u 'user1' -p 'Admin123!' -d 'LAB.local' --dc-ip 192.168.2.1Available console commands:
| Command | Description |
|---|---|
query |
Perform an LDAP query. Use query <filter> [select <attr1> <attr2> ...]. |
presetquery |
Run a builtin preset query (e.g. all_users, all_kerberoastables). |
rootdse |
Query the RootDSE of the server. |
searchbase |
Set the search base (a distinguishedName or a dotted FQDN). |
searchscope |
Set the search scope (BASE, LEVEL or SUBTREE). |
infos |
Print information about the remote LDAP server. |
diff |
Show the differences between the last two queries. |
help |
Display the help message. |
exit |
Exit ldapconsole. |
./ldapconsole -d LAB.local -u Administrator -p 'Admin123!' --dc-ip 10.0.0.101 \
-q '(&(objectCategory=Computer)(|(operatingSystem=Windows 2000*)(operatingSystem=Windows Vista*)(operatingSystem=Windows XP*)(operatingSystem=Windows 7*)(operatingSystem=Windows 8*)(operatingSystem=Windows Server 200*)(operatingSystem=Windows Server 2012*)))' \
-a 'operatingSystem' -a 'operatingSystemVersion' -x ComputersWithObsoleteOSes.xlsxgo build -ldflags="-s -w" -o ldapconsolePull requests are welcome. Feel free to open an issue if you want to add other features.
- Podalirius for the creation of the original ldapconsole project in Python.