{"id":13169,"date":"2021-06-04T11:13:43","date_gmt":"2021-06-04T05:43:43","guid":{"rendered":"https:\/\/kalilinuxtutorials.com\/?p=13169"},"modified":"2021-06-04T11:13:43","modified_gmt":"2021-06-04T05:43:43","slug":"msldap","status":"publish","type":"post","link":"https:\/\/kalilinuxtutorials.com\/msldap\/","title":{"rendered":"Msldap : LDAP Library For Auditing MS AD"},"content":{"rendered":"\n<p><strong>Msldap <\/strong>is a tool for (LDAP) LightWeight Directory Acess Protocol library for MS AD.<\/p>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><strong>Features<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Comes with a built-in console LDAP client<\/li><li>All parameters can be conrolled via a conveinent URL (see below)<\/li><li>Supports integrated windows authentication (SSPI) both with NTLM and with KERBEROS<\/li><li>Supports channel binding (for ntlm and kerberos not SSPI)<\/li><li>Supports encryption (for NTLM\/KERBEROS\/SSPI)<\/li><li>Supports LDAPS (TODO: actually verify certificate)<\/li><li>Supports SOCKS5 proxy withot the need of extra proxifyer<\/li><li>Minimal footprint<\/li><li>A lot of pre-built queries for convenient information polling<\/li><li>Easy to integrate to your project<\/li><li>No testing suite<\/li><\/ul>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><strong>Installation<\/strong><\/p>\n\n\n\n<p>Via GIT<\/p>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><strong>python3 setup.py install<\/strong><\/p>\n\n\n\n<p>OR<\/p>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><strong>pip install msldap<\/strong><\/p>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><strong>Prerequisites<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><code><strong>winsspi<\/strong><\/code>&nbsp;module. For windows only. This supports SSPI based authentication.<\/li><li><code><strong>asn1crypto<\/strong><\/code>&nbsp;module. Some LDAP queries incorporate ASN1 strucutres to be sent on top of the ASN1 transport XD<\/li><li><code><strong>asysocks<\/strong><\/code>&nbsp;module. To support socks proxying.<\/li><li><code><strong>aiocmd<\/strong><\/code>&nbsp;For the interactive client<\/li><li><code><strong>asciitree<\/strong><\/code>&nbsp;For plotting nice trees in the interactive client<\/li><\/ul>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><strong>Usage<\/strong><\/p>\n\n\n\n<p>Please note that this is a library, and was not intended to be used as a command line program.<br>Whit this noted, the projects packs a fully functional LDAP interactive client. When installing the&nbsp;<code><strong>msldap<\/strong><\/code>&nbsp;module with&nbsp;<code><strong>setup.py install<\/strong><\/code>&nbsp;a new binary will appear called&nbsp;<code><strong>msldap<\/strong><\/code>&nbsp;(shocking naming conventions)<\/p>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><strong>LDAP Connection URL<\/strong><\/p>\n\n\n\n<p>he major change was needed in version 0.2.0 to unify different connection options as one single string, without the need for additional command line switches.<br>The new connection string is composed in the following manner:<br><code><strong>&lt;protocol&gt;+&lt;auth_method&gt;:\/\/&lt;domain&gt;\\&lt;username&gt;:&lt;password&gt;@&lt;ip&gt;:&lt;port&gt;\/?&lt;param&gt;=&lt;value&gt;&amp;&lt;param&gt;=&lt;value&gt;&amp;...<\/strong><\/code><br>Detailed explanation with examples:<\/p>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><strong>+:\/\/:@:\/\/?=<br>sets the ldap protocol following values supported:<br>&#8211; ldap<br>&#8211; ldaps<br>can be omitted if plaintext authentication is to be performed (in that case it default to ntlm-password), otherwise:<br>&#8211; ntlm-password<br>&#8211; ntlm-nt<br>&#8211; kerberos-password (dc option param must be used)<br>&#8211; kerberos-rc4 \/ kerberos-nt (dc option param must be used)<br>&#8211; kerberos-aes (dc option param must be used)<br>&#8211; kerberos-keytab (dc option param must be used)<br>&#8211; kerberos-ccache (dc option param must be used)<br>&#8211; sspi-ntlm (windows only!)<br>&#8211; sspi-kerberos (windows only!)<br>&#8211; anonymous<br>&#8211; plain<br>&#8211; simple<br>&#8211; sicily (same format as ntlm-nt but using the SICILY authentication)<br>:<br>OPTIONAL. Specifies the root tree of all queries<br>can be:<br>&#8211; timeout : connction timeout in seconds<br>&#8211; proxytype: currently only socks5 proxy is supported<br>&#8211; proxyhost: Ip or hostname of the proxy server<br>&#8211; proxyport: port of the proxy server<br>&#8211; proxytimeout: timeout ins ecodns for the proxy connection<br>&#8211; dc: the IP address of the domain controller, MUST be used for kerberos authentication<br>Examples:<br>ldap:\/\/10.10.10.2 (anonymous bind)<br>ldaps:\/\/test.corp (anonymous bind)<br>ldap+sspi-ntlm:\/\/test.corp<br>ldap+sspi-kerberos:\/\/test.corp<br>ldap:\/\/TEST\\victim:@10.10.10.2 (defaults to SASL GSSAPI NTLM)<br>ldap+simple:\/\/TEST\\victim:@10.10.10.2 (SASL SIMPLE auth)<br>ldap+plain:\/\/TEST\\victim:@10.10.10.2 (SASL SIMPLE auth)<br>ldap+ntlm-password:\/\/TEST\\victim:@10.10.10.2<br>ldap+ntlm-nt:\/\/TEST\\victim:@10.10.10.2<br>ldap+kerberos-password:\/\/TEST\\victim:@10.10.10.2<br>ldap+kerberos-rc4:\/\/TEST\\victim:@10.10.10.2<br>ldap+kerberos-aes:\/\/TEST\\victim:@10.10.10.2<br>ldap:\/\/TEST\\victim:password@10.10.10.2\/DC=test,DC=corp\/<br>ldap:\/\/TEST\\victim:password@10.10.10.2\/DC=test,DC=corp\/?timeout=99&amp;proxytype=socks5&amp;proxyhost=127.0.0.1&amp;proxyport=1080&amp;proxytimeout=44<\/strong><\/p>\n\n\n\n<div class=\"wp-block-buttons is-content-justification-center is-layout-flex wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button is-style-outline is-style-outline--1\"><a class=\"wp-block-button__link has-vivid-cyan-blue-background-color has-background\" href=\"https:\/\/github.com\/skelsec\/msldap\"><strong>Download<\/strong><\/a><\/div>\n<\/div>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Msldap is a tool for (LDAP) LightWeight Directory Acess Protocol library for MS AD. Features Comes with a built-in console LDAP client All parameters can be conrolled via a conveinent URL (see below) Supports integrated windows authentication (SSPI) both with NTLM and with KERBEROS Supports channel binding (for ntlm and kerberos not SSPI) Supports encryption [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":16847,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/1.bp.blogspot.com\/-RTD3Dhxmd-U\/YLTi41G5IDI\/AAAAAAAAJQo\/GQTn68DWgD0YSVY0xBjcN2KHDf5XfPZtgCLcBGAsYHQ\/s640\/msldap_2.gif","fifu_image_alt":"Msldap : LDAP Library For Auditing MS AD","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[28],"tags":[1863,2128,2133],"class_list":["post-13169","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-kali","tag-ldap","tag-ms-ad","tag-msldap"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Msldap : LightWeight Directory Acess Protocol Library<\/title>\n<meta name=\"description\" content=\"Msldap is a tool for (LDAP) LightWeight Directory Acess Protocol library for MS AD. Comes with a built-in console LDAP client\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kalilinuxtutorials.com\/msldap\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Msldap : LightWeight Directory Acess Protocol Library\" \/>\n<meta property=\"og:description\" content=\"Msldap is a tool for (LDAP) LightWeight Directory Acess Protocol library for MS AD. Comes with a built-in console LDAP client\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kalilinuxtutorials.com\/msldap\/\" \/>\n<meta property=\"og:site_name\" content=\"Kali Linux Tutorials\" \/>\n<meta property=\"article:published_time\" content=\"2021-06-04T05:43:43+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/1.bp.blogspot.com\/-RTD3Dhxmd-U\/YLTi41G5IDI\/AAAAAAAAJQo\/GQTn68DWgD0YSVY0xBjcN2KHDf5XfPZtgCLcBGAsYHQ\/s640\/msldap_2.gif\" \/>\n<meta name=\"author\" content=\"R K\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/1.bp.blogspot.com\/-RTD3Dhxmd-U\/YLTi41G5IDI\/AAAAAAAAJQo\/GQTn68DWgD0YSVY0xBjcN2KHDf5XfPZtgCLcBGAsYHQ\/s640\/msldap_2.gif\" \/>\n<meta name=\"twitter:creator\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:site\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"R K\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/msldap\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/msldap\/\"},\"author\":{\"name\":\"R K\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\"},\"headline\":\"Msldap : LDAP Library For Auditing MS AD\",\"datePublished\":\"2021-06-04T05:43:43+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/msldap\/\"},\"wordCount\":487,\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/msldap\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/1.bp.blogspot.com\/-RTD3Dhxmd-U\/YLTi41G5IDI\/AAAAAAAAJQo\/GQTn68DWgD0YSVY0xBjcN2KHDf5XfPZtgCLcBGAsYHQ\/s640\/msldap_2.gif\",\"keywords\":[\"LDAP\",\"MS AD\",\"Msldap\"],\"articleSection\":[\"Kali Linux\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/msldap\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/msldap\/\",\"name\":\"Msldap : LightWeight Directory Acess Protocol Library\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/msldap\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/msldap\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/1.bp.blogspot.com\/-RTD3Dhxmd-U\/YLTi41G5IDI\/AAAAAAAAJQo\/GQTn68DWgD0YSVY0xBjcN2KHDf5XfPZtgCLcBGAsYHQ\/s640\/msldap_2.gif\",\"datePublished\":\"2021-06-04T05:43:43+00:00\",\"description\":\"Msldap is a tool for (LDAP) LightWeight Directory Acess Protocol library for MS AD. Comes with a built-in console LDAP client\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/msldap\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/msldap\/#primaryimage\",\"url\":\"https:\/\/1.bp.blogspot.com\/-RTD3Dhxmd-U\/YLTi41G5IDI\/AAAAAAAAJQo\/GQTn68DWgD0YSVY0xBjcN2KHDf5XfPZtgCLcBGAsYHQ\/s640\/msldap_2.gif\",\"contentUrl\":\"https:\/\/1.bp.blogspot.com\/-RTD3Dhxmd-U\/YLTi41G5IDI\/AAAAAAAAJQo\/GQTn68DWgD0YSVY0xBjcN2KHDf5XfPZtgCLcBGAsYHQ\/s640\/msldap_2.gif\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"name\":\"Kali Linux Tutorials\",\"description\":\"Kali Linux Tutorials\",\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\",\"name\":\"Kali Linux Tutorials\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"contentUrl\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"width\":272,\"height\":90,\"caption\":\"Kali Linux Tutorials\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/CyberEdition\",\"https:\/\/www.threads.com\/@cybersecurityedition\",\"https:\/\/www.linkedin.com\/company\/cyberedition\",\"https:\/\/www.instagram.com\/cybersecurityedition\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\",\"name\":\"R K\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"caption\":\"R K\"},\"url\":\"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Msldap : LightWeight Directory Acess Protocol Library","description":"Msldap is a tool for (LDAP) LightWeight Directory Acess Protocol library for MS AD. Comes with a built-in console LDAP client","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kalilinuxtutorials.com\/msldap\/","og_locale":"en_US","og_type":"article","og_title":"Msldap : LightWeight Directory Acess Protocol Library","og_description":"Msldap is a tool for (LDAP) LightWeight Directory Acess Protocol library for MS AD. Comes with a built-in console LDAP client","og_url":"https:\/\/kalilinuxtutorials.com\/msldap\/","og_site_name":"Kali Linux Tutorials","article_published_time":"2021-06-04T05:43:43+00:00","og_image":[{"url":"https:\/\/1.bp.blogspot.com\/-RTD3Dhxmd-U\/YLTi41G5IDI\/AAAAAAAAJQo\/GQTn68DWgD0YSVY0xBjcN2KHDf5XfPZtgCLcBGAsYHQ\/s640\/msldap_2.gif","type":"","width":"","height":""}],"author":"R K","twitter_card":"summary_large_image","twitter_image":"https:\/\/1.bp.blogspot.com\/-RTD3Dhxmd-U\/YLTi41G5IDI\/AAAAAAAAJQo\/GQTn68DWgD0YSVY0xBjcN2KHDf5XfPZtgCLcBGAsYHQ\/s640\/msldap_2.gif","twitter_creator":"@CyberEdition","twitter_site":"@CyberEdition","twitter_misc":{"Written by":"R K","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/kalilinuxtutorials.com\/msldap\/#article","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/msldap\/"},"author":{"name":"R K","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad"},"headline":"Msldap : LDAP Library For Auditing MS AD","datePublished":"2021-06-04T05:43:43+00:00","mainEntityOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/msldap\/"},"wordCount":487,"publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/msldap\/#primaryimage"},"thumbnailUrl":"https:\/\/1.bp.blogspot.com\/-RTD3Dhxmd-U\/YLTi41G5IDI\/AAAAAAAAJQo\/GQTn68DWgD0YSVY0xBjcN2KHDf5XfPZtgCLcBGAsYHQ\/s640\/msldap_2.gif","keywords":["LDAP","MS AD","Msldap"],"articleSection":["Kali Linux"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/kalilinuxtutorials.com\/msldap\/","url":"https:\/\/kalilinuxtutorials.com\/msldap\/","name":"Msldap : LightWeight Directory Acess Protocol Library","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/msldap\/#primaryimage"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/msldap\/#primaryimage"},"thumbnailUrl":"https:\/\/1.bp.blogspot.com\/-RTD3Dhxmd-U\/YLTi41G5IDI\/AAAAAAAAJQo\/GQTn68DWgD0YSVY0xBjcN2KHDf5XfPZtgCLcBGAsYHQ\/s640\/msldap_2.gif","datePublished":"2021-06-04T05:43:43+00:00","description":"Msldap is a tool for (LDAP) LightWeight Directory Acess Protocol library for MS AD. Comes with a built-in console LDAP client","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kalilinuxtutorials.com\/msldap\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/msldap\/#primaryimage","url":"https:\/\/1.bp.blogspot.com\/-RTD3Dhxmd-U\/YLTi41G5IDI\/AAAAAAAAJQo\/GQTn68DWgD0YSVY0xBjcN2KHDf5XfPZtgCLcBGAsYHQ\/s640\/msldap_2.gif","contentUrl":"https:\/\/1.bp.blogspot.com\/-RTD3Dhxmd-U\/YLTi41G5IDI\/AAAAAAAAJQo\/GQTn68DWgD0YSVY0xBjcN2KHDf5XfPZtgCLcBGAsYHQ\/s640\/msldap_2.gif"},{"@type":"WebSite","@id":"https:\/\/kalilinuxtutorials.com\/#website","url":"https:\/\/kalilinuxtutorials.com\/","name":"Kali Linux Tutorials","description":"Kali Linux Tutorials","publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/kalilinuxtutorials.com\/#organization","name":"Kali Linux Tutorials","url":"https:\/\/kalilinuxtutorials.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/","url":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","contentUrl":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","width":272,"height":90,"caption":"Kali Linux Tutorials"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/CyberEdition","https:\/\/www.threads.com\/@cybersecurityedition","https:\/\/www.linkedin.com\/company\/cyberedition","https:\/\/www.instagram.com\/cybersecurityedition\/"]},{"@type":"Person","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad","name":"R K","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","caption":"R K"},"url":"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/"}]}},"jetpack_featured_media_url":"https:\/\/1.bp.blogspot.com\/-RTD3Dhxmd-U\/YLTi41G5IDI\/AAAAAAAAJQo\/GQTn68DWgD0YSVY0xBjcN2KHDf5XfPZtgCLcBGAsYHQ\/s640\/msldap_2.gif","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":21402,"url":"https:\/\/kalilinuxtutorials.com\/kerberoast\/","url_meta":{"origin":13169,"position":0},"title":"Kerberoast : Kerberoast Attack -Pure Python-","author":"R K","date":"January 28, 2022","format":false,"excerpt":"Kerberoast attack toolkit -pure python Install pip3 install kerberoast Prerequirements Python 3.6 See requirements.txt For the impatient IMPORTANT: the accepted target url formats for LDAP and Kerberos are the following<ldap_connection_url>\u00a0:\u00a0<protocol>+<auth-type>:\/\/<domain>\\<user>:<password>@<ip_or_hostname>\/?<param1>=<value1><kerberos_connection_url>:\u00a0<protocol>+<auth-type>:\/\/<domain>\\<user>:<password>@<ip_or_hostname>\/?<param1>=<value1> Steps -with SSPI-:\u00a0kerberoast auto <DC_ip> Steps -SSPI not used-: Look for vulnerable users via LDAPkerberoast ldap all <ldap_connection_url> -o ldapenumUse\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEgUe2CUSMsU480pQCpY3QX7XF9W7qxvTFlf0du0fCj76gxXB9Ewb7AkzNKXQuPx1sg1a87Mhe3CT9G4igujaIRN7q99LExwXlNawQTFag1CL3HC6BQ2sZlzw0-losEpdGOTcwmK94cdFZSOR9kPifsSv2gQPXP_mww_J8uURgb73GPJ7rHYWNCKJDef=s760","width":350,"height":200,"srcset":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEgUe2CUSMsU480pQCpY3QX7XF9W7qxvTFlf0du0fCj76gxXB9Ewb7AkzNKXQuPx1sg1a87Mhe3CT9G4igujaIRN7q99LExwXlNawQTFag1CL3HC6BQ2sZlzw0-losEpdGOTcwmK94cdFZSOR9kPifsSv2gQPXP_mww_J8uURgb73GPJ7rHYWNCKJDef=s760 1x, https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEgUe2CUSMsU480pQCpY3QX7XF9W7qxvTFlf0du0fCj76gxXB9Ewb7AkzNKXQuPx1sg1a87Mhe3CT9G4igujaIRN7q99LExwXlNawQTFag1CL3HC6BQ2sZlzw0-losEpdGOTcwmK94cdFZSOR9kPifsSv2gQPXP_mww_J8uURgb73GPJ7rHYWNCKJDef=s760 1.5x, https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEgUe2CUSMsU480pQCpY3QX7XF9W7qxvTFlf0du0fCj76gxXB9Ewb7AkzNKXQuPx1sg1a87Mhe3CT9G4igujaIRN7q99LExwXlNawQTFag1CL3HC6BQ2sZlzw0-losEpdGOTcwmK94cdFZSOR9kPifsSv2gQPXP_mww_J8uURgb73GPJ7rHYWNCKJDef=s760 2x"},"classes":[]},{"id":10162,"url":"https:\/\/kalilinuxtutorials.com\/jackdaw\/","url_meta":{"origin":13169,"position":1},"title":"Jackdaw : Gather Gather Gather","author":"R K","date":"April 8, 2020","format":false,"excerpt":"Jackdaw is here to collect all information in your domain, store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":36223,"url":"https:\/\/kalilinuxtutorials.com\/hackthebox-ad-machines\/","url_meta":{"origin":13169,"position":2},"title":"HackTheBox AD Machines : Tools And Strategies For Mastering AD Penetration Testing","author":"Varshini","date":"February 7, 2025","format":false,"excerpt":"HackTheBox (HTB) offers a range of Active Directory (AD) machines designed to help cybersecurity enthusiasts and professionals practice enumeration, exploitation, and attack techniques on AD environments. These machines vary in difficulty, providing challenges for both beginners and advanced users. Below is an overview of tools commonly used for tackling AD\u2026","rel":"","context":"In &quot;Cyber security&quot;","block_context":{"text":"Cyber security","link":"https:\/\/kalilinuxtutorials.com\/category\/cyber-security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/HackTheBox-AD-Machines.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/HackTheBox-AD-Machines.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/HackTheBox-AD-Machines.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/HackTheBox-AD-Machines.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/HackTheBox-AD-Machines.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/HackTheBox-AD-Machines.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":22802,"url":"https:\/\/kalilinuxtutorials.com\/bloodyad\/","url_meta":{"origin":13169,"position":3},"title":"BloodyAD : An Active Directory Privilege Escalation Framework","author":"R K","date":"March 13, 2022","format":false,"excerpt":"BloodyAD is an Active Directory Privilege Escalation Framework, it can be used manually using\u00a0bloodyAD.py\u00a0or automatically by combining\u00a0pathgen.py\u00a0and\u00a0autobloody.py. This framework supports NTLM (with password or NTLM hashes) and Kerberos authentication and binds to LDAP\/LDAPS\/SAMR services of a domain controller to obtain AD privesc. It is designed to be used transparently with\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEiJfycVzNwuwf9WYAKW1by0FSHWo8_xmqCxm5ZLX8UAYamgiQB_isBFpBpc-L9HIzEf-qY_RDqBH7cvkPs1GpaG0CPKcgGdnjVwCBIs9u9QaBxmKd1S0ZI0haQTZpLl7LR1b0IwHygq95hjuzq67OB0wY0rg4mVt8SZeRtwXKme7TF89TF6uEwz_suz=s765","width":350,"height":200,"srcset":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEiJfycVzNwuwf9WYAKW1by0FSHWo8_xmqCxm5ZLX8UAYamgiQB_isBFpBpc-L9HIzEf-qY_RDqBH7cvkPs1GpaG0CPKcgGdnjVwCBIs9u9QaBxmKd1S0ZI0haQTZpLl7LR1b0IwHygq95hjuzq67OB0wY0rg4mVt8SZeRtwXKme7TF89TF6uEwz_suz=s765 1x, https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEiJfycVzNwuwf9WYAKW1by0FSHWo8_xmqCxm5ZLX8UAYamgiQB_isBFpBpc-L9HIzEf-qY_RDqBH7cvkPs1GpaG0CPKcgGdnjVwCBIs9u9QaBxmKd1S0ZI0haQTZpLl7LR1b0IwHygq95hjuzq67OB0wY0rg4mVt8SZeRtwXKme7TF89TF6uEwz_suz=s765 1.5x, https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEiJfycVzNwuwf9WYAKW1by0FSHWo8_xmqCxm5ZLX8UAYamgiQB_isBFpBpc-L9HIzEf-qY_RDqBH7cvkPs1GpaG0CPKcgGdnjVwCBIs9u9QaBxmKd1S0ZI0haQTZpLl7LR1b0IwHygq95hjuzq67OB0wY0rg4mVt8SZeRtwXKme7TF89TF6uEwz_suz=s765 2x"},"classes":[]},{"id":28351,"url":"https:\/\/kalilinuxtutorials.com\/latma-lateral-movement-analyzer-tool\/","url_meta":{"origin":13169,"position":4},"title":"Latma : Lateral movement analyzer tool","author":"R K","date":"February 20, 2023","format":false,"excerpt":"Lateral movement analyzer (LATMA) collects authentication logs from the domain and searches for potential lateral movement attacks and suspicious activity. The tool visualizes the findings with diagrams depicting the lateral movement patterns. This tool contains two modules, one that collects the logs and one that analyzes them. You can execute\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgsc25IYUifQkA7jJvON0HHqi7qjpcYAjpqvE60e8Z3L7cxD9gcNc0Ow3AR-CWKyaXcD8kE7xL0Ifk7VtQV19O8tgYbJA-F7Uu3LSbB-hC6z0Cjl3xaE9aWIqvl7Sfwk6pzwKi47j-nwh_FRMjsDA0U9eWZV1QBcyCtQvXioAFZON-xMCE-v7jLi-4S\/s728\/LATMA.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgsc25IYUifQkA7jJvON0HHqi7qjpcYAjpqvE60e8Z3L7cxD9gcNc0Ow3AR-CWKyaXcD8kE7xL0Ifk7VtQV19O8tgYbJA-F7Uu3LSbB-hC6z0Cjl3xaE9aWIqvl7Sfwk6pzwKi47j-nwh_FRMjsDA0U9eWZV1QBcyCtQvXioAFZON-xMCE-v7jLi-4S\/s728\/LATMA.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgsc25IYUifQkA7jJvON0HHqi7qjpcYAjpqvE60e8Z3L7cxD9gcNc0Ow3AR-CWKyaXcD8kE7xL0Ifk7VtQV19O8tgYbJA-F7Uu3LSbB-hC6z0Cjl3xaE9aWIqvl7Sfwk6pzwKi47j-nwh_FRMjsDA0U9eWZV1QBcyCtQvXioAFZON-xMCE-v7jLi-4S\/s728\/LATMA.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgsc25IYUifQkA7jJvON0HHqi7qjpcYAjpqvE60e8Z3L7cxD9gcNc0Ow3AR-CWKyaXcD8kE7xL0Ifk7VtQV19O8tgYbJA-F7Uu3LSbB-hC6z0Cjl3xaE9aWIqvl7Sfwk6pzwKi47j-nwh_FRMjsDA0U9eWZV1QBcyCtQvXioAFZON-xMCE-v7jLi-4S\/s728\/LATMA.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":28098,"url":"https:\/\/kalilinuxtutorials.com\/autobloody\/","url_meta":{"origin":13169,"position":5},"title":"Autobloody : Tool To Automatically Exploit Active Directory Privilege Escalation Paths Shown By BloodHound","author":"R K","date":"January 3, 2023","format":false,"excerpt":"Autobloody is a tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound. Description This tool automates the AD privesc between two AD objects, the source (the one we own) and the target (the one we want) if a privesc path exists in BloodHound database. The automation is\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh7cWl56r2h8DBy_HcxWxzaTu1aElg-Vs3aDsV4nRODxfyId17snJbflkl55-vGRyJ9obbT4WHIdglszrNUHgBtSfYSYEgrqezqJ_oIxYIdLMXa6tv4jrsM7eOGWSxTeqrrQo9cY9dnsT7R-9wi-fmL1NM76elorCuYfYS06etmWth81r4AgK7rkPBq\/s728\/autobloody%281%29.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh7cWl56r2h8DBy_HcxWxzaTu1aElg-Vs3aDsV4nRODxfyId17snJbflkl55-vGRyJ9obbT4WHIdglszrNUHgBtSfYSYEgrqezqJ_oIxYIdLMXa6tv4jrsM7eOGWSxTeqrrQo9cY9dnsT7R-9wi-fmL1NM76elorCuYfYS06etmWth81r4AgK7rkPBq\/s728\/autobloody%281%29.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh7cWl56r2h8DBy_HcxWxzaTu1aElg-Vs3aDsV4nRODxfyId17snJbflkl55-vGRyJ9obbT4WHIdglszrNUHgBtSfYSYEgrqezqJ_oIxYIdLMXa6tv4jrsM7eOGWSxTeqrrQo9cY9dnsT7R-9wi-fmL1NM76elorCuYfYS06etmWth81r4AgK7rkPBq\/s728\/autobloody%281%29.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh7cWl56r2h8DBy_HcxWxzaTu1aElg-Vs3aDsV4nRODxfyId17snJbflkl55-vGRyJ9obbT4WHIdglszrNUHgBtSfYSYEgrqezqJ_oIxYIdLMXa6tv4jrsM7eOGWSxTeqrrQo9cY9dnsT7R-9wi-fmL1NM76elorCuYfYS06etmWth81r4AgK7rkPBq\/s728\/autobloody%281%29.png?resize=700%2C400&ssl=1 2x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/13169","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/comments?post=13169"}],"version-history":[{"count":0,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/13169\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media\/16847"}],"wp:attachment":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media?parent=13169"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/categories?post=13169"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/tags?post=13169"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}