- Joined
- May 15, 2017
- Messages
- 981
- Likes
- 760
- Points
- 1,045
Background
A while back I was challenged to write a discovery tool with Python3 that could automate the process of finding sensitive information on network file shares. After writing the entire tool with pysmb, and adding features such as the ability to open and scan docx an xlsx files, I slowly started adding functionality from the awesome Impacket library; just simple features I wanted to see in an internal penetration testing tool. The more I added, the more it looked like a Python3 rewrite of CrackMapExec created from scratch.
If you are doing a direct comparison, CME is an amazing tool that has way more features than currently implement here. However, I added a few modifications that may come in handy during an assessment.
For more documentation checkout the project wiki
Operational Modes
- db - Query or insert values in to the ActiveReign database
- enum - System enumeration & module execution
- shell - Spawn an emulated shell on a target system
- spray - Domain password spraying and brute force
- query - Perform LDAP queries on the domain
- Automatically extract domain information via LDAP and incorporate into network enumeration.
- Perform Domain password spraying using LDAP to remove users close to lockout thresholds.
- Local and remote command execution, for use on multiple starting points throughout the network.
- Emulated interactive shell on target system
- Data discovery capable of scanning xlsx and docx files.
- Various modules to add and extend capabilities.