Tool for issuing manual LDAP queries which offers bofhound compatible output
Project description
pyldapsearch
This is designed to be a python "port" of the ldapsearch BOF by TrustedSec, which is a part of this repo.
pyldapsearch allows you to execute LDAP queries from Linux in a fashion similar to that of the aforementioned BOF. Its output format closely mimics that of the BOF and all query output will automatically be logged to the user's home directory in .pyldapsearch/logs, which can ingested by bofhound.
Why would I ever use this?
Great question. pyldapsearch was built for a scenario where the operator is utilizing Linux and is attempting to issue LDAP queries while flying under the radar (BloodHound will be too loud, expensive LDAP queries are alerted on, etc). When pyldapsearch is combined with bofhound, you can still obtain BloodHound compatible data that allows for AD visualization and identification of ACL-based attack paths, which are otherwise difficult to identify through manually querying LDAP.
Outside of usage during detection-conscious and bofhound-related situations, pyldapsearch can be useful for issuing targeted, one-off LDAP queries during generic engagements.
Installation
Use pip3 or pipx
pip3 install pyldapsearch
Usage
Examples
Query all the data - if you intend to do this, just run BloodHound :)
pyldapsearch ez.lab/administrator:pass '(objectClass=*)'
Query only the name, memberOf and ObjectSID of the user matt
pyldapsearch ez.lab/administrator:pass '(sAMAccountName=matt)' -attributes name,memberof,objectsid
Query all attributes for all user objects, but only return 3 results
pyldapsearch ez.lab/administrator:pass '(objectClass=user)' -limit 3
Query all attributes of the user matt, specifying the IP of the DC to query
pyldapsearch ez.lab/administrator:pass '(&(objectClass=user)(name=matt))' -dc-ip 10.4.2.20
Query all objects, specifying the search base to use
pyldapsearch ez.lab/administrator:pass '(objectClass=*)' -base-dn 'CN=Users,DC=EZ,DC=LAB'
Execute a query without displaying query results to the console (results will still be logged)
pyldapsearch ez.lab/administrator:pass '(objectClass=*)' -silent
Perform a query using an anonymous bind
pyldapsearch 'ez.lab'/'':'' '(objectClass=*)'
Perform a query across a domain trust
pyldapsearch ez.lab/administrator:pass '(objectClass=*)' -base-dn 'DC=otherdomain,DC=local' -dc-ip 10.1.4.20
Development
pyldapsearch uses Poetry to manage dependencies. Install from source and setup for development with:
git clone https://github.com/fortalice/pyldapsearch
cd pyldapsearch
poetry install
poetry run pyldapsearch
References
- ldapsearch (CS-Situational-Awareness-BOF)
- ldapconsole
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file pyldapsearch-0.1.9.tar.gz.
File metadata
- Download URL: pyldapsearch-0.1.9.tar.gz
- Upload date:
- Size: 10.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/2.1.2 CPython/3.13.1 Darwin/25.1.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
1aec09edff15fe1fcedc242c1b23cbf25a24d1651544e39e7b6db21eabb3fc8f
|
|
| MD5 |
fcbc182246a8da08641e58d20f010982
|
|
| BLAKE2b-256 |
5840fb0455df1dfd4927944acc8fcd392d2f3586a95e72b30ee8a5977d48e34e
|
File details
Details for the file pyldapsearch-0.1.9-py3-none-any.whl.
File metadata
- Download URL: pyldapsearch-0.1.9-py3-none-any.whl
- Upload date:
- Size: 10.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/2.1.2 CPython/3.13.1 Darwin/25.1.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
fcc0b483153cea1468c029f0842c20d5afc8dd8e1032ccdb657568443a61c01b
|
|
| MD5 |
8d2c6bc7a8ac1b7eb89dac7536ab34c2
|
|
| BLAKE2b-256 |
0583ea6591e6289c1b7932a15a4bd0caf55468a9c11c902d1257f29540dc9ae5
|
