Tool for issuing manual LDAP queries which offers bofhound compatible output

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for coffeegist from gravatar.com coffeegist Avatar for mcreel31 from gravatar.com mcreel31

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • Author: Matt Creel, Adam Brown
  • Requires: Python >=3.9
Report project as malware

Project description

pyldapsearch

This is designed to be a python "port" of the ldapsearch BOF by TrustedSec, which is a part of this repo.

pyldapsearch allows you to execute LDAP queries from Linux in a fashion similar to that of the aforementioned BOF. Its output format closely mimics that of the BOF and all query output will automatically be logged to the user's home directory in .pyldapsearch/logs, which can ingested by bofhound.

Why would I ever use this?

Great question. pyldapsearch was built for a scenario where the operator is utilizing Linux and is attempting to issue LDAP queries while flying under the radar (BloodHound will be too loud, expensive LDAP queries are alerted on, etc). When pyldapsearch is combined with bofhound, you can still obtain BloodHound compatible data that allows for AD visualization and identification of ACL-based attack paths, which are otherwise difficult to identify through manually querying LDAP.

Outside of usage during detection-conscious and bofhound-related situations, pyldapsearch can be useful for issuing targeted, one-off LDAP queries during generic engagements.

Installation

Use uv

curl -LsSf https://astral.sh/uv/install.sh | sh

# Install pyldapsearch 
git clone https://github.com/Tw1sm/pyldapserach
cd pyldapserach
uv sync
uv run pyldapserach --help

Examples

Query all the data - if you intend to do this, just run BloodHound :)

pyldapsearch ez.lab/administrator:pass '(objectClass=*)'

Query only the name, memberOf and ObjectSID of the user matt

pyldapsearch ez.lab/administrator:pass '(sAMAccountName=matt)' -attributes name,memberof,objectsid

Query all attributes for all user objects, but only return 3 results

pyldapsearch ez.lab/administrator:pass '(objectClass=user)' -limit 3

Query all attributes of the user matt, specifying the IP of the DC to query

pyldapsearch ez.lab/administrator:pass '(&(objectClass=user)(name=matt))' -dc-ip 10.4.2.20

Query all objects, specifying the search base to use

pyldapsearch ez.lab/administrator:pass '(objectClass=*)' -base-dn 'CN=Users,DC=EZ,DC=LAB'

Execute a query without displaying query results to the console (results will still be logged)

pyldapsearch ez.lab/administrator:pass '(objectClass=*)' -silent

Perform a query using an anonymous bind

pyldapsearch 'ez.lab'/'':'' '(objectClass=*)'

Perform a query across a domain trust

pyldapsearch ez.lab/administrator:pass '(objectClass=*)' -base-dn 'DC=otherdomain,DC=local' -dc-ip 10.1.4.20

References

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for coffeegist from gravatar.com coffeegist Avatar for mcreel31 from gravatar.com mcreel31

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • Author: Matt Creel, Adam Brown
  • Requires: Python >=3.9

Release history Release notifications | RSS feed

This version

0.2.0

0.1.9

0.1.8

0.1.1

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pyldapsearch-0.2.0.tar.gz (280.6 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

pyldapsearch-0.2.0-py3-none-any.whl (8.9 kB view details)

Uploaded Python 3

File details

Details for the file pyldapsearch-0.2.0.tar.gz.

File metadata

  • Download URL: pyldapsearch-0.2.0.tar.gz
  • Upload date:
  • Size: 280.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.10.9 {"installer":{"name":"uv","version":"0.10.9","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"macOS","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}

File hashes

Hashes for pyldapsearch-0.2.0.tar.gz
Algorithm Hash digest
SHA256 43bb535820040caee9ff5a014901436e54f5f74fab454cadb73a64835349d76e
MD5 968ec8cde41c38cf56b465adc3617a36
BLAKE2b-256 5afa97c853ab80bc915dcb896fbef48e6869e68199e752838339ca24f1dd83a3

See more details on using hashes here.

File details

Details for the file pyldapsearch-0.2.0-py3-none-any.whl.

File metadata

  • Download URL: pyldapsearch-0.2.0-py3-none-any.whl
  • Upload date:
  • Size: 8.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.10.9 {"installer":{"name":"uv","version":"0.10.9","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"macOS","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}

File hashes

Hashes for pyldapsearch-0.2.0-py3-none-any.whl
Algorithm Hash digest
SHA256 bba6a04d5a34e30a47f87801bc6c1367e5e5e496e2bbefc84a9b5bb68ea993b2
MD5 494c5fc5280bbc2f3b22f0d5a3729d92
BLAKE2b-256 3127a84e318d9abb7da8632b0deab16bff7e7aa81f43dab753e065bcfab26243

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page