daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Ldap

patch-4
pussycat0x 2024-07-04 00:00:46 +05:30
parent da709ca266
commit 6c77faf0a5
3 changed files with 120 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
javascript/enumeration/ldap/ldap-get-ad-grp.yaml Normal file
View File

@ -0,0 +1,42 @@
id: ldap-get-ad-grp
info:
name: LDAP Get Active Directory Group - Enumeration
author: pussycat0x
severity: info
description: |
Attempts to list the supported capabilities in a SMBv2 server for each enabled dialect.
reference:
- https://docs.projectdiscovery.io/templates/protocols/javascript/modules/ldap.Client#getadgroups
metadata:
max-request: 1
shodan-query: ldap
tags: js,network,ldap,enum
javascript:
- code: |
const ldap = require('nuclei/ldap');
const cfg = new ldap.Config();
cfg.Upgrade = true;
const client = new ldap.Client(Host, Port, cfg);
const groups = client.GetADGroups();
const bytes = require('nuclei/bytes');
const buffer = new bytes.Buffer();
for (const group of groups) {
buffer.WriteString("DistinguishedName: '" + group.DistinguishedName+ "' ,");
buffer.WriteString("SAMAccountName: '" + group.SAMAccountName+ "' ,");
buffer.WriteString("PWDLastSet: '" + group.PWDLastSet+ "' ,");
buffer.WriteString("LastLogon: '" + group.LastLogon+ "' ,");
buffer.WriteString("MemberOf: '" + group.MemberOf+ "' ,");
buffer.WriteString("ServicePrincipalName: '" + group.ServicePrincipalName+ "' ,");
}
Export(buffer.String());
args:
Host: "ldap://{{Host}}"
Port: 389
extractors:
- type: dsl
dsl:
- response

41
javascript/enumeration/ldap/ldap-get-ad-users.yaml Normal file
View File

@ -0,0 +1,41 @@
id: ldap-get-ad-users
info:
name: LDAP Get Active Directory User - Enumeration
author: pussycat0x
severity: info
description: |
Retrieve users from Active Directory, where each user is represented by an ADObject.
reference:
- https://docs.projectdiscovery.io/templates/protocols/javascript/modules/ldap.ADObject
metadata:
max-request: 1
shodan-query: ldap
tags: js,network,ldap,enum
javascript:
- code: |
const ldap = require('nuclei/ldap');
const cfg = new ldap.Config();
cfg.Upgrade = true;
const client = ldap.Client(Host, Port, cfg);
const users = client.GetADUsers();
const bytes = require('nuclei/bytes');
const buffer = new bytes.Buffer();
for (const user of users) {
buffer.WriteString("DistinguishedName: '" + user.DistinguishedName+ "' ,");
buffer.WriteString("SAMAccountName: '" + user.SAMAccountName+ "' ,");
buffer.WriteString("PWDLastSet: '" + user.PWDLastSet+ "' ,");
buffer.WriteString("LastLogon: '" + user.LastLogon+ "' ,");
buffer.WriteString("MemberOf: '" + user.MemberOf+ "' ,");
buffer.WriteString("ServicePrincipalName: '" + user.ServicePrincipalName+ "' ,");
}
Export(buffer.String());
args:
Host: "ldap://{{Host}}"
Port: 389
extractors:
- type: dsl
dsl:
- response

37
javascript/enumeration/ldap/ldap-metadata.yaml Normal file
View File

@ -0,0 +1,37 @@
id: ldap-metadata
info:
name: LDAP Metadata - Enumeration
author: pussycat0x
severity: info
description: |
LDAP metadata refers to the data that describes the structure, schema, and attributes of the LDAP directory
reference:
- https://docs.projectdiscovery.io/templates/protocols/javascript/modules/ldap.Metadata
metadata:
max-request: 1
shodan-query: ldap
tags: js,network,ldap
javascript:
- code: |
const ldap = require('nuclei/ldap');
const cfg = new ldap.Config();
cfg.Upgrade = true;
const client = new ldap.Client(Host, Port, cfg);
const metadata = client.CollectMetadata();
Export(metadata)
args:
Host: "ldap://{{Host}}"
Port: 389
extractors:
- type: json
json:
- '"BaseDN: " + .BaseDN'
- '"DnsHostName: " + .DnsHostName '
- '"DefaultNamingContext: "+ .DefaultNamingContext'
- '"DomainFunctionality: "+ .DomainFunctionality'
- '"ForestFunctionality: " + .ForestFunctionality'
- '"DomainControllerFunctionality: "+ .DomainControllerFunctionality'