Recommend an operation and maintenance tool: a tool for collecting AD domain environment information

Project Introduction

ADRecon extracts and consolidates various data from the AD environment to generate specially formatted Microsoft Excel reports, including summary views and metrics, to facilitate analysis and a comprehensive understanding of the current status of the target AD environment.

Features

ADRecon supports collecting the following information:

• Domain Forest Information: Get detailed information about the domain forest.
• Domain Information: Collects data about the domain.
• Trusted Accounts: Lists trusted account information.
• Website Information: Get configuration and settings related to the website.
• Subnet Information: Collects detailed information about network subnets.
• Schema History: View the historical change records of the schema.
• Default and fine-grained password policies: Get details on password policies.
• Domain controllers, SMB version, SMB signing support, and FSMO roles: Collect information about domain controllers.
• Users and their attributes: Lists all users and their attributes.
• Service Principal Name (SPN): Gets a list of service principal names.
• Groups, Membership, and Changes: Collects information about groups and their membership.
• Organizational Unit (OU): Get the details of an organizational unit.
• Group Policy Object (GPO) and gPLink Details: Collects Group Policy Object and its link information.
• DNS Zones and Records: Get DNS configuration information.
• Printers: Lists the printer information on the network.
• Computers and their properties: Collect detailed information about computer objects.
• PasswordAttributes: Get password attribute information.
• LAPS Password: Collects password information for the Local Administrator Password Solution (LAPS).
• BitLocker recovery key: Get the recovery key for BitLocker.
• ACLs (DACLs and SACLs) for domains, OUs, root containers, GPOs, users, computers, and group objects: Collects access control list information.
• GPOReport: Generates a report on Group Policy objects.
• Kerberoasting and Domain Accounts for Service Accounts: Get information about service accounts that could be used in a Kerberoasting attack.

Support system

ADRecon needs to be run on a Windows host. The specific requirements include:

(1) Necessary requirements:

• .NET Framework 3.0 and above (Windows 7 already includes 3.0).
• PowerShell 2.0 and above (Windows 7 includes 2.0).

(2) Optional requirements:

• Microsoft Excel: Used to view the generated reports.
• Remote Server Administrator Tools (RSAT): Used to communicate with domain controllers.
• Windows 10 or Windows 7 host.

Project Advantages

• Comprehensive information collection: ADRecon can extract a variety of key data from the AD environment to help security professionals fully understand the network status.
• Report Formatting: Generated Excel reports are specially formatted with summary views and metrics for easy analysis and decision making.
• Ease of use: Can be run from any workstation connected to the environment, even from hosts that are not members of the domain, and can be run in the context of a non-privileged (standard domain user) account.
• Open source and transparent: As an open source project, ADRecon's source code is publicly available and users can view, modify, and customize it to meet specific needs.

Usage scenarios

• Security Audit: Helps auditors assess the security status of the AD environment and identify potential security risks.
• Digital Forensics and Incident Response (DFIR): Assists analysts in collecting evidence after a security incident occurs and understands the attack path and scope of impact.
• Penetration Testing: As a post-exploitation tool for penetration testers, it helps to obtain detailed information about the target AD environment and develop further testing strategies.
• System management: Assist administrators to understand the configuration and status of the AD environment and perform daily maintenance and optimization.

Installation and Usage

(1) Download: Clone the project source code from ADRecon's GitHub repository or download a precompiled version.

 git clone https://github.com/adrecon/ADRecon.git

(2) Run the script: Navigate to the project directory in PowerShell and execute the ADRecon.ps1 script.

 .\ADRecon.ps1

(3) Generate report: Enter the required parameters as prompted and wait for the script to complete. The generated Excel report will be saved in the specified directory.

screenshot

address

Project address: https://github.com/adrecon/ADRecon