LDeep

LDeep serves as a specialized tool for comprehensive LDAP enumeration, targeting Active Directory environments. It enables security professionals to extract detailed directory information either directly from live LDAP servers or from previously saved cache files. This makes it valuable for reconnaissance and auditing tasks in Windows domain assessments.

Use cases include mapping Active Directory structures, identifying user accounts, groups, and permissions during penetration testing. The tool's ability to process protections and cache data enhances its utility for offline analysis, reducing the need for repeated network queries.

With a modest installed size of 251 KB, LDeep depends on several Python libraries and Kerberos components, ensuring robust handling of authentication and encryption protocols common in enterprise LDAP setups.

LDeep operates by connecting to LDAP servers using the ldap3 library and related dependencies like python3-gssapi for Kerberos authentication. It supports three backend modes: 'ldap' for live server queries, 'cache' for processing saved files, and 'protections' for specific security data retrieval. Optional security descriptor fetching provides detailed access control information via the --security_desc flag.