ldapdomaindump
Active Directory information dumper via LDAP that collects and parses domain data into human-readable HTML, JSON, CSV/TSV, and greppable formats. Provides utilities to convert output to BloodHound CSV and pretty enum4linux-style reports.
Description
ldapdomaindump is a Python 3 tool designed to extract valuable Active Directory information via LDAP queries. In Active Directory domains, authenticated users (or machines) can retrieve significant amounts of data through LDAP, making it essential for reconnaissance during internal network pentests. The tool addresses the challenge of LDAP data's complex format by parsing and presenting it in accessible HTML reports, machine-readable JSON/CSV/TSV files, and greppable output.
The package provides three main utilities: the primary ldapdomaindump for data extraction, ldd2bloodhound for converting JSON output to BloodHound-compatible CSV format, and ldd2pretty for generating enum4linux-style pretty output. This makes it valuable for both human analysis and integration with other pentesting tools like BloodHound.
Use cases include domain enumeration during internal pentests, mapping Active Directory structures, identifying users/computers/groups, and extracting OS/membership information for further attack planning.
How It Works
The tool connects to an Active Directory domain controller via LDAP (or LDAPS for SSL) using provided credentials or anonymous authentication. It queries LDAP for domain objects including users, computers, groups, trusts, and policy information, then parses the raw LDAP responses. Output is generated in multiple formats: HTML for human-readable visualization, JSON/CSV/TSV for machine processing, and greppable text files. Optional resolution of computer hostnames via DNS and minimal attribute queries help manage performance on large networks.
Installation
sudo apt install python3-ldapdomaindumpFlags
Examples
ldapdomaindump -hldapdomaindump HOSTNAMEldapdomaindump -u DOMAIN\user -p password dc01.domain.localldapdomaindump -at SIMPLE -o /tmp/dump ldaps://dc01:636ldapdomaindump -r -n 10.0.0.10 dc01.domain.localldapdomaindump --no-html --minimal dc01.domain.localldd2bloodhound domain_users.json domain_groups.jsonldd2pretty -d /path/to/ldapdump