{ "id": "85b2d3d9-61c7-47d7-8ed0-e99c14cc5ca2", "created_at": "2026-04-06T00:19:34.071357Z", "updated_at": "2026-04-10T03:20:29.16439Z", "deleted_at": null, "sha1_hash": "58ed11d5b03d4e038157ff07f81ce69371fed848", "title": "GitHub - adrecon/ADRecon: ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 88404, "plain_text": "GitHub - adrecon/ADRecon: ADRecon is a tool which gathers\r\ninformation about the Active Directory and generates a report\r\nwhich can provide a holistic picture of the current state of the\r\ntarget AD environment.\r\nBy prashant3535\r\nArchived: 2026-04-05 16:32:16 UTC\r\nThis repo contains updates to the original concept and code by Prashant Mahajan (@prashant3535) while working\r\nat Sense of Security.\r\nADRecon is a tool which extracts and combines various artefacts (as highlighted below) out of an AD\r\nenvironment. The information can be presented in a specially formatted Microsoft Excel report that includes\r\nsummary views with metrics to facilitate analysis and provide a holistic picture of the current state of the target\r\nAD environment.\r\nThe tool is useful to various classes of security professionals like auditors, DFIR, students, administrators, etc. It\r\ncan also be an invaluable post-exploitation tool for a penetration tester.\r\nIt can be run from any workstation that is connected to the environment, even hosts that are not domain members.\r\nFurthermore, the tool can be executed in the context of a non-privileged (i.e. standard domain user) account. Fine\r\nGrained Password Policy, LAPS and BitLocker may require Privileged user accounts. The tool will use Microsoft\r\nRemote Server Administration Tools (RSAT) if available, otherwise it will communicate with the Domain\r\nController using LDAP.\r\nThe following information is gathered by the tool:\r\nForest;\r\nDomain;\r\nTrusts;\r\nSites;\r\nSubnets;\r\nSchema History;\r\nDefault and Fine Grained Password Policy (if implemented);\r\nDomain Controllers, SMB versions, whether SMB Signing is supported and FSMO roles;\r\nUsers and their attributes;\r\nService Principal Names (SPNs);\r\nGroups, memberships and changes;\r\nOrganizational Units (OUs);\r\nGroupPolicy objects and gPLink details;\r\nhttps://github.com/adrecon/ADRecon\r\nPage 1 of 5\n\nDNS Zones and Records;\r\nPrinters;\r\nComputers and their attributes;\r\nPasswordAttributes (Experimental);\r\nLAPS passwords (if implemented);\r\nBitLocker Recovery Keys (if implemented);\r\nACLs (DACLs and SACLs) for the Domain, OUs, Root Containers, GPO, Users, Computers and Groups\r\nobjects (not included in the default collection method);\r\nGPOReport (requires RSAT);\r\nKerberoast (not included in the default collection method); and\r\nDomain accounts used for service accounts (requires privileged account and not included in the default\r\ncollection method).\r\nADRecon was presented at: BBllaacckk HHaatt AArrsseennaall AAssiiaa 22001188 - Slidedeck\r\nBBllaacckk HHaatt AArrsseennaall UUSSAA 22001188\r\n | DDEEFFCCOONN 2266 DDeemmoo LLaabbss - Slidedeck\r\nBay Area OWASP - Slidedeck\r\nCHCON - Slidedeck\r\nGetting Started\r\nThese instructions will get you a copy of the tool up and running on your local machine.\r\nPrerequisites\r\n.NET Framework 3.0 or later (Windows 7 includes 3.0)\r\nPowerShell 2.0 or later (Windows 7 includes 2.0)\r\nPowershell Core on Windows is supported (Tested on PowerShell v7.2.2 running on Windows 10)\r\nA Windows host (Powershell for Linux/macOS is not supported)\r\nOptional\r\nMicrosoft Excel (to generate the report)\r\nRemote Server Administration Tools (RSAT):\r\nWindows 10 (October 2018 Update or 1809 and later), RSAT is included as a set of Features on\r\nDemand .\r\nClick on Start --\u003e Settings --\u003e Apps --\u003e Apps \u0026 features --\u003e Manage optional features --\u003e\r\nAdd a feature --\u003e Select the following:\r\nRSAT: Active Directory Domain Services and Lightweight Directory Services Tools\r\nRSAT: Group Policy Management Tools\r\nWindows 10 (https://www.microsoft.com/en-au/download/details.aspx?id=45520)\r\nWindows 7 (https://www.microsoft.com/en-au/download/details.aspx?id=7887)\r\nhttps://github.com/adrecon/ADRecon\r\nPage 2 of 5\n\nInstalling\r\nIf you have git installed, you can start by cloning the repository:\r\ngit clone https://github.com/adrecon/ADRecon.git\r\nOtherwise, you can download a zip archive of the latest release. The intent is to always keep the master branch in\r\na working state.\r\nUsage\r\nExamples\r\nTo run ADRecon on a domain member host.\r\nTo run ADRecon on a domain member host as a different user.\r\nPS C:\\\u003e.\\ADRecon.ps1 -DomainController \u003cIP or FQDN\u003e -Credential \u003cdomain\\username\u003e\r\nTo run ADRecon on a non-member host using LDAP.\r\nPS C:\\\u003e.\\ADRecon.ps1 -Method LDAP -DomainController \u003cIP or FQDN\u003e -Credential \u003cdomain\\username\u003e\r\nTo run ADRecon with specific modules on a non-member host with RSAT. (Default OutputType is STDOUT with\r\n-Collect parameter)\r\nPS C:\\\u003e.\\ADRecon.ps1 -Method ADWS -DomainController \u003cIP or FQDN\u003e -Credential \u003cdomain\\username\u003e -Collect Domain,\r\nTo generate the ADRecon-Report.xlsx based on ADRecon output (CSV Files).\r\nPS C:\\\u003e.\\ADRecon.ps1 -GenExcel C:\\ADRecon-Report-\u003ctimestamp\u003e\r\nWhen you run ADRecon, a ADRecon-Report-\u003ctimestamp\u003e folder will be created which will contain ADRecon-Report.xlsx and CSV-Folder with the raw files.\r\nParameters\r\n-Method \u003cString\u003e\r\n Which method to use; ADWS (default), LDAP\r\n-DomainController \u003cString\u003e\r\n Domain Controller IP Address or Domain FQDN.\r\nhttps://github.com/adrecon/ADRecon\r\nPage 3 of 5\n\n-Credential \u003cPSCredential\u003e\r\n Domain Credentials.\r\n-GenExcel \u003cString\u003e\r\n Path for ADRecon output folder containing the CSV files to generate the ADRecon-Report.xlsx. Use it to gener\r\n-OutputDir \u003cString\u003e\r\n Path for ADRecon output folder to save the CSV/XML/JSON/HTML files and the ADRecon-Report.xlsx. (The folder\r\n-Collect \u003cString\u003e\r\n Which modules to run (Comma separated; e.g Forest,Domain. Default all except ACLs, Kerberoast and DomainAcco\r\n Valid values include: Forest, Domain, Trusts, Sites, Subnets, SchemaHistory, PasswordPolicy, FineGrainedPass\r\n-OutputType \u003cString\u003e\r\n Output Type; Comma seperated; e.g CSV,STDOUT,Excel (Default STDOUT with -Collect parameter, else CSV and Exc\r\n Valid values include: STDOUT, CSV, XML, JSON, HTML, Excel, All (excludes STDOUT).\r\n-DormantTimeSpan \u003cInt\u003e\r\n Timespan for Dormant accounts. (Default 90 days)\r\n-PassMaxAge \u003cInt\u003e\r\n Maximum machine account password age. (Default 30 days)\r\n-PageSize \u003cInt\u003e\r\n The PageSize to set for the LDAP searcher object. (Default 200)\r\n-Threads \u003cInt\u003e\r\n The number of threads to use during processing objects (Default 10)\r\n-OnlyEnabled \u003cBool\u003e\r\n Only collect details for enabled objects.\r\n-Log \u003cSwitch\u003e\r\n Create ADRecon Log using Start-Transcript\r\n-Logo \u003cString\u003e\r\n Which Logo to use in the excel file? (Default ADRecon)\r\n Values include: ADRecon, CyberCX, Payatu.\r\nFuture Plans\r\nReplace System.DirectoryServices.DirectorySearch with System.DirectoryServices.Protocols and add\r\nsupport for LDAP STARTTLS and LDAPS (TCP port 636).\r\nAdd Domain Trust Enumeration.\r\nAdd option to filter default ACLs.\r\nGather ACLs for other objects such as Users, Group, etc.\r\nhttps://github.com/adrecon/ADRecon\r\nPage 4 of 5\n\nAdditional export and storage option: export to STDOUT, SQLite, xml, json, html, pdf.\r\nUse the EPPlus library for Excel Report generation and remove the dependency on MS Excel.\r\nList issues identified and provide recommended remediation advice based on analysis of the data.\r\nAdd PowerShell Core support.\r\nBugs, Issues and Feature Requests\r\nPlease report all bugs, issues and feature requests in the issue tracker. Or let me (@prashant3535) know directly.\r\nContributing\r\nPull request are always welcome.\r\nMad props\r\nThanks for the awesome work by @_wald0, @CptJesus, @harmj0y, @mattifestation, @PyroTek3,\r\n@darkoperator, @ITsecurityAU Team, @CTXIS Team, @CxCyber Team, @payatulabs Team and others.\r\nLicense\r\nADRecon is a tool which gathers information about the Active Directory and generates a report which can provide\r\na holistic picture of the current state of the target AD environment.\r\nThis program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General\r\nPublic License as published by the Free Software Foundation, either version 3 of the License, or (at your option)\r\nany later version.\r\nThis program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the\r\nimplied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero\r\nGeneral Public License for more details.\r\nYou should have received a copy of the GNU Affero General Public License along with this program. If not, see\r\nhttp://www.gnu.org/licenses/.\r\nThis program borrows and uses code from many sources. All attempts are made to credit the original author. If\r\nyou find that your code is used without proper credit, please shoot an insult to @prashant3535, Thanks.\r\nSource: https://github.com/adrecon/ADRecon\r\nhttps://github.com/adrecon/ADRecon\r\nPage 5 of 5", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://github.com/adrecon/ADRecon" ], "report_names": [ "ADRecon" ], "threat_actors": [], "ts_created_at": 1775434774, "ts_updated_at": 1775791229, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/58ed11d5b03d4e038157ff07f81ce69371fed848.pdf", "text": "https://archive.orkl.eu/58ed11d5b03d4e038157ff07f81ce69371fed848.txt", "img": "https://archive.orkl.eu/58ed11d5b03d4e038157ff07f81ce69371fed848.jpg" } }