Cradicle Explorer
LDAPmonitor
/ powershell / README.md
README.md
 1  # Powershell LDAP Monitor
 2  
 3  <p align="center">
 4    <img alt="GitHub all releases" src="https://img.shields.io/github/downloads/p0dalirius/LDAPmonitor/total">
 5    <img alt="GitHub release (latest by date)" src="https://img.shields.io/github/v/release/p0dalirius/LDAPmonitor">
 6    <a href="https://twitter.com/intent/follow?screen_name=podalirius_" title="Follow"><img src="https://img.shields.io/twitter/follow/podalirius_?label=Podalirius&style=social"></a>
 7    <br>
 8  </p>
 9  
10  Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration!
11  
12  With this script you can quickly see if your attack worked and if it changed LDAP attributes of the target object. You can also directly see if you're locking accounts!
13  
14  ![](./imgs/example.png)
15  
16  ## Features
17  
18   - [x] LDAPS support.
19   - [x] Random delay in seconds between queries.
20   - [x] Custom delay in seconds between queries.
21   - [x] Save output to logfile.
22   - [x] Custom page size for paged queries.
23   - [x] Multiple authentication methods:
24     - with user and password.
25     - as current shell user
26  
27  ## Limitations
28  
29  LDAP paged queries returns **pageSize** results per page, and it takes approximately 1 second to query a page. Your monitoring refresh rate is **(number of LDAP objects // pageSize)** seconds. On most domain controllers **pageSize = 5000**.
30  
31  ## Usage
32  
33  ```
34  PS C:\Users\dev\> .\psLDAPmonitor.ps1 -Help
35  [+]======================================================
36  [+] Powershell LDAP live monitor v1.1      @podalirius_
37  [+]======================================================
38  
39  Required arguments:
40    -dcip       : LDAP host to target, most likely the domain controller.
41  
42  Optional arguments:
43    -Help       : Displays this help message
44    -Username   : User to authenticate as.
45    -Password   : Password for authentication.
46    -PageSize   : Sets the LDAP page size to use in queries (default: 5000).
47    -LDAPS      : Use LDAPS instead of LDAP.
48    -LogFile    : Log file to save output to.
49    -Delay      : Delay between two queries in seconds (default: 1).
50    -Randomize  : Randomize delay between two queries, between 1 and 5 seconds.
51  ```
52  
53  ## Quick start
54  
55  - Authenticate with a password:
56  
57     ```powershell
58     .\psLDAPmonitor.ps1 -dcip 192.168.2.1 -Username "LAB\user1" -Password "October2021!"
59     ```
60  
61  - Authenticate as the current shell user:
62  
63     ```powershell
64     .\psLDAPmonitor.ps1 -dcip 192.168.2.1
65     ```
66  
67  ## Contributing
68  
69  Pull requests are welcome. Feel free to open an issue if you want to add other features.