diff --git a/README.md b/README.md index 3611dcc..131583e 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ # Invoke-ADEnum ![ADEnum](https://github.com/Leo4j/Invoke-ADEnum/assets/61951374/93fe1fed-6056-4ba0-ae5b-6f3ac4c62ddc) -### Active Directory Enumeration +## Active Directory Enumeration Invoke-ADEnum is an enumeration tool designed to automate the process of gathering information from an Active Directory environment. With Invoke-ADEnum, you can enumerate various aspects of Active Directory, including forests, domains, trusts, domain controllers, users, groups, computers, shares, subnets, ACLs, OUs, GPOs, and more. @@ -16,7 +16,7 @@ HTML Example_Report generated by Invoke-ADEnum: https://leo4j.github.io/Invoke-A ![ADEnum](https://github.com/Leo4j/Invoke-ADEnum/assets/61951374/67527c9b-330b-4437-8d4d-7b7d5742607e) -### Usage +## Usage Load the script in memory: @@ -36,12 +36,6 @@ Check your targets first, and make sure you stay in scope Invoke-ADEnum -TargetsOnly ``` -Recommended Coverage - -``` -Invoke-ADEnum -SprayEmptyPasswords -FindLocalAdminAccess -RBCD -UserCreatedObjects -WeakPermissions -MoreGPOs -AllDescriptions -``` - Specify a single domain to enumerate and a DC to bind to ``` @@ -54,20 +48,29 @@ Exclude out-of-scope domains Invoke-ADEnum -Exclude "contoso.local,domain.local" ``` -Save collection data to disk, then load it from disk and skip collection next time you run (Location: c:\Users\Public\Documents\Invoke-ADEnum) +## Recommended Usage/Coverage + +For optimal results, I recommend running Invoke-ADEnum in two phases: an initial quick assessment followed by a more thorough analysis. +Consider saving data to disk during the first pass to avoid redundant data collection on the second pass. ``` -Invoke-ADEnum -SaveToDisk +Invoke-ADEnum -SaveToDisk -FindLocalAdminAccess ### Save Location: C:\Users\Public\Documents\Invoke-ADEnum ``` + +On the second pass, reload the previously saved data from disk and perform more checks, such as Empty-Password Spraying, RBCD, User-Created Objects, Weak Permissions (it may take a very long time to complete depending on domain size), and potentially abusable GPOs. + ``` -Invoke-ADEnum -LoadFromDisk +Invoke-ADEnum -LoadFromDisk -SprayEmptyPasswords -FindLocalAdminAccess -RBCD -UserCreatedObjects -WeakPermissions -MoreGPOs -AllDescriptions ``` -Full Coverage (may take a long time depending on domain size) +## Full Coverage + +Run all available checks that Invoke-ADEnum can perform. It can be very time-consuming, especially in large domains. ``` Invoke-ADEnum -AllEnum -Force ``` + # Disclaimer Invoke-ADEnum is intended exclusively for research, education, and authorized testing. Its purpose is to assist professionals and researchers in identifying vulnerabilities and enhancing system security.