ADRecon
- Thiru T
- Nov 29, 2024
- 1 min read
Great tool for gathering information about a victim's Microsoft Active Directory (AD) environment, with support for Excel outputs.
It can be run from any workstation that is connected to the environment, even hosts that are not domain members.
Prerequisites
.NET Framework 3.0 or later (Windows 7 includes 3.0)
PowerShell 2.0 or later (Windows 7 includes 2.0)
Install: (Git)
Install: (Download)
You can download a zip archive of the latest release.
Usage:
# To run ADRecon on a domain member host.
PS C:\> .\ADRecon.ps1
# To run ADRecon on a domain member host as a different user.
PS C:\>.\ADRecon.ps1 -DomainController <IP or FQDN> -Credential <domain\username>
# To run ADRecon on a non-member host using LDAP.
PS C:\>.\ADRecon.ps1 -Protocol LDAP -DomainController <IP or FQDN> -Credential <domain\username>
# To run ADRecon with specific modules on a non-member host with RSAT. (Default OutputType is STDOUT with -Collect parameter)
PS C:\>.\ADRecon.ps1 -Protocol ADWS -DomainController <IP or FQDN> -Credential <domain\username> -Collect Domain, DomainControllersFull usage and parameter information can be found here.
Comments