search

blacklanternsecurity / writehat

A pentest reporting tool written in Python. Free yourself from Microsoft Word.
GNU General Public License v3.0
1.27k stars 225 forks source link

Add Active Directory Group Membership Filter #84

Closed aconite33 closed 1 year ago

aconite33 commented 1 year ago

Summary

This PR adds the ability for WriteHat to filter authenticated users to a group membership.

Currently, WriteHat can only filter based on a base scope, e.g., ou=OrgUnit,dc=corp,dc=local. Anyone within the OU OrgUnit would be able to authenticate into the WriteHat instance.

This PR would allow to filter authorized users to a group membership within the OU, e.g. CN=SomeGroupName,OU=OrgUnit,dc=corp,dc=local

Details

git diff --name-status github-dev
M       writehat/config/writehat.conf # Added functionality to include the filter option, with examples
A       writehat/lib/auth.py # Added filter search based on Active Directory using the ldap module for Django
M       writehat/settings.py # Directed the ldap module for Django to use the auth.py module for search filtering criteria
aconite33 commented 1 year ago

@TheTechromancer Can I get your review on this? We can submit when you confirm.