This is really a great project, it helped me a lot in the real world, if I am free I am very willing to help you improve and improve this project, here I would like to make a few small suggestions for continued progress
The first point, you can continue to add more AD domain vulnerability detection in the vuln_checks module, such as HiveNightmare, Printspooler family (Nightmare and Demon) and Exchange server vulnerability detection, which is very important, because in reality Exchange is very high privilege, and easy to to attack and if the attack is successful very easy to threaten the domain controller, so I felt the need to add a check for Exchange vulnerability
(CVE-2018-8581, CVE-2020-0688, CVE-2020-16875, CVE-2021-34473, CVE-2021-26855/CVE-2021-27065, CVE-2022-41040/CVE-2022-41082)
The second point is that I think we can add an automated capture of all tour passwords in the pwd_dump module, which can be combined with LaZagne, which is a great tool, you know, in the actual infiltration of the tour passwords are likely to be a breakthrough!!! So I think it's feasible
Having said that, I hope very much that this tool will get better and better, and thank you very much for your open source spirit, keep moving!!!
Translated with www.DeepL.com/Translator (free version)
lefayjey
commented
1 year ago
This is really a great project, it helped me a lot in the real world, if I am free I am very willing to help you improve and improve this project, here I would like to make a few small suggestions for continued progress The first point, you can continue to add more AD domain vulnerability detection in the vuln_checks module, such as HiveNightmare, Printspooler family (Nightmare and Demon) and Exchange server vulnerability detection, which is very important, because in reality Exchange is very high privilege, and easy to to attack and if the attack is successful very easy to threaten the domain controller, so I felt the need to add a check for Exchange vulnerability (CVE-2018-8581, CVE-2020-0688, CVE-2020-16875, CVE-2021-34473, CVE-2021-26855/CVE-2021-27065, CVE-2022-41040/CVE-2022-41082) The second point is that I think we can add an automated capture of all tour passwords in the pwd_dump module, which can be combined with LaZagne, which is a great tool, you know, in the actual infiltration of the tour passwords are likely to be a breakthrough!!! So I think it's feasible
Having said that, I hope very much that this tool will get better and better, and thank you very much for your open source spirit, keep moving!!!
Translated with www.DeepL.com/Translator (free version)