Coverage: A Python-based tool for analyzing Active Directory security

by · Published · Updated

Domain Coverage Analysis Tool

Tool for analyzing domain security based on various data sources:

  • LDAP domain dump
  • NTDS.dit dump
  • Hashcat output

List modules

uv run main.py -l

Available modules:

  • – reversible_encryption
  • – passwords_reuse
  • – weak_passwords
  • – passwords_in_description
  • – kerberoasting
  • – pre2k
  • – asreproasting
  • – unconstrained_delegation

Installation

git clone https://github.com/PShlyundin/Coverage.git
uv venv
uv pip install -r requirements.txt
uv run main.py -h

Use

Preparation

To run the script, you need to have the output of ldapdomaindump, secretsdump and the result of a brute-force attack on the obtained *.ntds file

mkdir ldapdomaindump && cd ldapdomaindump
ldapdomaindump -u vulnad.local\\Administrator -p "1qaz@WSX" 10.10.10.10

cd .. && mkdir DUMP
secretsdump.py vulnad.local/Administrator:1qaz@WSX@10.10.10.10 -outputfile DUMP/DUMP

hashcat -m 1000 DUMP/DUMP.ntds -o DUMP/DUMP.ntds.out /usr/share/wordlists/rockyou.txt

Analysis using 3 modules:

uv run main.py --ldd ldapdomaindump --ntds DUMP --hashcat DUMP/DUMP.ntds.out -m passwords_reuse,weak_passwords,passwords_in_description
Parsing LDAP data...
Parsing NTDS data...
Parsing Hashcat output...
Loaded 3 modules
Running modules...
Building report to report.md...
Done!

Module Development

To create a new module:

  1. Create a new directory in modules/
  2. Create module.py implementing IModule interface
  3. Create template.md with Jinja2 template for report

Example module structure:

modules/my_module/
├── module.py
└── template.md

Source: https://github.com/PShlyundin/