Coverage: A Python-based tool for analyzing Active Directory security

Domain Coverage Analysis Tool

Tool for analyzing domain security based on various data sources:

• LDAP domain dump
• NTDS.dit dump
• Hashcat output

List modules

uv run main.py -l

Available modules:

• – reversible_encryption
• – passwords_reuse
• – weak_passwords
• – passwords_in_description
• – kerberoasting
• – pre2k
• – asreproasting
• – unconstrained_delegation

Installation

git clone https://github.com/PShlyundin/Coverage.git
uv venv
uv pip install -r requirements.txt
uv run main.py -h

Use

Preparation

To run the script, you need to have the output of ldapdomaindump, secretsdump and the result of a brute-force attack on the obtained *.ntds file

Analysis using 3 modules:

[pastacode lang=”bash” manual=”uv%20run%20main.py%20–ldd%20ldapdomaindump%20–ntds%20DUMP%20–hashcat%20DUMP%2FDUMP.ntds.out%20-m%20passwords_reuse%2Cweak_passwords%2Cpasswords_in_description%0AParsing%20LDAP%20data…%0AParsing%20NTDS%20data…%0AParsing%20Hashcat%20output…%0ALoaded%203%20modules%0ARunning%20modules…%0ABuilding%20report%20to%20report.md…%0ADone!” message=”” highlight=”” provider=”manual”/]

Module Development

To create a new module:

1. Create a new directory in modules/
2. Create module.py implementing IModule interface
3. Create template.md with Jinja2 template for report

Example module structure:

[pastacode lang=”markup” manual=”modules%2Fmy_module%2F%0A%E2%94%9C%E2%94%80%E2%94%80%20module.py%0A%E2%94%94%E2%94%80%E2%94%80%20template.md” message=”” highlight=”” provider=”manual”/]

Source: https://github.com/PShlyundin/

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy