knowsmore: A swiss army knife tool for pentesting Microsoft Active Directory
Knows More
KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes, BloodHound, NTDS and DCSync).
Main features
- Import NTLM Hashes from .ntds output txt file (generated by CrackMapExec or secretsdump.py)
- Import NTLM Hashes from NTDS.dit and SYSTEM
- Import Cracked NTLM hashes from hashcat output file
- Import BloodHound ZIP or JSON file
- BloodHound importer (import JSON to Neo4J without BloodHound UI)
- Analyse the quality of password (length , lower case, upper case, digit, special and latin)
- Analyse similarity of password with company and user name
- Search for users, passwords and hashes
- Export all cracked credentials direct to BloodHound Neo4j Database as ‘owned object’
- Other amazing features…
Execution Flow
There is no an obligation order to import data, but to get better correlation data we suggest the following execution flow:
- Create database file
- Import BloodHound files
- Domains
- GPOs
- OUs
- Groups
- Computers
- Users
- Import NTDS file
- Import cracked hashes
