KnowsMore: swiss army knife tool for pentesting Microsoft Active Directory
KnowsMore
KnowsMore is a Swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes, BloodHound, NTDS, and DCSync).
Main features
- Import NTLM Hashes from .ntds output txt file (generated by CrackMapExec or secretsdump.py)
- Import NTLM Hashes from NTDS.dit and SYSTEM
- Import Cracked NTLM hashes from hashcat output file
- Import BloodHound ZIP or JSON file
- BloodHound importer (import JSON to Neo4J without BloodHound UI)
- Analyse the quality of the password (length, lower case, upper case, digit, special and latin)
- Analyse the similarity of password with company and user name
- Search for users, passwords, and hashes
- Export all cracked credentials direct to BloodHound Neo4j Database as ‘owned object’
- Other amazing features…
Install
pip3 install –upgrade knowsmore
Use
Execution Flow
There is no obligation order to import data, but to get better correlation data we suggest the following execution flow:
- Create database file
- Import BloodHound files
- Domains
- GPOs
- OUs
- Groups
- Computers
- Users
- Import NTDS file
- Import cracked hashes
Tutorial
Copyright (C) 2023 helviojunior
