ADMiner 是一种 Active Directory 审核工具,它利用密码查询来处理 BloodHound 图形数据库 (neo4j) 中的数据,并通过基于 Web 的静态报告为您提供现有弱点的全局概述,包括详细列表、动态图表、关键指标历史记录、以及风险评级。
您还可以观察一段时间内的指标,以帮助衡量缓解效率。
下面提供了 AD Miner 中已经实现的控件列表:
1. 安装
- git clone https://github.com/Mazars-Tech/AD_Miner.git
- pip install -r requirements.txt
- AD-miner [-h] [-b BOLT] [-u USERNAME] [-p PASSWORD] [-e EXTRACT_DATE] [-r RENEWAL_PASSWORD] [-a] [-c] [-l LEVEL] -cf CACHE_PREFIX [-ch NB_CHUNKS] [-co NB_CORES] [--rdp] [--evolution EVOLUTION] [--cluster CLUSTER]
- Example:
- AD-miner -c -cf My_Report -u neo4j -p mypassword
- AD-miner -c -cf My_Report -b bolt://server1:7687 -u neo4j -p mypassword --cluster server1:7687:32,server2:7687:16
- -h, --help Show this help message and exit
- -b, --bolt Neo4j bolt connection (default: bolt://127.0.0.1:7687)
- -u, --username Neo4j username (default : neo4j)
- -p, --password Neo4j password (default : neo5j)
- -e, --extract_date Extract date (e.g., 20220131). Default: last logon date
- -r, --renewal_password Password renewal policy in days. Default: 90
- -a, --azure Use Azure relations
- -c, --cache Use local file for neo4j data
- -l, --level Recursive level for path queries
- -cf, --cache_prefix Cache file to use (in case of multiple company cache files)
- -ch, --nb_chunks Number of chunks for parallel neo4j requests. Default : number of CPU
- -co, --nb_cores Number of cores for parallel neo4j requests. Default : number of CPU
- --gpo_low Perform a faster but incomplete query for GPO
- --rdp Include the CanRDP edge in graphs
- --evolution Evolution over time : location of json data files. ex : '../../tests/'
- --cluster Nodes of the cluster to run parallel neo4j queries. ex : host1:port1:nCore1,host2:port2:nCore2,...
|
