adscan

v9.1.0 suspicious
5.0
Medium Risk

Free Active Directory pentesting CLI for AD enumeration, attack paths, Kerberoasting, AS-REP roasting, ADCS, DCSync, password spraying, and CTF labs.

πŸ€– AI Analysis

Final verdict: SUSPICIOUS

The package exhibits moderate risks due to its potential for network and shell execution activities. While there is no clear evidence of malicious intent, the combination of these factors warrants further investigation.

  • network communication risk
  • potential for shell execution
Per-check LLM notes
  • Network: The network patterns suggest the package may be performing external communications which could be for legitimate purposes like updates or telemetry but require scrutiny.
  • Shell: The shell execution patterns indicate the package might perform system checks, potentially for functionality verification, but also pose a risk for unauthorized system modification.
  • Obfuscation: No obfuscation patterns detected, indicating low risk of malicious activity related to code obfuscation.
  • Credentials: No credential harvesting patterns detected, suggesting the package does not pose a threat for stealing secrets or credentials.
  • Metadata: The maintainer has only one package, which could indicate a new or less active account, raising some suspicion but not definitive evidence of malice.

πŸ”¬ Heuristic Checks

⚠ Outbound Network Calls score 3.0

Found 2 network call pattern(s)

  • r: - pip install operations - requests.post() calls - Any TLS/HTTPS operations in PyInstaller binaries "
  • es. This is critical for requests.post() and other TLS operations in telemetry. """ system_
βœ“ Code Obfuscation

No obfuscation patterns detected

⚠ Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • try: result = subprocess.run( ["getcap", candidate_path],
  • str(target)] result = subprocess.run(cmd, check=False) return result.returncode == 0
  • .""" try: proc = subprocess.run( ["ss", "-ltnp", f"sport = :{port}"],
  • .""" try: proc = subprocess.run( ["lsof", f"-iTCP:{port}", "-sTCP:LISTEN", "-Pn"
  • pture enabled.""" return subprocess.run( argv, capture_output=True, text=Tru
  • lse try: probe = subprocess.run( # noqa: S603 ["sudo", "-n", "true"],
βœ“ Credential Harvesting

No credential harvesting patterns detected

βœ“ Typosquatting

No typosquatting candidates detected

βœ“ Registered Email Domain

No author email provided

βœ“ Suspicious Page Links

All external links appear legitimate

βœ“ Git Repository History

Repository ADscanPro/adscan appears legitimate

⚠ Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "ADscan" appears to have only 1 package on PyPI (new or inactive account)
βœ“ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

πŸ’‘ AI App Starter Prompt

Use this prompt to build a project with adscan 
Create a Python-based mini-application named 'ADSecureChecker' that leverages the 'adscan' package to enhance security assessments within Active Directory environments. This tool will be designed to assist IT professionals in identifying potential vulnerabilities and weaknesses in their AD infrastructure through various security checks. Here’s a detailed breakdown of the steps and features your application should include:

1. **User Authentication**: Begin by allowing users to authenticate against an Active Directory domain using valid credentials. Ensure that the user interface prompts for domain, username, and password inputs.
2. **AD Enumeration**: Utilize 'adscan' to enumerate all available objects in the target AD environment, such as users, groups, computers, and services. Display this information in a structured format for easy review.
3. **Attack Path Analysis**: Implement functionality to identify possible attack vectors and pathways within the AD structure. Highlight critical paths that could lead to privilege escalation or unauthorized access.
4. **Kerberoasting Check**: Integrate 'adscan' to perform Kerberoasting attacks, which involve extracting service account tickets from the network and attempting to crack them offline. Provide a report on any high-risk service accounts identified.
5. **AS-REP Roasting Detection**: Use 'adscan' capabilities to detect and simulate AS-REP Roasting attacks, where attackers attempt to exploit Kerberos authentication flaws. Generate a summary of potentially vulnerable service accounts.
6. **DCSync Simulation**: Simulate a DCSync attack to check if Domain Controllers are susceptible to having their Active Directory database replicated by unauthorized users. Offer recommendations based on the simulation results.
7. **Password Spraying Scan**: Incorporate a feature to scan for weak passwords across the AD environment by attempting logins with common passwords. Clearly indicate accounts at risk due to weak password policies.
8. **Reporting Module**: Develop a comprehensive reporting module that consolidates all findings into a single, easily digestible report. Include actionable insights and recommendations for improving AD security.
9. **User Interface**: While primarily command-line driven, consider adding a simple graphical user interface (GUI) using a library like Tkinter for ease of use.

Each feature should be thoroughly documented and tested to ensure reliability and accuracy. Emphasize the importance of ethical usage and the necessity for permission before running any security assessment tools.