automato should help with automating some of the user-focused enumeration tasks during an internal penetration test.
automato is also capable of conducting limited brute force attacks such as:
- Testing to see if a list of users with a common password exists in the target domain
- Identifying if a domain user is a local administrator against machines in the target domain
skawa-mbp:automato $ ruby automato.rb Written by: Sanjiv Kawa Twitter: @skawasec Usage: ruby automato.rb [options] Main Arguments: -d, --domain DOMAIN The target domain. -u, --username USERNAME A domain user account name. -p, --password PASSWORD The password for the corresponding domain user account. -i, --ip DC_IP The IP address of a domain controller with RPC and LDAP listening. Options: -a, --all Run a bulk of automato's features. Enumerate all domain groups, administrators, computers and user account attributes. -c, --domain-users Get all domain users in the domain. -g, --groups Get all domain groups for the domain. -m, --member GROUP List all users in a specified domain group. Make sure you escape spaces with a backslash! -t, --attributes Get the domain account attributes for all domain users. -b, --bad Get the bad password count for all domain users. -z, --du-hunter USER_FILE Brute force a list of common usernames with a common password against the target domain. -l, --la-hunter IP_FILE Test if a domain user is a local admin against a list of IP addresses with SMB listening in the target domain.