ldap

package
v0.0.192 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 15, 2026 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Index

Constants

View Source 
const (

	// DefaultSearchSizeLimit is the SEARCH entry cap applied when the caller does
	// not specify one. It is also the documented default for the CLI
	// `--search-size-limit` flag so the two stay in sync.
	DefaultSearchSizeLimit = 100
)

Variables

This section is empty.

Functions

func AuthenticateUser 

func AuthenticateUser(ctx context.Context, target *Target, username, password string, timeout int) (bool, string, error)

AuthenticateUser attempts to authenticate a single user with a password against LDAP

func AuthenticateUserKeepConnection added in v0.0.76 

func AuthenticateUserKeepConnection(ctx context.Context, target *Target, username, password string, timeout int) (bool, string, *ldap.Conn, error)

AuthenticateUserKeepConnection performs LDAP authentication and keeps the connection open on success

func AuthenticateUserWithHash added in v0.0.61 

func AuthenticateUserWithHash(ctx context.Context, target *Target, username, ntlmHash string, timeout int) (bool, string, error)

AuthenticateUserWithHash attempts to authenticate a single user with NTLM hash against LDAP

func EnumerateUsers 

func EnumerateUsers(ctx context.Context, target *Target, usernames []string, timeout int) ([]string, []string, error)

EnumerateUsers performs username enumeration against LDAP Returns a list of valid usernames found in the directory

func PerformAuthenticationWithContext added in v0.0.61 

func PerformAuthenticationWithContext(ctx context.Context, target string, config *ldapfern.PentestLdapConfig) (*pentestfern.AuthResult, error)

PerformAuthenticationWithContext performs LDAP authentication attempts with context

func PerformAuthenticationWithContextAndConnection added in v0.0.76 

func PerformAuthenticationWithContextAndConnection(ctx context.Context, target string, config *ldapfern.PentestLdapConfig) (*pentestfern.AuthResult, *ldap.Conn, error)

PerformAuthenticationWithContextAndConnection performs LDAP authentication attempts and returns authenticated connection

func PerformProbe added in v0.0.61 

func PerformProbe(ctx context.Context, target string, config *ldapfern.PentestLdapConfig) (*ldapfern.ProbeResult, error)

PerformProbe performs LDAP server information gathering without authentication

func RunPentest added in v0.0.154 

func RunPentest(ctx context.Context, config *ldapfern.PentestLdapConfig) (*ldapfern.PentestLdapReport, error)

RunPentest performs LDAP pentest operations using 3-stage phased approach

func SprayPasswords 

func SprayPasswords(ctx context.Context, target *Target, usernames []string, password string, timeout int, delayMs int) (map[string]bool, []string, error)

SprayPasswords performs password spraying against multiple users

func SprayPasswordsWithHash added in v0.0.61 

func SprayPasswordsWithHash(ctx context.Context, target *Target, usernames []string, ntlmHash string, timeout int, delayMs int) (map[string]bool, []string, error)

SprayPasswordsWithHash performs pass-the-hash spraying against multiple users using NTLM hash

func TestConnection 

func TestConnection(ctx context.Context, target *Target, timeout int) error

TestConnection tests connectivity to the LDAP service

Types

type LibraryPentestLdap added in v0.0.54 

type LibraryPentestLdap struct{}

func (*LibraryPentestLdap) DomainDump added in v0.0.54 

func (l *LibraryPentestLdap) DomainDump(ctx context.Context, config ldapfern.PentestLdapConfig) (*ldapfern.PentestLdapResult, []string)

func (*LibraryPentestLdap) DomainDumpWithAuth added in v0.0.76 

func (l *LibraryPentestLdap) DomainDumpWithAuth(ctx context.Context, conn *ldap.Conn, baseDN string, config ldapfern.PentestLdapConfig) (*ldapfern.DomainDumpResult, []string)

DomainDumpWithAuth performs domain dump using an authenticated LDAP connection This is called from the engine's executeLDAPActionsWithAuth to avoid re-authentication

func (*LibraryPentestLdap) PentestLdap added in v0.0.54 

func (l *LibraryPentestLdap) PentestLdap(ctx context.Context, config ldapfern.PentestLdapConfig) (*ldapfern.PentestLdapResult, []string)

PentestLdap performs LDAP penetration testing based on the provided configuration

func (*LibraryPentestLdap) SearchWithAuth added in v0.0.188 

func (l *LibraryPentestLdap) SearchWithAuth(ctx context.Context, conn *ldap.Conn, baseDN string, config ldapfern.PentestLdapConfig) (*ldapfern.SearchResult, []string)

SearchWithAuth performs an arbitrary authenticated LDAP search over an existing authenticated connection. Base DN, filter, scope, attributes and size limit are taken from the search config, falling back to the discovered base DN and a permissive default filter when unset.

type StealthContext added in v0.0.69 

type StealthContext struct {
	QueryCount     int
	MaxQueries     int
	SleepPtr       *int
	JitterPtr      *int
	MinimalQueries bool
	Logger         svc1log.Logger
}

StealthContext tracks stealth parameters and query count

func (*StealthContext) IncrementQuery added in v0.0.69 

func (sc *StealthContext) IncrementQuery()

IncrementQuery increments query count and applies stealth delay

func (*StealthContext) ShouldContinue added in v0.0.69 

func (sc *StealthContext) ShouldContinue() bool

ShouldContinue checks if more queries are allowed

type Target 

type Target struct {
	Host   string
	Port   int
	BaseDN string
	Domain string
	UseSSL bool
	UseTLS bool
}

Target represents an LDAP server target

func ParseTarget 

func ParseTarget(target string) (*Target, error)

ParseTarget parses a target string into Target Supports formats: host:port, host Port 636 enables SSL (LDAPS), port 389 uses plain LDAP

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.