Home page logo
/
Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News

Sponsors


File ldap-search

Script types: portrule
Categories: discovery, safe
Download: http://nmap.org/svn/scripts/ldap-search.nse

User Summary

Attempts to perform an LDAP search and returns all matches.

If no username and password is supplied to the script the Nmap registry is consulted. If the ldap-brute script has been selected and it found a valid account, this account will be used. If not anonymous bind will be used as a last attempt.

Script Arguments

ldap.searchattrib

When used with the 'custom' qfilter, this parameter works in conjunction with ldap.searchvalue to allow the user to specify a custom attribute and value as search criteria.

ldap.maxobjects

If set, overrides the number of objects returned by the script (default 20). The value -1 removes the limit completely.

ldap.qfilter

If set, specifies a quick filter. The library does not support parsing real LDAP filters. The following values are valid for the filter parameter: computer, users, ad_dcs, custom or all. If no value is specified it defaults to all.

ldap.attrib

If set, the search will include only the attributes specified. For a single attribute a string value can be used, if multiple attributes need to be supplied a table should be used instead.

ldap.searchvalue

When used with the 'custom' qfilter, this parameter works in conjunction with ldap.searchattrib to allow the user to specify a custom attribute and value as search criteria. This parameter DOES PERMIT the use of the asterisk '*' as a wildcard.

ldap.password

If set, used together with the username to authenticate to the LDAP server

ldap.savesearch

If set, the script will save the output to a file beginning with the specified path and name. The file suffix of .CSV as well as the hostname and port will automatically be added based on the output type selected.

ldap.username

If set, the script will attempt to perform an LDAP bind using the username and password

ldap.base

If set, the script will use it as a base for the search. By default the defaultNamingContext is retrieved and used. If no defaultNamingContext is available the script iterates over the available namingContexts

unittest.run

See the documentation for the unittest library.

Example Usage

nmap -p 389 --script ldap-search --script-args 'ldap.username="cn=ldaptest,cn=users,dc=cqure,dc=net",ldap.password=ldaptest,
ldap.qfilter=users,ldap.attrib=sAMAccountName' <host>

nmap -p 389 --script ldap-search --script-args 'ldap.username="cn=ldaptest,cn=users,dc=cqure,dc=net",ldap.password=ldaptest,
ldap.qfilter=custom,ldap.searchattrib="operatingSystem",ldap.searchvalue="Windows *Server*",ldap.attrib={operatingSystem,whencreated,OperatingSystemServicePack}' <host>

Script Output

PORT    STATE SERVICE REASON
389/tcp open  ldap    syn-ack
| ldap-search:
|   DC=cqure,DC=net
|     dn: CN=Administrator,CN=Users,DC=cqure,DC=net
|         sAMAccountName: Administrator
|     dn: CN=Guest,CN=Users,DC=cqure,DC=net
|         sAMAccountName: Guest
|     dn: CN=SUPPORT_388945a0,CN=Users,DC=cqure,DC=net
|         sAMAccountName: SUPPORT_388945a0
|     dn: CN=EDUSRV011,OU=Domain Controllers,DC=cqure,DC=net
|         sAMAccountName: EDUSRV011$
|     dn: CN=krbtgt,CN=Users,DC=cqure,DC=net
|         sAMAccountName: krbtgt
|     dn: CN=Patrik Karlsson,CN=Users,DC=cqure,DC=net
|         sAMAccountName: patrik
|     dn: CN=VMABUSEXP008,CN=Computers,DC=cqure,DC=net
|         sAMAccountName: VMABUSEXP008$
|     dn: CN=ldaptest,CN=Users,DC=cqure,DC=net
|_        sAMAccountName: ldaptest


PORT    STATE SERVICE REASON
389/tcp open  ldap    syn-ack
| ldap-search:
|   Context: DC=cqure,DC=net; QFilter: custom; Attributes: operatingSystem,whencreated,OperatingSystemServicePack
|     dn: CN=USDC01,OU=Domain Controllers,DC=cqure,DC=net
|         whenCreated: 2010/08/27 17:30:16 UTC
|         operatingSystem: Windows Server 2008 R2 Datacenter
|         operatingSystemServicePack: Service Pack 1
|     dn: CN=TESTBOX,OU=Test Servers,DC=cqure,DC=net
|         whenCreated: 2010/09/04 00:33:02 UTC
|         operatingSystem: Windows Server 2008 R2 Standard
|_        operatingSystemServicePack: Service Pack 1

Requires


Author: Patrik Karlsson

License: Same as Nmap--See http://nmap.org/book/man-legal.html

Nmap Site Navigation

Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]