ADRecon Active Directory Recon

Active directory environment may help to control access and track permissions for each user according to predefined profile and groups. There are many tools can be used to audit AD and provide a picture if there are vulnerabilities or security issues. If you are looking to have more visibility for the configuration and settings you can use ADRecon.

ADRecon provides a holistic picture of the current state of AD environment. This tool can be used by Bleu Team, Purple Team, Red Team, System Administrators or just security professional to extract and combines various   artefacts out of an AD environment. The information can be presented in a specially formatted Microsoft Excel report that includes summary views with metrics to facilitate analysis.

The tool is useful to various classes of security professionals like auditors, DFIR, students, administrators, etc. It can also be an invaluable post-exploitation tool for a penetration tester.

ADRecon report sample

ADRecon report sample

The following modules included with the tool:

  • Forest
  • Domain
  • Trusts
  • Sites
  • Subnets
  • Default Password Policy
  • Fine Grained Password Policy (if implemented)
  • Domain Controllers, SMB versions, whether SMB Signing is supported and FSMO roles
  • Users and their attributes
  • Service Principal Names (SPNs)
  • Groups and memberships
  • Organizational Units (OUs)
  • ACLs for the Domain, OUs, Root Containers and GroupPolicy objects
  • Group Policy Object details
  • DNS Zones and Records
  • Printers
  • Computers and their attributes
  • LAPS passwords (if implemented)
  • BitLocker Recovery Keys (if implemented) 
  • GPOReport (requires RSAT).

You can download the latest release over here:

Notify of
Inline Feedbacks
View all comments