BTA is an open-source Active Directory security audit framework. Its goal is to help auditors harvest the information they need to answer such questions as:

• Who has rights over a given object (computer, user account, etc.) ?
• Who can read a given mailbox ?
• Which are the accounts with domain admin rights ?
• Who has extended rights (userForceChangePassword, SendAs, etc.) ?
• What are the changes done on an AD between two points in time ?

The framework is made of

• an importer able to translate a ntds.dit file, containing all the AD data, into a database
• tools to query the database
  • AD miner framework
  • AD diff utility
  • small utilities (list of databases, etc.)

The comprehensive set of attributes are imported and can be quarried including all schema extensions (Exchange, Sharepoint, etc.).

BTA – Active Directory security audit framework

If you are using Active Directory on your network it will be important to scan/fix vulnerabilities on going and make configuration check using BTA to report any misconfguration on the system.

You can read more and download BTA here: https://github.com/airbus-seclab/