CrackMapExec – Tool for pentesting Windows/Active Directory

Corporate network is becoming more and more relying on active directory where system administrator define roles and groups for users. This is important for accountability and auditing beside admin will have a better and simpler system administration. If you are looking to run a pentest on Active directory environment you can use CrackMapExec.

CrackMapExec tool allows to enumerate logged on users and spidering SMB shares including folders files and directories. some of the enumeration options is to check UAC status, enumerate disks, enumerate users, dump password policy and bruteforcing RID’s.



The tool also integrates mimikatz for credential gathering and dump the NTDS.dit from targeted domain controller. CrackMapExec is a Python script based and uses only native WinAPI calls for discovering sessions, users, dumping SAM hashes.

You can add it to Kali distribution or use it separately and you can download the tool over this link:

Notify of
Inline Feedbacks
View all comments