Journal of Research and Review: Hacking Techniques and Information Security Systems (e-ISSN:3107-9318)

Open Access  Subscription Access

Active Directory remains a critical infrastructure component in enterprise environments, yet its comprehensive security assessment often requires multiple disparate tools and frameworks. This paper presents an automated Active Directory enumeration tool designed to streamline security assessments and penetration testing operations. Our lightweight, modular Python-based utility leverages the impacket library to conduct native reconnaissance across multiple attack vectors including SMB, LDAP, WinRM, MSSQL, FTP, ADCS, and SSH protocols. The tool supports multiple authentication mechanisms including credentialed access, pass-the-hash authentication, and null session enumeration, enabling comprehensive domain reconnaissance from various privilege levels. Key capabilities include domain password policy extraction, user and computer enumeration, LDAP-based privilege attribute analysis, Active Directory Certificate Services vulnerability detection, and automated multi-threaded port scanning with service identification. Our implementation demonstrates reduced assessment overhead compared to larger frameworks while maintaining granular control and cross-platform compatibility. Evaluation against standard enterprise AD configurations shows significant improvements in enumeration efficiency and coverage of common misconfigurations. This tool addresses the critical need for lightweight, modular reconnaissance utilities in modern security operations and red team engagements

Harmeling, S., et al. (2023). Active Directory Security: Threats, Assessment, and Remediation Strategies. Journal of Cybersecurity Research, Springer, Volume 18, 234–250.

Metcalf, S., & Castle, M. (2024). Attacking Active Directory: A Guide to Red Team Techniques and Detection Evasion. Offensive Security Publications, Volume 12, 45–87.

Chen, Y., et al. (2025). Automated Vulnerability Discovery in Enterprise Directory Services. IEEE Transactions on Information Forensics and Security, Volume 20, 1456–1472.

Manzano, M., & Rueda, S. (2024). LDAP Enumeration and Exploitation Techniques for Enterprise Security Assessment. International Journal of Network Security, Volume 26(3), 512–528.

Dunn, B., et al. (2025). Certificate Service Misconfigurations and ESC Vulnerabilities in Windows Environments. Security and Privacy Review, Elsevier, Volume 14, 103245.

Wagner, J., & Kumar, R. (2024). Multi-Protocol Authentication Attacks: Pass-the-Hash, AS-REP Roasting, and Credential Enumeration. Journal of Information Security and Applications, 55, 102891.

O'Neill, P., et al. (2023). Automated Reconnaissance and Risk Scoring for Active Directory Environments. Computers & Security, Elsevier, Volume 132, 103389.

Mitnick, K., & Simon, W. L. (2024). The Art of Intrusion: Real Stories of Attacks by World's Most Wanted Hacker. Active Directory Exploitation Techniques, 3rd Edition, Updated.

Sachs, M., & Doolittle, B. (2025). Detecting and Preventing Lateral Movement in Active Directory Infrastructure. IEEE Security & Privacy Magazine, Volume 23(2), 34–46.

Hess, C., et al. (2024). Impacket Framework and SMB Protocol Analysis for Enterprise Security Assessment. BlackHat USA Proceedings, 156–178.