Finding Weak Passwords in AD

This page summarizes the projects mentioned and recommended in the original post on /r/Netwrix
security-audit Penetration Testing active-directory nuget-packages ntds

WorkOS
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • SecLists

    SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

    • Now the attacker knows that in this environment, they have 9 guesses at each user’s password without triggering a lockout. They can also see that the minimum password length is 5 characters and password complexity is enabled; this information can be used to craft a custom dictionary of candidate passwords without wasting guesses on passwords that would have been rejected by the policy. (Alternatively, they can use one of multiple password lists created using password dumps from data breaches, which are also readily available on GitHub.)

  • DSInternals

    Directory Services Internals (DSInternals) PowerShell Module and Framework

    • To find out, you can use the DSInternals command Test-PasswordQuality. It will extract the password hashes for all your user accounts and compare them against the password hashes for a dictionary of weak passwords.

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts