ldapdomaindump

0.10.0 · active · verified Sun Apr 12

ldapdomaindump is a Python tool designed for Active Directory information dumping via LDAP. It collects and parses information from an Active Directory domain, outputting it in human-readable HTML, as well as machine-readable JSON and greppable formats. The current version is 0.10.0. Release cadence appears sporadic but the project is actively maintained.

Warnings

gotcha For large Active Directory networks, dumping all default attributes can consume significant memory. Use the `--minimal` switch to reduce memory usage by querying only essential attributes.
Fix: Run `ldapdomaindump` with the `--minimal` flag: `ldapdomaindump --minimal -u user -p pass hostname`.
breaking Older versions (prior to v0.9.0) might have had limited Python 2 compatibility, but current versions (>=0.9.0, and specifically >=0.10.0) officially require Python 3.6 or greater. Running on Python 2 will result in errors.
Fix: Ensure you are running `ldapdomaindump` with Python 3.6+.
gotcha ldapdomaindump requires valid LDAP bind credentials (username and password or NTLM hash) to perform queries. Anonymous binds typically yield very limited information. The username usually needs to be in `DOMAIN\username` format.
Fix: Provide valid domain credentials with appropriate permissions using the `-u` and `-p` flags. Ensure username format is correct (e.g., `DOMAIN\user`).
breaking The `pyproject.toml` explicitly excludes `ldap3` versions `2.5.0`, `2.5.2`, and `2.6`. Using these specific `ldap3` versions may lead to unexpected errors or silent failures.
Fix: Ensure `ldap3` is not one of the explicitly excluded versions. `pip install --upgrade ldap3` will generally install a compatible version, or `pip install 'ldap3>=2.5,!=2.5.0,!=2.5.2,!=2.6'`.
gotcha The `ldd2bloodhound` utility, used for converting `ldapdomaindump` output to BloodHound compatible CSVs, is noted to only work reliably with BloodHound versions 4.0 and below. Newer BloodHound versions may require workarounds or fail to import correctly.
Fix: If using `ldd2bloodhound`, ensure your BloodHound version is 4.0 or below. A workaround might involve importing with an older BloodHound version and then opening with a newer one. Verify compatibility before critical use.
gotcha Historical issues have been reported where `ldapdomaindump` could fail silently due to uncaught exceptions, leading to incomplete or non-existent dumps without clear error messages. While some issues may have been resolved, it's prudent to always verify the output.
Fix: Always check the output directory for generated files and review the console for any warnings or errors after execution. If no files are generated or output is unexpectedly sparse, investigate connection or permission issues.

Install

pip install ldapdomaindump Install via pip

Imports

ldapdomaindump
```
ldapdomaindump -u 'DOMAIN\username' -p 'password' hostname
```
ldapdomaindump is primarily a command-line tool. Its core functionality is executed via the `ldapdomaindump` script installed to the PATH. Programmatic use would involve calling `ldapdomaindump.main`.
ldd2bloodhound
```
ldd2bloodhound -i <ldapdomaindump_output_dir> -o <bloodhound_output_dir>
```
Utility to convert ldapdomaindump JSON output to BloodHound CSV format. Executed via a command-line script.
ldd2pretty
```
ldd2pretty -d <ldapdomaindump_output_dir>
```
Utility to convert ldapdomaindump JSON output to a more readable enum4linux-like output. Executed via a command-line script.

Quickstart

This quickstart demonstrates how to run `ldapdomaindump` from Python as a command-line tool to dump Active Directory information. It uses environment variables for sensitive credentials and specifies an output directory. The primary output files will be in HTML, JSON, and greppable formats.

import os
import subprocess

LDAP_HOSTNAME = os.environ.get('LDAP_HOSTNAME', 'your_domain_controller.local')
LDAP_USERNAME = os.environ.get('LDAP_USERNAME', 'domain\\user') # Use double backslash for literal backslash
LDAP_PASSWORD = os.environ.get('LDAP_PASSWORD', 'YourPasswordHere')
OUTPUT_DIR = "./ldap_dump_output"

# Ensure output directory exists
os.makedirs(OUTPUT_DIR, exist_ok=True)

try:
    print(f"[*] Attempting to dump AD information from {LDAP_HOSTNAME}...")
    command = [
        "ldapdomaindump",
        "-u", LDAP_USERNAME,
        "-p", LDAP_PASSWORD,
        "-o", OUTPUT_DIR,
        LDAP_HOSTNAME
    ]
    
    result = subprocess.run(command, capture_output=True, text=True, check=True)
    print("[+] Command output:")
    print(result.stdout)
    if result.stderr:
        print("[!] Command error output:")
        print(result.stderr)
    print(f"[+] Active Directory dump saved to: {OUTPUT_DIR}")
    print("[+] Generated files: domain_users.html, domain_computers.json, etc.")
except subprocess.CalledProcessError as e:
    print(f"[X] Error during ldapdomaindump execution: {e}")
    print(f"[X] Stderr: {e.stderr}")
    print(f"[X] Stdout: {e.stdout}")
except FileNotFoundError:
    print("[X] Error: 'ldapdomaindump' command not found. Ensure the tool is installed and in your PATH.")
except Exception as e:
    print(f"[X] An unexpected error occurred: {e}")

view raw JSON →