adPEAS is a Powershell tool to automate Active Directory enumeration. In fact, adPEAS is like a wrapper for different other cool projects like
As said, adPEAS is a wrapper for other tools. They are almost all written in pure Powershell but some of them are included as compressed binary blob or C# code.
adPEAS-Light is a version without Bloodhound and vulnerability checks and it is more likely that it will not blocked by an AV solution.
adPEAS can be run simply by starting the script via ‘invoke-adPEAS’ if it is started on a domain joined computer. If the system you are running adPEAS from is not domain joined or you want to enumerate another domain, use a certain domain controller to connect to, use different credentials or just to enumerate for credential exposure only, you can do it by using defined parameters.
adPEAS consists of the following enumeration modules:
.zip file from Github.com.
Import-Module .\adPEAS.ps1 Invoke-adPEAS -Domain 'contoso.com' | Out-File output.txt
Check the Github repo.
PS > Invoke-adPEAS -Domain 'contoso.com' | Out-File output.txt adPEAS version 0.7.9 Checking Domain - Details for Domain 'offsec.nl': Domain Name : offsec.nl Domain SID : S-1-5-21-3509477529-2169914037-1395257886 Domain Functional Level : Windows 2016 Forest Name : offsec.nl Forest Children : No Subdomain[s] available Domain Controller : SRV2019.offsec.nl SRV2022.offsec.nl Checking Password Policy - Details for Domain 'offsec.nl': Minimum Password Age : 1 days Maximum Password Age : 42 days Minimum Password Length : 7 character Password Complexity : Enabled Lockout Account : Disabled Reversible Encryption : Disabled Checking Kerberos Policy - Details for Domain 'offsec.nl': Maximum Age of TGT : 10 hours Maximum Age of TGS : 600 minutes Maximum Clock Time Difference : 5 minutes Krbtgt Password Last Set : 2/5/2022 9:36:56 AM Checking Domain Controller - Details for Domain 'offsec.nl': DC Host Name : SRV2019.offsec.nl DC IP Address : 10.20.30.10 Site Name : Default-First-Site-Name Domain : offsec.nl [...]