Skip to content

Create scan-for-vulns-and-infos.md for LDAP #49

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Create scan-for-vulns-and-infos.md for LDAP #49

wants to merge 3 commits into from
+76 −0

Conversation

termanix
Copy link
Contributor

On the LDAP side, having the modules for Scan and Check together provides a more organized and tidy view. There is no congestion in the list on the left.

If it's okay @NeffIsBack I will remove some get-user-descriptions.md, get-network.md etc.

They will all be gathered in one place, Like scan-for-vulnerabilities.md in SMB.

@NeffIsBack
Copy link
Member

Hi,
not sure about this one. These are all not "vulnerabilities", but rather missconfigurations. Also most of them are already documented, e.g. maq or extract subnets.
We should probably just group them similar to the SMB section into enumeration/obtaining credentials and other categories that fit well

@Marshall-Hallenbeck
Copy link
Contributor

Hi, not sure about this one. These are all not "vulnerabilities", but rather missconfigurations. Also most of them are already documented, e.g. maq or extract subnets. We should probably just group them similar to the SMB section into enumeration/obtaining credentials and other categories that fit well

Misconfigurations are vulnerabilities, but I agree that if they're already documented, maybe we should just have a "top level" page that links to each module with a quick snippet about what it does? Similar to if you do -L to list modules, it'll make it easier to find what you're looking for.

We could also have a "low hanging fruit" or "common issues" to outline some easy wins people can run right away, which is what this PR seems to be trying to do.

@NeffIsBack
Copy link
Member

Hi, not sure about this one. These are all not "vulnerabilities", but rather missconfigurations. Also most of them are already documented, e.g. maq or extract subnets. We should probably just group them similar to the SMB section into enumeration/obtaining credentials and other categories that fit well

Misconfigurations are vulnerabilities,

Well, that depends on how you define a "vulnerability". A missconfiguration for me is when you e.g. assign dcsync privs to a low priv user. A vulnerability is when you find Zerologon or EternalBlue on a vulnerable host.

but I agree that if they're already documented, maybe we should just have a "top level" page that links to each module with a quick snippet about what it does? Similar to if you do -L to list modules, it'll make it easier to find what you're looking for.

Yeah that what i meant with "grouping by the categories Enumeration and Obtaining Credentials just like we have it in the SMB protocol. That way we have a similar structure for both protocols.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@termanix @NeffIsBack @Marshall-Hallenbeck