pywerview v0.3.3

Features

• get-objectacl: can be used to list ACL on a domain object
• get-netpso: lists Password Settings Objects (fine-grained password policies)

Modifications

• ADObject was simplified, both in its management by the code and its pretty-printing.
• Usage of formatters combined with ldap3 to better manage custom types in LDAP attributes.

pywerview v0.3.2

Bug fix

• TLS fallback is properly handled
• StringsIO changed to BytesIO in GPO parsing functions

Modifications

• Requirements were simplified: only impacket, bs4, and lxml are needed

pywerview v0.3.1

Bug fix

• Calls to close() were changed to unbind() (due to the change of LDAP library)
• Better handling of timestamp attributes for 32 bit systems
• Fixed get-netgroup when group names have parenthesis (this will have to be done for other functions, and maybe at another place of the code)
• Fixed get-netfileserver when file server attributes are absent

pywerview v0.3.0

Rewriting

• LDAP interrogation is now done with the ldap3 library instead of impacket, since ldap3 is a "perfect" implementation of LDAP RFCs.

Features

• 🎉 Python 3 support 🎉, thanks a lot for @mpgn and @ThePirateWhoSmellsOfSunflowers for their work on this!
• Custom --attributes for certain get-* functions, thanks to @99red!

Bug fix

• get-netsite is functioning again.

pywerview v0.2.0

Bug fix

• User hunting:
  • The hunting function now recurses on the target group, in order to get
    every target user
  • The hunting function throws an exception if no target computers are found
    to hunt against
  • There's a fix on the foreign user hunting
• We now try to pretty-print AD objects (encoding of binary attributes, better
  printing of lists, truncation of too long attributs, etc.). This is still
  an ongoing work.
• We separate the creation of WMI connections and RPC connections (you can
  create an RPC connection with an unprivileged user, but not a WMI connection)
• We try to manage RPC objects' attributes' encoding in a better way (see #21)
• get-netgroup now recursively lists every group the queried user is member of

Features

• get-netprocess: interrogates a computer to get a list of running processes
  (necessitates admin privileges)
• invoke-processhunter: searches machines for specific running processes
• get-userevent: interrogates a computer to get a list of user events (logon,
  Kerberos TGT) (necessitates admin privileges). NB: very slow for now, since
  we can only query events one by one using WMI.
• invoke-eventhunter: searches machines for specific user events
• get-gpttmpl: parses a GptTmpl.inf policy file
• get-domainpolicy: get the default domain or DC policy
• get-netgpogroup: finds every GPO in the domain that set Restricted Groups
  or Groups.xml
• find-gpocomputeradmin: finds every GPO-defined admins on a particular
  machine or OU
• find-gpolocation: finds every machines a user has administrative access to
  via GPO

pywerview v0.1.1

Bug fix

• Fixed get-netgroupmember when used with wildcards
• Removed some legacy code which caused import problems
• Fixed the use case where workgroup is empty
• Fixed PTH authentication

Features

• You can now just pass the NTLM hash to --hashes. The LM hash will be automatically set to the empty LM hash

pywerview v0.1.0

Features

• Net* functions:
  • get-adobject, get-netuser
  • get-netgroup, get-netcomputer
  • get-netdomaincontroller, get-netfileserver
  • get-dfsshare, get-netou
  • get-netsite, get-netsubnet
  • get-netgroupmember, get-netsession
  • get-localdisks, get-netdomain
  • get-netshare, get-netloggedon
  • get-netlocalgroup
• GPO function get-netgpo
• Misc function invoke-checklocaladminaccess
• Hunting function invoke-userhunter