feat: improve ADCS and share enumeration logic and enhance certipy parser deduplication#278
Merged
Merged
Conversation
**Added:** - Introduced `host_domain_from_fqdn` helper to extract AD domain from host FQDNs - Added unit tests for `host_domain_from_fqdn` covering normal, subdomain, and edge cases **Changed:** - Refined credential selection logic to prefer credentials matching each host's AD domain, falling back to a global credential if no match is found - Built a per-domain credential index, skipping delegation and quarantined accounts to avoid unnecessary authentication attempts - Updated share enumeration to pair each host IP with the best available credential based on domain matching - Improved documentation for credential selection and enumeration process in `auto_share_enumeration`
… templates **Added:** - Implemented `slugify_template` function to normalize certificate template names for vuln_id uniqueness - Added tests to ensure vuln_id includes template name and to verify slugification logic **Changed:** - Updated vuln_id generation in `parse_certipy_find` to append slugified template name when present, preventing different vulnerable templates of the same ESC type on the same CA from collapsing into one dedup entry
…share is missing **Added:** - Added host_has_ldap function to detect LDAP services on hosts - Enabled ADCS enumeration for LDAP-open hosts without CertEnroll share in collect_adcs_work - Added unit tests to validate LDAP-fallback logic and prevent duplicate work items **Changed:** - Refactored collect_adcs_work to use LDAP service detection and avoid duplicate work items for hosts with both CertEnroll share and LDAP - Updated filtering and deduplication logic to generalize over both CertEnroll and LDAP-fallback host candidates - Improved test coverage to ensure correct handling of various host service scenarios
l50
changed the title
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## feat/more-attack-cov #278 +/- ##
========================================================
+ Coverage 76.07% 76.09% +0.02%
========================================================
Files 432 432
Lines 111949 112106 +157
========================================================
+ Hits 85169 85311 +142
- Misses 26780 26795 +15
🚀 New features to boost your workflow:
|
**Changed:** - Remove unnecessary into_iter() calls when chaining vectors in check_domain_arg to streamline domain collection logic in domain_validator.rs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Key Changes:
Added:
slugify_templatefunction in the certipy parser to normalize template names for vuln_id generationChanged:
Removed: