parse_ntds.py is a Python script designed to parse an NTDS.dit file and export its content into CSV files. This tool provides a comprehensive way to extract and analyze data from NTDS files.
Before using the script, ensure you have all the necessary dependencies installed. You can install them using pip:
cd scripts/
pip install -r requirements.txtTo display the help message and see all available options, run:
python parse_ntds.py -h-
-h, --help
Show the help message and exit. -
-f NTDS_FILE, --file NTDS_FILE
Required: Path to thentds.ditfile. -
-s SYSTEM_FILE, --system SYSTEM_FILE
Required: Path to theSYSTEMhive file. -
-d DOMAIN, --domain DOMAIN
Domain name. -
-o OUTPUT_DIR, --output OUTPUT_DIR
Output directory. Default is the current directory. -
-v, --verbose
Increase output verbosity to DEBUG level. -
--dump-all
Dump all data except ACL (default). -
--dump-users
Dump user data. -
--dump-groups
Dump group data. -
--dump-trusts
Dump trust data. -
--dump-domains
Dump domain data. -
--dump-ou
Dump OU/container data. -
--dump-acl
Dump ACL data (required -d option).
To parse an NTDS.dit file and export all data to CSV files in the current directory with verbose output:
python parse_ntds.py -f /path/to/ntds.dit -s /path/to/SYSTEM -v --dump-allTo dump only user and group data:
python parse_ntds.py -f /path/to/ntds.dit -s /path/to/SYSTEM --dump-users --dump-groupsTo dump all with ACL:
python parse_ntds.py -f /path/to/ntds.dit -s /path/to/SYSTEM --dump-acl -d <domain_name>This script was presented at the Troopers conference 2024. For more information about the conference, visit Troopers 2024.
Feel free to contribute to this project by submitting issues or pull requests. Your feedback and contributions are highly appreciated.