Skip to content

1x0DF0/enumpath

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
README.md
README.md
 
 
enumpath.py
enumpath.py
 
 

Repository files navigation

EnumPath - Windows Domain Enumeration Tool (v3.0)

EnumPath is a fast, modular Windows domain enumeration framework designed for red team operations and authorized penetration testing. It automatically discovers domain information, enumerates users, shares, services, privileges, Kerberos attacks, ADCS vulnerabilities, delegation abuse paths, and more — using the best available tools on your system (CrackMapExec, NetExec, Impacket, Certipy, rpcclient, etc.).

The tool works with or without credentials and adapts to what tools are installed.

Features

  • Automatic tool detection and fallback methods
  • SMB, LDAP, Kerberos, WinRM, RDP, and service enumeration
  • Deep share crawling with high-value file detection (passwords, configs, certs, GPP, etc.)
  • Kerberoasting, AS-REP roasting, delegation abuse (unconstrained, constrained, RBCD)
  • ADCS certificate template enumeration (ESC1–ESC8 detection)
  • Authentication coercion vector testing
  • LAPS password read checks
  • Privilege escalation path discovery (machine quota, GPO abuse, DCSync rights, etc.)
  • BloodHound collection (optional)
  • Comprehensive JSON reporting + executive summary + remediation report
  • Ready-to-use attack command generation

Requirements

  • Python 3.8+
  • Common tools installed (recommended):
    • crackmapexec or netexec
    • impacket suite
    • certipy
    • bloodhound-python (for BloodHound collection)
    • smbmap, smbclient, rpcclient, ldapsearch, nmap
  • Run from a Linux/Kali environment for best results

Installation

No pip package needed — just clone and run:

git clone https://github.com/1x0DF0/EnumPath.git
cd EnumPath
# (Optional) Create a virtual environment
python3 -m venv venv && source venv/bin/activate

Install the most common dependencies (optional, tool will warn if missing):

pip install impacket certipy-ad colorama
# Then install your preferred CME fork:
# pip install crackmapexec or netexec

Basic Usage

# Anonymous enumeration
python3 enumpath.py -t 10.10.10.100

# With credentials
python3 enumpath.py -t 10.10.10.100 -u john -p Password123

# Deep enumeration (slower, more thorough)
python3 enumpath.py -t 10.10.10.100 -u john -p Password123 --deep

# Run only specific modules
python3 enumpath.py -t 10.10.10.100 -u john -p Password123 --modules adcs,kerberos,delegation

# Aggressive mode with auto-exploitation attempts
python3 enumpath.py -t 10.10.10.100 -u john -p Password123 --attack-mode aggressive --auto-exploit

Output

All results are saved to a timestamped folder like enumpath_10.10.10.100_20251127_143022/ containing:

  • report.json – Full structured results
  • executive_summary.json – High-level findings
  • remediation_report.json – Recommended fixes
  • attack_paths.txt – Clear attack vectors found
  • commands/ – Ready-to-run exploit commands
  • loot/ – Hashes, credentials, downloaded files, BloodHound ZIPs, etc.

Disclaimer

This tool is for authorized security testing and educational purposes only.
Scanning or attacking systems without explicit permission is illegal.
The author is not responsible for misuse or damage.

License

MIT License (see LICENSE file when available)

Happy hunting (and stay legal)!

About

a windows smb enumeration tool

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages