-
Notifications
You must be signed in to change notification settings - Fork 118
Net functions (CLI mode)
the-useless-one edited this page Aug 24, 2016
·
2 revisions
usage: pywerview.py get-adobject [-h] [-w DOMAIN] -u USER [-p PASSWORD]
[--hashes LMHASH:NTHASH] -t DOMAIN_CONTROLLER
[--sid QUERIED_SID]
[--sam-account-name QUERIED_SAM_ACCOUNT_NAME]
[--name QUERIED_NAME] [-d QUERIED_DOMAIN]
[-a ADS_PATH]
optional arguments:
-h, --help show this help message and exit
-w DOMAIN, --workgroup DOMAIN
Name of the domain we authenticate with
-u USER, --user USER Username used to connect to the Domain Controller
-p PASSWORD, --password PASSWORD
Password associated to the username
--hashes LMHASH:NTHASH
NTLM hashes, format is LMHASH:NTHASH
-t DOMAIN_CONTROLLER, --dc-ip DOMAIN_CONTROLLER
IP address of the Domain Controller to target
--sid QUERIED_SID SID to query (wildcards accepted)
--sam-account-name QUERIED_SAM_ACCOUNT_NAME
samAccountName to query (wildcards accepted)
--name QUERIED_NAME Name to query (wildcards accepted)
-d QUERIED_DOMAIN, --domain QUERIED_DOMAIN
Domain to query
-a ADS_PATH, --ads-path ADS_PATH
Additional ADS path
usage: pywerview.py get-netuser [-h] [-w DOMAIN] -u USER [-p PASSWORD]
[--hashes LMHASH:NTHASH] -t DOMAIN_CONTROLLER
[--username QUERIED_USERNAME]
[-d QUERIED_DOMAIN] [-a ADS_PATH]
[--unconstrained] [--admin-count]
[--allow-delegation] [--spn]
optional arguments:
-h, --help show this help message and exit
-w DOMAIN, --workgroup DOMAIN
Name of the domain we authenticate with
-u USER, --user USER Username used to connect to the Domain Controller
-p PASSWORD, --password PASSWORD
Password associated to the username
--hashes LMHASH:NTHASH
NTLM hashes, format is LMHASH:NTHASH
-t DOMAIN_CONTROLLER, --dc-ip DOMAIN_CONTROLLER
IP address of the Domain Controller to target
--username QUERIED_USERNAME
Username to query (wildcards accepted)
-d QUERIED_DOMAIN, --domain QUERIED_DOMAIN
Domain to query
-a ADS_PATH, --ads-path ADS_PATH
Additional ADS path
--unconstrained Query only users with unconstrained delegation
--admin-count Query only users with adminCount=1
--allow-delegation Return user accounts that are not marked as 'sensitive
and not allowed for delegation'
--spn Query only users with not-null Service Principal Names
usage: pywerview.py get-netgroup [-h] [-w DOMAIN] -u USER [-p PASSWORD]
[--hashes LMHASH:NTHASH] -t DOMAIN_CONTROLLER
[--groupname QUERIED_GROUPNAME]
[--sid QUERIED_SID]
[--username QUERIED_USERNAME]
[-d QUERIED_DOMAIN] [-a ADS_PATH]
[--full-data] [--admin-count]
optional arguments:
-h, --help show this help message and exit
-w DOMAIN, --workgroup DOMAIN
Name of the domain we authenticate with
-u USER, --user USER Username used to connect to the Domain Controller
-p PASSWORD, --password PASSWORD
Password associated to the username
--hashes LMHASH:NTHASH
NTLM hashes, format is LMHASH:NTHASH
-t DOMAIN_CONTROLLER, --dc-ip DOMAIN_CONTROLLER
IP address of the Domain Controller to target
--groupname QUERIED_GROUPNAME
Group to query (wildcards accepted)
--sid QUERIED_SID Group SID to query
--username QUERIED_USERNAME
Username to query: will list the groups this user is a
member of (wildcards accepted)
-d QUERIED_DOMAIN, --domain QUERIED_DOMAIN
Domain to query
-a ADS_PATH, --ads-path ADS_PATH
Additional ADS path
--full-data If set, returns full information on the groups,
otherwise, just the samAccountName
--admin-count Query only users with adminCount=1
usage: pywerview.py get-netcomputer [-h] [-w DOMAIN] -u USER [-p PASSWORD]
[--hashes LMHASH:NTHASH] -t
DOMAIN_CONTROLLER
[--computername QUERIED_COMPUTERNAME]
[-os QUERIED_OS] [-sp QUERIED_SP]
[-spn QUERIED_SPN] [-d QUERIED_DOMAIN]
[-a ADS_PATH] [--printers]
[--unconstrained] [--ping] [--full-data]
optional arguments:
-h, --help show this help message and exit
-w DOMAIN, --workgroup DOMAIN
Name of the domain we authenticate with
-u USER, --user USER Username used to connect to the Domain Controller
-p PASSWORD, --password PASSWORD
Password associated to the username
--hashes LMHASH:NTHASH
NTLM hashes, format is LMHASH:NTHASH
-t DOMAIN_CONTROLLER, --dc-ip DOMAIN_CONTROLLER
IP address of the Domain Controller to target
--computername QUERIED_COMPUTERNAME
Computer name to query
-os QUERIED_OS, --operating-system QUERIED_OS
Return computers with a specific operating system
(wildcards accepted)
-sp QUERIED_SP, --service-pack QUERIED_SP
Return computers with a specific service pack
(wildcards accepted)
-spn QUERIED_SPN, --service-principal-name QUERIED_SPN
Return computers with a specific service principal
name (wildcards accepted)
-d QUERIED_DOMAIN, --domain QUERIED_DOMAIN
Domain to query
-a ADS_PATH, --ads-path ADS_PATH
Additional ADS path
--printers Query only printers
--unconstrained Query only computers with unconstrained delegation
--ping Ping computers (will only return up computers)
--full-data If set, returns full information on the groups,
otherwise, just the dnsHostName
usage: pywerview.py get-netdomaincontroller [-h] [-w DOMAIN] -u USER
[-p PASSWORD]
[--hashes LMHASH:NTHASH] -t
DOMAIN_CONTROLLER
[-d QUERIED_DOMAIN]
optional arguments:
-h, --help show this help message and exit
-w DOMAIN, --workgroup DOMAIN
Name of the domain we authenticate with
-u USER, --user USER Username used to connect to the Domain Controller
-p PASSWORD, --password PASSWORD
Password associated to the username
--hashes LMHASH:NTHASH
NTLM hashes, format is LMHASH:NTHASH
-t DOMAIN_CONTROLLER, --dc-ip DOMAIN_CONTROLLER
IP address of the Domain Controller to target
-d QUERIED_DOMAIN, --domain QUERIED_DOMAIN
Domain to query
usage: pywerview.py get-netfileserver [-h] [-w DOMAIN] -u USER [-p PASSWORD]
[--hashes LMHASH:NTHASH] -t
DOMAIN_CONTROLLER
[--target-users TARGET_USER [TARGET_USER ...]]
[-d QUERIED_DOMAIN]
optional arguments:
-h, --help show this help message and exit
-w DOMAIN, --workgroup DOMAIN
Name of the domain we authenticate with
-u USER, --user USER Username used to connect to the Domain Controller
-p PASSWORD, --password PASSWORD
Password associated to the username
--hashes LMHASH:NTHASH
NTLM hashes, format is LMHASH:NTHASH
-t DOMAIN_CONTROLLER, --dc-ip DOMAIN_CONTROLLER
IP address of the Domain Controller to target
--target-users TARGET_USER [TARGET_USER ...]
A list of users to target to find file servers
(wildcards accepted)
-d QUERIED_DOMAIN, --domain QUERIED_DOMAIN
Domain to query
usage: pywerview.py get-dfsshare [-h] [-w DOMAIN] -u USER [-p PASSWORD]
[--hashes LMHASH:NTHASH] -t DOMAIN_CONTROLLER
[-d QUERIED_DOMAIN]
[-v {v1,v2} [{v1,v2} ...]] [-a ADS_PATH]
optional arguments:
-h, --help show this help message and exit
-w DOMAIN, --workgroup DOMAIN
Name of the domain we authenticate with
-u USER, --user USER Username used to connect to the Domain Controller
-p PASSWORD, --password PASSWORD
Password associated to the username
--hashes LMHASH:NTHASH
NTLM hashes, format is LMHASH:NTHASH
-t DOMAIN_CONTROLLER, --dc-ip DOMAIN_CONTROLLER
IP address of the Domain Controller to target
-d QUERIED_DOMAIN, --domain QUERIED_DOMAIN
Domain to query
-v {v1,v2} [{v1,v2} ...], --version {v1,v2} [{v1,v2} ...]
The version of DFS to query for servers: v1, v2 or all
(default: all)
-a ADS_PATH, --ads-path ADS_PATH
Additional ADS path
usage: pywerview.py get-netou [-h] [-w DOMAIN] -u USER [-p PASSWORD]
[--hashes LMHASH:NTHASH] -t DOMAIN_CONTROLLER
[--ouname QUERIED_OUNAME] [--guid QUERIED_GUID]
[-d QUERIED_DOMAIN] [-a ADS_PATH] [--full-data]
optional arguments:
-h, --help show this help message and exit
-w DOMAIN, --workgroup DOMAIN
Name of the domain we authenticate with
-u USER, --user USER Username used to connect to the Domain Controller
-p PASSWORD, --password PASSWORD
Password associated to the username
--hashes LMHASH:NTHASH
NTLM hashes, format is LMHASH:NTHASH
-t DOMAIN_CONTROLLER, --dc-ip DOMAIN_CONTROLLER
IP address of the Domain Controller to target
--ouname QUERIED_OUNAME
OU name to query (wildcards accepted)
--guid QUERIED_GUID Only return OUs with the specified GUID in their
gplink property.
-d QUERIED_DOMAIN, --domain QUERIED_DOMAIN
Domain to query
-a ADS_PATH, --ads-path ADS_PATH
Additional ADS path
--full-data If set, returns full information on the OUs,
otherwise, just the adspath
usage: pywerview.py get-netsite [-h] [-w DOMAIN] -u USER [-p PASSWORD]
[--hashes LMHASH:NTHASH] -t DOMAIN_CONTROLLER
[--sitename QUERIED_SITENAME]
[--guid QUERIED_GUID] [-d QUERIED_DOMAIN]
[-a ADS_PATH] [--full-data]
optional arguments:
-h, --help show this help message and exit
-w DOMAIN, --workgroup DOMAIN
Name of the domain we authenticate with
-u USER, --user USER Username used to connect to the Domain Controller
-p PASSWORD, --password PASSWORD
Password associated to the username
--hashes LMHASH:NTHASH
NTLM hashes, format is LMHASH:NTHASH
-t DOMAIN_CONTROLLER, --dc-ip DOMAIN_CONTROLLER
IP address of the Domain Controller to target
--sitename QUERIED_SITENAME
Site name to query (wildcards accepted)
--guid QUERIED_GUID Only return sites with the specified GUID in their
gplink property.
-d QUERIED_DOMAIN, --domain QUERIED_DOMAIN
Domain to query
-a ADS_PATH, --ads-path ADS_PATH
Additional ADS path
--full-data If set, returns full information on the sites,
otherwise, just the name
usage: pywerview.py get-netsubnet [-h] [-w DOMAIN] -u USER [-p PASSWORD]
[--hashes LMHASH:NTHASH] -t
DOMAIN_CONTROLLER
[--sitename QUERIED_SITENAME]
[-d QUERIED_DOMAIN] [-a ADS_PATH]
[--full-data]
optional arguments:
-h, --help show this help message and exit
-w DOMAIN, --workgroup DOMAIN
Name of the domain we authenticate with
-u USER, --user USER Username used to connect to the Domain Controller
-p PASSWORD, --password PASSWORD
Password associated to the username
--hashes LMHASH:NTHASH
NTLM hashes, format is LMHASH:NTHASH
-t DOMAIN_CONTROLLER, --dc-ip DOMAIN_CONTROLLER
IP address of the Domain Controller to target
--sitename QUERIED_SITENAME
Only return subnets for the specified site name
(wildcards accepted)
-d QUERIED_DOMAIN, --domain QUERIED_DOMAIN
Domain to query
-a ADS_PATH, --ads-path ADS_PATH
Additional ADS path
--full-data If set, returns full information on the subnets,
otherwise, just the name
usage: pywerview.py get-netgroupmember [-h] [-w DOMAIN] -u USER [-p PASSWORD]
[--hashes LMHASH:NTHASH] -t
DOMAIN_CONTROLLER
[--groupname QUERIED_GROUPNAME]
[--sid QUERIED_SID] [-d QUERIED_DOMAIN]
[-a ADS_PATH] [-r]
[--use-matching-rule] [--full-data]
optional arguments:
-h, --help show this help message and exit
-w DOMAIN, --workgroup DOMAIN
Name of the domain we authenticate with
-u USER, --user USER Username used to connect to the Domain Controller
-p PASSWORD, --password PASSWORD
Password associated to the username
--hashes LMHASH:NTHASH
NTLM hashes, format is LMHASH:NTHASH
-t DOMAIN_CONTROLLER, --dc-ip DOMAIN_CONTROLLER
IP address of the Domain Controller to target
--groupname QUERIED_GROUPNAME
Group to query, defaults to the 'Domain Admins' group
(wildcards accepted)
--sid QUERIED_SID SID to query
-d QUERIED_DOMAIN, --domain QUERIED_DOMAIN
Domain to query
-a ADS_PATH, --ads-path ADS_PATH
Additional ADS path
-r, --recurse If the group member is a group, try to resolve its
members as well
--use-matching-rule Use LDAP_MATCHING_RULE_IN_CHAIN in the LDAP search
query when -Recurse is specified. Much faster than
manual recursion, but doesn't reveal cross-domain
groups
--full-data If set, returns full information on the members
usage: pywerview.py get-netsession [-h] [-w DOMAIN] -u USER [-p PASSWORD]
[--hashes LMHASH:NTHASH] --computername
TARGET_COMPUTERNAME
optional arguments:
-h, --help show this help message and exit
-w DOMAIN, --workgroup DOMAIN
Name of the domain we authenticate with
-u USER, --user USER Username used to connect to the Domain Controller
-p PASSWORD, --password PASSWORD
Password associated to the username
--hashes LMHASH:NTHASH
NTLM hashes, format is LMHASH:NTHASH
--computername TARGET_COMPUTERNAME
Computer to list sessions on
usage: pywerview.py get-localdisks [-h] [-w DOMAIN] -u USER [-p PASSWORD]
[--hashes LMHASH:NTHASH] --computername
TARGET_COMPUTERNAME
optional arguments:
-h, --help show this help message and exit
-w DOMAIN, --workgroup DOMAIN
Name of the domain we authenticate with
-u USER, --user USER Username used to connect to the Domain Controller
-p PASSWORD, --password PASSWORD
Password associated to the username
--hashes LMHASH:NTHASH
NTLM hashes, format is LMHASH:NTHASH
--computername TARGET_COMPUTERNAME
Computer to list disks on
usage: pywerview.py get-netdomain [-h] [-w DOMAIN] -u USER [-p PASSWORD]
[--hashes LMHASH:NTHASH] -t
DOMAIN_CONTROLLER
optional arguments:
-h, --help show this help message and exit
-w DOMAIN, --workgroup DOMAIN
Name of the domain we authenticate with
-u USER, --user USER Username used to connect to the Domain Controller
-p PASSWORD, --password PASSWORD
Password associated to the username
--hashes LMHASH:NTHASH
NTLM hashes, format is LMHASH:NTHASH
-t DOMAIN_CONTROLLER, --dc-ip DOMAIN_CONTROLLER
IP address of the Domain Controller to target
usage: pywerview.py get-netshare [-h] [-w DOMAIN] -u USER [-p PASSWORD]
[--hashes LMHASH:NTHASH] --computername
TARGET_COMPUTERNAME
optional arguments:
-h, --help show this help message and exit
-w DOMAIN, --workgroup DOMAIN
Name of the domain we authenticate with
-u USER, --user USER Username used to connect to the Domain Controller
-p PASSWORD, --password PASSWORD
Password associated to the username
--hashes LMHASH:NTHASH
NTLM hashes, format is LMHASH:NTHASH
--computername TARGET_COMPUTERNAME
Computer to list shares on
usage: pywerview.py get-netloggedon [-h] [-w DOMAIN] -u USER [-p PASSWORD]
[--hashes LMHASH:NTHASH] --computername
TARGET_COMPUTERNAME
optional arguments:
-h, --help show this help message and exit
-w DOMAIN, --workgroup DOMAIN
Name of the domain we authenticate with
-u USER, --user USER Username used to connect to the Domain Controller
-p PASSWORD, --password PASSWORD
Password associated to the username
--hashes LMHASH:NTHASH
NTLM hashes, format is LMHASH:NTHASH
--computername TARGET_COMPUTERNAME
Computer to list logged on users on
usage: pywerview.py get-netlocalgroup [-h] [-w DOMAIN] -u USER [-p PASSWORD]
[--hashes LMHASH:NTHASH] --computername
TARGET_COMPUTERNAME
[--groupname QUERIED_GROUPNAME]
[--list-groups] [-t DOMAIN_CONTROLLER]
[-r]
optional arguments:
-h, --help show this help message and exit
-w DOMAIN, --workgroup DOMAIN
Name of the domain we authenticate with
-u USER, --user USER Username used to connect to the Domain Controller
-p PASSWORD, --password PASSWORD
Password associated to the username
--hashes LMHASH:NTHASH
NTLM hashes, format is LMHASH:NTHASH
--computername TARGET_COMPUTERNAME
Computer to list the local groups on
--groupname QUERIED_GROUPNAME
Group to list the members of (defaults to the local
'Administrators' group
--list-groups If set, returns a list of the local groups on the
targets
-t DOMAIN_CONTROLLER, --dc-ip DOMAIN_CONTROLLER
IP address of the Domain Controller (used to resolve
domain SIDs)
-r, --recurse If the group member is a domain group, try to resolve
its members as well
PywerView - A Python rewriting of PowerSploit's PowerView
Yannick Méheut [yannick (at) meheut (dot) org] - Copyright © 2023 - License GNU GPLv3