Skip to content
/ ShadowCrl_AD Public

ShadowCrl_AD is a custom offensive security tool written in C# (.NET) designed to perform stealthy enumeration of Active Directory (AD) environments.

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ItsCurulo/ShadowCrl_AD

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
.github/workflows
.github/workflows
 
 
img
img
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Readme.md
Readme.md
 
 
ShadowCrl_AD.cs
ShadowCrl_AD.cs
 
 
ShadowCrl_AD.csproj
ShadowCrl_AD.csproj
 
 

Repository files navigation

ShadowCrl_AD 💀

Stealthy Active Directory Enumeration & Reconnaissance Tool

ShadowCrl_AD Menu

📋 Description

ShadowCrl_AD is a custom offensive security tool written in C# (.NET) designed to perform stealthy enumeration of Active Directory (AD) environments.

Unlike standard tools that rely on external binaries or heavy PowerShell scripts, ShadowCrl_AD uses native LDAP (Lightweight Directory Access Protocol) queries via System.DirectoryServices. This makes it lightweight, portable, and suitable for environments with restricted execution policies.

Current Version: v1.0 (Universal) - Auto-detects the current domain context or allows manual targeting.

🚀 Features

  • 🕵️ User Enumeration: Identifies all domain users and flags high-value targets (Admins, krbtgt) based on attributes like adminCount and description analysis.
  • 🔐 Group Mapping: Enumerates domain groups and extracts members recursively, highlighting "Domain Admins", "Enterprise Admins", and critical operational groups.
  • 🔥 Kerberoasting Detector: Scans for user accounts with servicePrincipalName (SPN) set, identifying targets vulnerable to Kerberoasting attacks (extracting TGS tickets for offline cracking).
  • 🌍 Universal Context: Automatically binds to the current domain (LDAP://RootDSE) or allows specifying a custom target domain.
  • 🛡️ AMSI/AV Evasion: Runs entirely in memory as a .NET assembly, avoiding typical signature-based detection of known tools like BloodHound or PowerView.

🛠️ Installation & Usage

1. Compilation

You can compile this project using the .NET CLI or Visual Studio.

Method A: .NET CLI

# Clone the repo
git clone https://github.com/ItsCurulo/ShadowCrl_AD.git
cd ShadowCrl_AD

# Build for release
dotnet build -c Release

The binary will be in bin/Release/net5.0/ShadowCrl_AD.exe.

Method B: Visual Studio

  • Open ShadowCrl_AD.csproj.
  • Build Solution (Release Mode).

2. Usage

Run the executable from any domain-joined machine. No administrative privileges are required for standard enumeration.

.\ShadowCrl_AD.exe

Follow the on-screen menu to select your enumeration module.

📸 Screenshots

User Enumeration (Admin Detection)

Identifies Potential Admins in red.

User Enumeration

Group Enumeration & Member Extraction

Maps critical groups and their members.

Group Enumeration

Kerberoasting Vulnerability Scan

Finds SPN accounts vulnerable to offline cracking.

Kerberoasting

Set Target Domain

Allows manual targeting of a specific domain.

Set Target

⚠️ Disclaimer

This tool is developed for educational and ethical testing purposes only. Usage of ShadowCrl_AD for attacking targets without prior mutual consent is illegal. The developer (@ItsCurulo) assumes no liability and is not responsible for any misuse or damage caused by this program.

Developed by @ItsCurulo

About

ShadowCrl_AD is a custom offensive security tool written in C# (.NET) designed to perform stealthy enumeration of Active Directory (AD) environments.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages