This project provides tools for auditing and visualizing Active Directory control paths, enabling users to answer critical security questions like privilege escalation or resource access. It's designed for security professionals and system administrators who need to understand complex AD relationships and potential attack vectors.

How It Works

The tool operates by dumping AD data (LDAP, SYSVOL, Exchange permissions) into CSV files. These files are then processed to identify "control relations" between AD objects. The core innovation lies in importing these relations into a Neo4j graph database, allowing for efficient querying and visualization of complex access paths. This graph-based approach facilitates deep analysis of privilege inheritance and delegation.

Quick Start & Requirements

• Dump Step: Requires Windows (7+) and Zulu JDK 8. Download the latest binary release from GitHub Releases.
• Import/Query/Visualize: Supports Windows and Linux, requires Java and Neo4j 3.4.1.
• Exchange Permissions: Requires installing EWS Managed API.
• Setup: The dump step runs on Windows only. The import and querying can be done on any machine supporting Java and Neo4j.
• Documentation: BUILDING.md (for building from source), SSTIC-2014 presentation slides and paper.

Highlighted Details

• Handles very large Active Directories (1M+ objects, 150M+ ACEs) with low RAM usage (<1GB).
• Supports offline analysis using ntds.dit and SYSVOL copies.
• Includes control paths for Kerberos delegation, SCCM, RoDC, LAPS, and Exchange permissions.
• Utilizes OVALI for graph visualization.

Maintenance & Community

• Developed by ANSSI (French National Cybersecurity Agency).
• Initial development dates back to 2014-2018.
• No explicit links to community channels (Discord/Slack) or active roadmap are provided in the README.

Licensing & Compatibility

• The README does not explicitly state a license. However, the project is hosted on GitHub under the ANSSI-FR organization, implying a potential government-developed software license. Further clarification on licensing is recommended for commercial use.

Limitations & Caveats

• The dump step is Windows-only.
• UNC path hardening on Windows 10+ may block Sysvol access, requiring configuration changes.
• Neo4j version dependency (3.4.1) might be outdated.