PingCastle简介
PingCastle 是一款安全审计工具,旨在评估 Active Directory (AD) 环境的安全状况。它提供对 AD 配置的自动化全面审计,突出显示潜在的安全风险和漏洞。PingCastle 会生成详细的报告,帮助管理员和安全专业人员识别漏洞,并提升 AD 基础架构的整体安全性。
基本命令
PingCastle.exe --healthcheck
#对 Active Directory 域执行健康检查
PingCastle.exe --healthcheck --server mydc.example.com
#对特定域控制器执行健康检查
PingCastle.exe --healthcheck --server mydc.example.com --outputdir C:\Reports
#执行健康检查并将报告保存到目录中
PingCastle.exe --healthcheck --timeout 120
#执行具有指定超时(以秒为单位)的健康检查
报告生成
PingCastle.exe --healthcheck --outputdir C:\Reports --format HTML
#生成 HTML 格式的报告
PingCastle.exe --healthcheck --outputdir C:\Reports --format XLS
#以 Excel 格式生成报告
PingCastle.exe --healthcheck --outputdir C:\Reports --format PDF
#生成 PDF 格式的报告
高级命令
PingCastle.exe --risklevel
#Assess the risk level of the Active Directory environment
PingCastle.exe --risklevel --outputdir C:\Reports
#Assess the risk level and save the report
PingCastle.exe --consoledomainreport
#Generate a domain-wide console report
PingCastle.exe --consoledomainreport --outputdir C:\Reports
#Generate a domain-wide console report and save it
PingCastle.exe --listgpo
#List all Group Policy Objects
PingCastle.exe --listgpo --outputdir C:\Reports
#List all GPOs and save the report
PingCastle.exe --explore
#Explore the domain interactively
PingCastle.exe --explore --server mydc.example.com
#Explore a specific domain controller interactively
特定测试
PingCastle.exe --checkms14-068 #Check for vulnerability MS14-068
PingCastle.exe --checkms14-068 --outputdir C:\Reports #Check for MS14-068 and save the report
PingCastle.exe --checksysvol #Check SYSVOL permissions
PingCastle.exe --checksysvol --outputdir C:\Reports #Check SYSVOL permissions and save the report
PingCastle.exe --checkdns #Check DNS configurations and vulnerabilities
PingCastle.exe --checkdns --outputdir C:\Reports #Check DNS configurations and save the report
常用命令
执行基本健康检查并保存报告
PingCastle.exe --healthcheck --outputdir C:\Reports
对特定域控制器执行健康检查
PingCastle.exe --healthcheck --server mydc.example.com --outputdir C:\Reports
生成全域风险级别报告
PingCastle.exe --risklevel --outputdir C:\Reports
列出所有组策略对象并保存报告
PingCastle.exe --listgpo --outputdir C:\Reports
检查 MS14-068 漏洞并保存报告
PingCastle.exe --checkms14-068 --outputdir C:\Reports
检查 DNS 配置并保存报告
PingCastle.exe --checkdns --outputdir C:\Reports
PingCastle 交互模式
启动交互模式
PingCastle.exe --explore #Start PingCastle in interactive mode
基本导航命令
? or help #Display help information for commands
q or quit #Exit the interactive mode
exit #Exit the interactive mode
交互式扫描仪选项
nullsessions #Check for null session vulnerabilities
nullsessions /outputdir C:\Reports #Check for null session vulnerabilities and save the report
smbsigning #Check for SMB signing requirements
smbsigning /outputdir C:\Reports #Check for SMB signing requirements and save the report
ldapsigning #Check for LDAP signing requirements
ldapsigning /outputdir C:\Reports #Check for LDAP signing requirements and save the report
ldapschannelbinding #Check for LDAPS channel binding requirements
ldapschannelbinding /outputdir C:\Reports #Check for LDAPS channel binding requirements and save the report
checkadmincount #Check for users with adminCount=1 attribute
checkadmincount /outputdir C:\Reports #Check for users with adminCount=1 attribute and save the report
printspooler #Check if the Print Spooler service is enabled
printspooler /outputdir C:\Reports #Check Print Spooler service and save the report
zerologon #Check for the Zerologon vulnerability
zerologon /outputdir C:\Reports #Check for Zerologon vulnerability and save the report
passwordnotrequired #Check for accounts with the "Password Not Required" flag
passwordnotrequired /outputdir C:\Reports #Check for accounts with the "Password Not Required" flag and save the report
delegation #Check for accounts with delegation rights
delegation /outputdir C:\Reports #Check for accounts with delegation rights and save the report
健康检查命令
healthcheck #Perform a health check on the default domain
healthcheck server #Perform a health check on a specific domain controller (replace 'server' with the domain controller name)
healthcheck server /outputdir C:\Reports #Perform a health check and save the report to a specified directory
风险等级评估
risklevel #Assess the risk level of the default domain
risklevel server #Assess the risk level of a specific domain controller (replace 'server' with the domain controller name)
risklevel server /outputdir C:\Reports #Assess the risk level and save the report to a specified directory
组策略对象 (GPO) 命令
listgpo #List all Group Policy Objects (GPOs)
listgpo /outputdir C:\Reports #List all GPOs and save the report to a specified directory
特定检查和报告
checkms14-068 #Check for vulnerability MS14-068
checkms14-068 /outputdir C:\Reports #Check for MS14-068 and save the report to a specified directory
checksysvol #Check SYSVOL permissions
checksysvol /outputdir C:\Reports #Check SYSVOL permissions and save the report to a specified directory
checkdns #Check DNS configurations and vulnerabilities
checkdns /outputdir C:\Reports #Check DNS configurations and save the report to a specified directory
数据探索命令
explore #Start interactive exploration
explore server #Explore a specific domain controller interactively (replace 'server' with the domain controller name)
报告生成命令
healthcheck /outputdir C:\Reports #Perform a health check and generate a report in the specified directory
risklevel /outputdir C:\Reports #Generate a risk level report and save it in the specified directory
listgpo /outputdir C:\Reports #Generate a GPO list report and save it in the specified directory
