Home

Awesome

godap

GitHub Release Go Report Card GitHub Downloads<img alt="Twitter Follow" src="https://img.shields.io/twitter/follow/MacmodSec?style=for-the-badge&logo=X&color=blue">

<h3>A complete TUI for LDAP.</h3>

Demo

Summary

Features

Installation

$ git clone https://github.com/Macmod/godap
$ cd godap
$ go install .

Usage

Bind with username and password

$ godap <hostname or IP> -u <username> -p <password> -d <domain>

or

$ godap <hostname or IP> -u <username>@<domain> -p <password>

Bind with an NTLM hash

$ godap <hostname or IP> -u <username> -H <hash> [-d <domain>]

Bind with a Kerberos ticket

$ KRB5CCNAME=ticket.ccache godap <hostname or IP> -k -d <domain> -t ldap/<DC hostname>

Bind with a Certificate + Private Key

PEM:

$ godap <hostname or IP> --crt <cert.pem> --key <cert.key> -I

PKCS#12:

$ godap <hostname or IP> --pfx <cert.pfx> -I

Note. This method will either pass the certificate directly when connecting with LDAPS (-S), or upgrade the unencrypted LDAP connection implicitly with StartTLS, therefore you must provide -I if you want to use it and your server certificate is not trusted by your client.

Anonymous Bind

$ godap <hostname or IP>

LDAPS/StartTLS

To use LDAPS for the initial connection (ignoring certificate validation) run:

$ godap <hostname or IP> [bind flags] -S -I

To use StartTLS to upgrade an existing connection to use TLS, use the Ctrl + u keybinding inside godap.

Notice that, if the server certificate is not trusted by your client, you must either have started godap with -I to use the upgrade command properly or toggle the IgnoreCert checkbox using the l keybinding before upgrading.

If LDAPS is available, you can also change the port using l, toggle the LDAPS checkbox, set the desired value for IgnoreCert, and reconnect with Ctrl + r.

SOCKS

To connect to LDAP through a SOCKS proxy include the flag -x schema://ip:port, where schema is one of socks4, socks4a or socks5.

You can also change the address of your proxy using the l keybinding.

Flags

Keybindings

KeybindingContextAction
<kbd>Ctrl</kbd> + <kbd>Enter</kbd> (or <kbd>Ctrl</kbd> + <kbd>J</kbd>)GlobalNext panel
<kbd>f</kbd>GlobalToggle attribute formatting
<kbd>e</kbd>GlobalToggle emojis
<kbd>c</kbd>GlobalToggle colors
<kbd>a</kbd>GlobalToggle attribute expansion for multi-value attributes
<kbd>d</kbd>GlobalToggle "include deleted objects" flag
<kbd>l</kbd>GlobalChange current server address & credentials
<kbd>Ctrl</kbd> + <kbd>r</kbd>GlobalReconnect to the server
<kbd>Ctrl</kbd> + <kbd>u</kbd>GlobalUpgrade connection to use TLS (with StartTLS)
<kbd>Ctrl</kbd> + <kbd>f</kbd>Explorer & Search pagesOpen the finder to search for cached objects & attributes with regex
Right ArrowExplorer panelExpand the children of the selected object
Left ArrowExplorer panelCollapse the children of the selected object
<kbd>r</kbd>Explorer panelReload the attributes and children of the selected object
<kbd>Ctrl</kbd> + <kbd>n</kbd>Explorer panelCreate a new object under the selected object
<kbd>Ctrl</kbd> + <kbd>s</kbd>Explorer panelExport all loaded nodes in the selected subtree into a JSON file
<kbd>Ctrl</kbd> + <kbd>p</kbd>Explorer panelChange the password of the selected user or computer account (requires TLS)
<kbd>Ctrl</kbd> + <kbd>a</kbd>Explorer panelUpdate the userAccountControl of the object interactively
<kbd>Ctrl</kbd> + <kbd>l</kbd>Explorer panelMove the selected object to another location
<kbd>Delete</kbd>Explorer panelDelete the selected object
<kbd>r</kbd>Attributes panelReload the attributes for the selected object
<kbd>Ctrl</kbd> + <kbd>e</kbd>Attributes panelEdit the selected attribute of the selected object
<kbd>Ctrl</kbd> + <kbd>n</kbd>Attributes panelCreate a new attribute in the selected object
<kbd>Delete</kbd>Attributes panelDelete the selected attribute of the selected object
<kbd>Enter</kbd>Attributes panel (entries hidden)Expand all hidden entries of an attribute
<kbd>Delete</kbd>Groups panelsRemove the selected member from the searched group or vice-versa
<kbd>Ctrl</kbd> + <kbd>s</kbd>Object groups panelExport the current groups into a JSON file
<kbd>Ctrl</kbd> + <kbd>s</kbd>Group members panelExport the current group members into a JSON file
<kbd>Ctrl</kbd> + <kbd>g</kbd>Groups panels / Explorer panel / Obj. Search panelAdd a member to the selected group / add the selected object into a group
<kbd>Ctrl</kbd> + <kbd>d</kbd>Groups panels / Explorer panel / Obj. Search panelInspect the DACL of the currently selected object
<kbd>Ctrl</kbd> + <kbd>o</kbd>DACL pageChange the owner of the current security descriptor
<kbd>Ctrl</kbd> + <kbd>k</kbd>DACL pageChange the control flags of the current security descriptor
<kbd>Ctrl</kbd> + <kbd>s</kbd>DACL pageExport the current security descriptor into a JSON file
<kbd>Ctrl</kbd> + <kbd>n</kbd>DACL entries panelCreate a new ACE in the current DACL
<kbd>Ctrl</kbd> + <kbd>e</kbd>DACL entries panelEdit the selected ACE of the current DACL
<kbd>Delete</kbd>DACL entries panelDeletes the selected ACE of the current DACL
<kbd>Ctrl</kbd> + <kbd>s</kbd>GPO pageExport the current GPOs and their links into a JSON file
<kbd>Ctrl</kbd> + <kbd>s</kbd>DNS zones panelExport the selected zones and their child DNS nodes into a JSON file
<kbd>r</kbd>DNS zones panelReload the nodes of the selected zone / the records of the selected node
<kbd>h</kbd>GlobalShow/hide headers
<kbd>q</kbd>GlobalExit the program

Tree Colors

The nodes in the explorer tree are colored as follows:

ScenarioColor
Object exists and is enabledDefault
Object exists and is disabledYellow*
Object was deleted and not yet recycledGray*
Object was recycled alreadyRed*

* Before v2.2.0, disabled nodes were colored red. This was the only custom color in the tree panel; other nodes were colored with default colors (the "include deleted objects" flag had not been implemented yet).

Contributing

Godap started as a fun side project, but has become a really useful tool since then. Unfortunately these days I only have limited time and there's much to be done, so if you like the tool and believe you can help please reach out to me directly at @marzanol :-)

Contributions are also welcome by opening an issue or by submitting a pull request.

Acknowledgements

Disclaimers

License

The MIT License (MIT)

Copyright (c) 2023 Artur Henrique Marzano Gonzaga

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.