From e2fc5a8aa6afc9186712ca8d34cc099a80bb7816 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jonas=20B=C3=BClow=20Knudsen?= <12843299+JonasBK@users.noreply.github.com> Date: Fri, 26 Apr 2024 11:55:47 -0700 Subject: [PATCH] docs: update collection methods description (#96) --- README.md | 2 +- src/PowerShell/Template.ps1 | 17 +++++++++-------- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 69072a5..2fb5248 100644 --- a/README.md +++ b/README.md @@ -30,7 +30,7 @@ dotnet build ``` -c, --collectionmethods (Default: Default) Collection Methods: Container, Group, LocalGroup, GPOLocalGroup, - Session, LoggedOn, ObjectProps, ACL, ComputerOnly, Trusts, Default, RDP, DCOM, DCOnly, CARegistry, DCRegistry, CertServices + Session, LoggedOn, ObjectProps, ACL, ComputerOnly, Trusts, Default, RDP, DCOM, DCOnly, UserRights, CARegistry, DCRegistry, CertServices -d, --domain Specify domain to enumerate diff --git a/src/PowerShell/Template.ps1 b/src/PowerShell/Template.ps1 index 9c9effb..f19d7bb 100644 --- a/src/PowerShell/Template.ps1 +++ b/src/PowerShell/Template.ps1 @@ -25,16 +25,17 @@ Trusts - Enumerate domain trust data ACL - Collect ACL (Access Control List) data Container - Collect GPO/OU Data - ComputerOnly - Collects Local Group and Session data - GPOLocalGroup - Collects Local Group information using GPO (Group Policy Objects) - LoggedOn - Collects session information using privileged methods (needs admin!) - ObjectProps - Collects node property information for users and computers - SPNTargets - Collects SPN targets (currently only MSSQL) - Default - Collects Group Membership, Local Admin, Sessions, Containers, ACLs and Domain Trusts - DcOnly - Collects Group Membership, ACLs, ObjectProps, Trusts, Containers, and GPO Admins + ComputerOnly - Collect Local Group, Session data, User Rights, CA Registry, and DC Registry + GPOLocalGroup - Collect Local Group information using GPO (Group Policy Objects) + LoggedOn - Collect session information using privileged methods (needs admin!) + ObjectProps - Collect node property information for users and computers + SPNTargets - Collect SPN targets (currently only MSSQL) + Default - Collect Group Membership, Local Admin, Sessions, Containers, ACLs, Domain Trusts, and ADCS objects + DcOnly - Collect Group Membership, ACLs, ObjectProps, Trusts, Containers, GPO Admins, and ADCS objects + UserRights - Collect User Rights Assignment from domain computers (needs admin) CARegistry - Collect ADCS properties from registry of Certificate Authority servers DCRegistry - Collect properties from registry of Domain Controller servers - CertServices - Collect ADCS properties from Certificate Services + CertServices - Collect ADCS objects from Certificate Services All - Collect all data This can be a list of comma separated valued as well to run multiple collection methods!