External/nuclei
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei.git synced 2025-12-17 21:35:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
nuclei/pkg/js/generated/ts/ldap.ts
Tarun Koyalwar 6cbd73f780
feat: improve ldap output with custom type: (#5387) 
* feat: improve ldap output with custom type:

* js bindings update

* lint fix
2024-07-15 18:42:22 +05:30

748 lines
19 KiB
TypeScript
Executable File
Raw Permalink Blame History

/** The user account is disabled. */
export const FilterAccountDisabled = "(userAccountControl:1.2.840.113556.1.4.803:=2)";
/** The user account is enabled. */
export const FilterAccountEnabled = "(!(userAccountControl:1.2.840.113556.1.4.803:=2))";
/** The user can send an encrypted password. */
export const FilterCanSendEncryptedPassword = "(userAccountControl:1.2.840.113556.1.4.803:=128)";
/** Represents the password, which should never expire on the account. */
export const FilterDontExpirePassword = "(userAccountControl:1.2.840.113556.1.4.803:=65536)";
/** This account doesn't require Kerberos pre-authentication for logging on. */
export const FilterDontRequirePreauth = "(userAccountControl:1.2.840.113556.1.4.803:=4194304)";
/** The object has a service principal name. */
export const FilterHasServicePrincipalName = "(servicePrincipalName=*)";
/** The home folder is required. */
export const FilterHomedirRequired = "(userAccountControl:1.2.840.113556.1.4.803:=8)";
/** It's a permit to trust an account for a system domain that trusts other domains. */
export const FilterInterdomainTrustAccount = "(userAccountControl:1.2.840.113556.1.4.803:=2048)";
/** The object is an admin. */
export const FilterIsAdmin = "(adminCount=1)";
/** The object is a computer. */
export const FilterIsComputer = "(objectCategory=computer)";
/** It's an account for users whose primary account is in another domain. */
export const FilterIsDuplicateAccount = "(userAccountControl:1.2.840.113556.1.4.803:=256)";
/** The object is a group. */
export const FilterIsGroup = "(objectCategory=group)";
/** It's a default account type that represents a typical user. */
export const FilterIsNormalAccount = "(userAccountControl:1.2.840.113556.1.4.803:=512)";
/** The object is a person. */
export const FilterIsPerson = "(objectCategory=person)";
/** The user is locked out. */
export const FilterLockout = "(userAccountControl:1.2.840.113556.1.4.803:=16)";
/** The logon script will be run. */
export const FilterLogonScript = "(userAccountControl:1.2.840.113556.1.4.803:=1)";
/** It's an MNS logon account. */
export const FilterMnsLogonAccount = "(userAccountControl:1.2.840.113556.1.4.803:=131072)";
/** When this flag is set, the security context of the user isn't delegated to a service even if the service account is set as trusted for Kerberos delegation. */
export const FilterNotDelegated = "(userAccountControl:1.2.840.113556.1.4.803:=1048576)";
/** The account is a read-only domain controller (RODC). */
export const FilterPartialSecretsAccount = "(userAccountControl:1.2.840.113556.1.4.803:=67108864)";
/** The user can't change the password. */
export const FilterPasswordCantChange = "(userAccountControl:1.2.840.113556.1.4.803:=64)";
/** The user's password has expired. */
export const FilterPasswordExpired = "(userAccountControl:1.2.840.113556.1.4.803:=8388608)";
/** No password is required. */
export const FilterPasswordNotRequired = "(userAccountControl:1.2.840.113556.1.4.803:=32)";
/** It's a computer account for a domain controller that is a member of this domain. */
export const FilterServerTrustAccount = "(userAccountControl:1.2.840.113556.1.4.803:=8192)";
/** When this flag is set, it forces the user to log on by using a smart card. */
export const FilterSmartCardRequired = "(userAccountControl:1.2.840.113556.1.4.803:=262144)";
/** When this flag is set, the service account (the user or computer account) under which a service runs is trusted for Kerberos delegation. */
export const FilterTrustedForDelegation = "(userAccountControl:1.2.840.113556.1.4.803:=524288)";
/** The account is enabled for delegation. */
export const FilterTrustedToAuthForDelegation = "(userAccountControl:1.2.840.113556.1.4.803:=16777216)";
/** Restrict this principal to use only Data Encryption Standard (DES) encryption types for keys. */
export const FilterUseDesKeyOnly = "(userAccountControl:1.2.840.113556.1.4.803:=2097152)";
/** It's a computer account for a computer that is running old Windows builds. */
export const FilterWorkstationTrustAccount = "(userAccountControl:1.2.840.113556.1.4.803:=4096)";
/**
* DecodeADTimestamp decodes an Active Directory timestamp
* @example
* ```javascript
* const ldap = require('nuclei/ldap');
* const timestamp = ldap.DecodeADTimestamp('132036744000000000');
* log(timestamp);
* ```
*/
export function DecodeADTimestamp(timestamp: string): string {
return "";
}
/**
* DecodeSID decodes a SID string
* @example
* ```javascript
* const ldap = require('nuclei/ldap');
* const sid = ldap.DecodeSID('S-1-5-21-3623811015-3361044348-30300820-1013');
* log(sid);
* ```
*/
export function DecodeSID(s: string): string {
return "";
}
/**
* DecodeZuluTimestamp decodes a Zulu timestamp
* @example
* ```javascript
* const ldap = require('nuclei/ldap');
* const timestamp = ldap.DecodeZuluTimestamp('2021-08-25T10:00:00Z');
* log(timestamp);
* ```
*/
export function DecodeZuluTimestamp(timestamp: string): string {
return "";
}
/**
* JoinFilters joins multiple filters into a single filter
* @example
* ```javascript
* const ldap = require('nuclei/ldap');
* const filter = ldap.JoinFilters(ldap.FilterIsPerson, ldap.FilterAccountEnabled);
* ```
*/
export function JoinFilters(filters: any): string {
return "";
}
/**
* NegativeFilter returns a negative filter for a given filter
* @example
* ```javascript
* const ldap = require('nuclei/ldap');
* const filter = ldap.NegativeFilter(ldap.FilterIsPerson);
* ```
*/
export function NegativeFilter(filter: string): string {
return "";
}
/**
* Client is a client for ldap protocol in nuclei
* @example
* ```javascript
* const ldap = require('nuclei/ldap');
* // here ldap.example.com is the ldap server and acme.com is the realm
* const client = new ldap.Client('ldap://ldap.example.com', 'acme.com');
* ```
* @example
* ```javascript
* const ldap = require('nuclei/ldap');
* const cfg = new ldap.Config();
* cfg.Timeout = 10;
* cfg.ServerName = 'ldap.internal.acme.com';
* // optional config can be passed as third argument
* const client = new ldap.Client('ldap://ldap.example.com', 'acme.com', cfg);
* ```
*/
export class Client {
public Host?: string;
public Port?: number;
public Realm?: string;
public BaseDN?: string;
// Constructor of Client
constructor(public ldapUrl: string, public realm: string, public config?: Config ) {}
/**
* FindADObjects finds AD objects based on a filter
* and returns them as a list of ADObject
* @example
* ```javascript
* const ldap = require('nuclei/ldap');
* const client = new ldap.Client('ldap://ldap.example.com', 'acme.com');
* const users = client.FindADObjects(ldap.FilterIsPerson);
* log(to_json(users));
* ```
*/
public FindADObjects(filter: string): SearchResult | null {
return null;
}
/**
* GetADUsers returns all AD users
* using FilterIsPerson filter query
* @example
* ```javascript
* const ldap = require('nuclei/ldap');
* const client = new ldap.Client('ldap://ldap.example.com', 'acme.com');
* const users = client.GetADUsers();
* log(to_json(users));
* ```
*/
public GetADUsers(): SearchResult | null {
return null;
}
/**
* GetADActiveUsers returns all AD users
* using FilterIsPerson and FilterAccountEnabled filter query
* @example
* ```javascript
* const ldap = require('nuclei/ldap');
* const client = new ldap.Client('ldap://ldap.example.com', 'acme.com');
* const users = client.GetADActiveUsers();
* log(to_json(users));
* ```
*/
public GetADActiveUsers(): SearchResult | null {
return null;
}
/**
* GetAdUserWithNeverExpiringPasswords returns all AD users
* using FilterIsPerson and FilterDontExpirePassword filter query
* @example
* ```javascript
* const ldap = require('nuclei/ldap');
* const client = new ldap.Client('ldap://ldap.example.com', 'acme.com');
* const users = client.GetADUserWithNeverExpiringPasswords();
* log(to_json(users));
* ```
*/
public GetADUserWithNeverExpiringPasswords(): SearchResult | null {
return null;
}
/**
* GetADUserTrustedForDelegation returns all AD users that are trusted for delegation
* using FilterIsPerson and FilterTrustedForDelegation filter query
* @example
* ```javascript
* const ldap = require('nuclei/ldap');
* const client = new ldap.Client('ldap://ldap.example.com', 'acme.com');
* const users = client.GetADUserTrustedForDelegation();
* log(to_json(users));
* ```
*/
public GetADUserTrustedForDelegation(): SearchResult | null {
return null;
}
/**
* GetADUserWithPasswordNotRequired returns all AD users that do not require a password
* using FilterIsPerson and FilterPasswordNotRequired filter query
* @example
* ```javascript
* const ldap = require('nuclei/ldap');
* const client = new ldap.Client('ldap://ldap.example.com', 'acme.com');
* const users = client.GetADUserWithPasswordNotRequired();
* log(to_json(users));
* ```
*/
public GetADUserWithPasswordNotRequired(): SearchResult | null {
return null;
}
/**
* GetADGroups returns all AD groups
* using FilterIsGroup filter query
* @example
* ```javascript
* const ldap = require('nuclei/ldap');
* const client = new ldap.Client('ldap://ldap.example.com', 'acme.com');
* const groups = client.GetADGroups();
* log(to_json(groups));
* ```
*/
public GetADGroups(): SearchResult | null {
return null;
}
/**
* GetADDCList returns all AD domain controllers
* using FilterIsComputer, FilterAccountEnabled and FilterServerTrustAccount filter query
* @example
* ```javascript
* const ldap = require('nuclei/ldap');
* const client = new ldap.Client('ldap://ldap.example.com', 'acme.com');
* const dcs = client.GetADDCList();
* log(to_json(dcs));
* ```
*/
public GetADDCList(): SearchResult | null {
return null;
}
/**
* GetADAdmins returns all AD admins
* using FilterIsPerson, FilterAccountEnabled and FilterIsAdmin filter query
* @example
* ```javascript
* const ldap = require('nuclei/ldap');
* const client = new ldap.Client('ldap://ldap.example.com', 'acme.com');
* const admins = client.GetADAdmins();
* log(to_json(admins));
* ```
*/
public GetADAdmins(): SearchResult | null {
return null;
}
/**
* GetADUserKerberoastable returns all AD users that are kerberoastable
* using FilterIsPerson, FilterAccountEnabled and FilterHasServicePrincipalName filter query
* @example
* ```javascript
* const ldap = require('nuclei/ldap');
* const client = new ldap.Client('ldap://ldap.example.com', 'acme.com');
* const kerberoastable = client.GetADUserKerberoastable();
* log(to_json(kerberoastable));
* ```
*/
public GetADUserKerberoastable(): SearchResult | null {
return null;
}
/**
* GetADUserAsRepRoastable returns all AD users that are AsRepRoastable
* using FilterIsPerson, and FilterDontRequirePreauth filter query
* @example
* ```javascript
* const ldap = require('nuclei/ldap');
* const client = new ldap.Client('ldap://ldap.example.com', 'acme.com');
* const AsRepRoastable = client.GetADUserAsRepRoastable();
* log(to_json(AsRepRoastable));
* ```
*/
public GetADUserAsRepRoastable(): SearchResult | null {
return null;
}
/**
* GetADDomainSID returns the SID of the AD domain
* @example
* ```javascript
* const ldap = require('nuclei/ldap');
* const client = new ldap.Client('ldap://ldap.example.com', 'acme.com');
* const domainSID = client.GetADDomainSID();
* log(domainSID);
* ```
*/
public GetADDomainSID(): string {
return "";
}
/**
* Authenticate authenticates with the ldap server using the given username and password
* performs NTLMBind first and then Bind/UnauthenticatedBind if NTLMBind fails
* @example
* ```javascript
* const ldap = require('nuclei/ldap');
* const client = new ldap.Client('ldap://ldap.example.com', 'acme.com');
* client.Authenticate('user', 'password');
* ```
*/
public Authenticate(username: string): void {
return;
}
/**
* AuthenticateWithNTLMHash authenticates with the ldap server using the given username and NTLM hash
* @example
* ```javascript
* const ldap = require('nuclei/ldap');
* const client = new ldap.Client('ldap://ldap.example.com', 'acme.com');
* client.AuthenticateWithNTLMHash('pdtm', 'hash');
* ```
*/
public AuthenticateWithNTLMHash(username: string): void {
return;
}
/**
* Search accepts whatever filter and returns a list of maps having provided attributes
* as keys and associated values mirroring the ones returned by ldap
* @example
* ```javascript
* const ldap = require('nuclei/ldap');
* const client = new ldap.Client('ldap://ldap.example.com', 'acme.com');
* const results = client.Search('(objectClass=*)', 'cn', 'mail');
* ```
*/
public Search(filter: string, attributes: any): SearchResult | null {
return null;
}
/**
* AdvancedSearch accepts all values of search request type and return Ldap Entry
* its up to user to handle the response
* @example
* ```javascript
* const ldap = require('nuclei/ldap');
* const client = new ldap.Client('ldap://ldap.example.com', 'acme.com');
* const results = client.AdvancedSearch(ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, '(objectClass=*)', ['cn', 'mail'], []);
* ```
*/
public AdvancedSearch(Scope: number, TypesOnly: boolean, Filter: string, Attributes: string[], Controls: any): SearchResult | null {
return null;
}
/**
* CollectLdapMetadata collects metadata from ldap server.
* @example
* ```javascript
* const ldap = require('nuclei/ldap');
* const client = new ldap.Client('ldap://ldap.example.com', 'acme.com');
* const metadata = client.CollectMetadata();
* log(to_json(metadata));
* ```
*/
public CollectMetadata(): Metadata | null {
return null;
}
/**
* close the ldap connection
* @example
* ```javascript
* const ldap = require('nuclei/ldap');
* const client = new ldap.Client('ldap://ldap.example.com', 'acme.com');
* client.Close();
* ```
*/
public Close(): void {
return;
}
}
/**
* Config is extra configuration for the ldap client
* @example
* ```javascript
* const ldap = require('nuclei/ldap');
* const cfg = new ldap.Config();
* cfg.Timeout = 10;
* cfg.ServerName = 'ldap.internal.acme.com';
* cfg.Upgrade = true; // upgrade to tls
* ```
*/
export interface Config {
/**
* Timeout is the timeout for the ldap client in seconds
*/
Timeout?: number,
ServerName?: string,
Upgrade?: boolean,
}
/**
* LdapAttributes represents all LDAP attributes of a particular
* ldap entry
*/
export interface LdapAttributes {
/**
* CurrentTime contains current time
*/
CurrentTime?: string[],
/**
* SubschemaSubentry contains subschema subentry
*/
SubschemaSubentry?: string[],
/**
* DsServiceName contains ds service name
*/
DsServiceName?: string[],
/**
* NamingContexts contains naming contexts
*/
NamingContexts?: string[],
/**
* DefaultNamingContext contains default naming context
*/
DefaultNamingContext?: string[],
/**
* SchemaNamingContext contains schema naming context
*/
SchemaNamingContext?: string[],
/**
* ConfigurationNamingContext contains configuration naming context
*/
ConfigurationNamingContext?: string[],
/**
* RootDomainNamingContext contains root domain naming context
*/
RootDomainNamingContext?: string[],
/**
* SupportedLDAPVersion contains supported LDAP version
*/
SupportedLDAPVersion?: string[],
/**
* HighestCommittedUSN contains highest committed USN
*/
HighestCommittedUSN?: string[],
/**
* SupportedSASLMechanisms contains supported SASL mechanisms
*/
SupportedSASLMechanisms?: string[],
/**
* DnsHostName contains DNS host name
*/
DnsHostName?: string[],
/**
* LdapServiceName contains LDAP service name
*/
LdapServiceName?: string[],
/**
* ServerName contains server name
*/
ServerName?: string[],
/**
* IsSynchronized contains is synchronized
*/
IsSynchronized?: string[],
/**
* IsGlobalCatalogReady contains is global catalog ready
*/
IsGlobalCatalogReady?: string[],
/**
* DomainFunctionality contains domain functionality
*/
DomainFunctionality?: string[],
/**
* ForestFunctionality contains forest functionality
*/
ForestFunctionality?: string[],
/**
* DomainControllerFunctionality contains domain controller functionality
*/
DomainControllerFunctionality?: string[],
/**
* DistinguishedName contains the distinguished name
*/
DistinguishedName?: string[],
/**
* SAMAccountName contains the SAM account name
*/
SAMAccountName?: string[],
/**
* PWDLastSet contains the password last set time
*/
PWDLastSet?: string[],
/**
* LastLogon contains the last logon time
*/
LastLogon?: string[],
/**
* MemberOf contains the groups the entry is a member of
*/
MemberOf?: string[],
/**
* ServicePrincipalName contains the service principal names
*/
ServicePrincipalName?: string[],
/**
* Extra contains other extra fields which might be present
*/
Extra?: Record<string, any>,
}
/**
* LdapEntry represents a single LDAP entry
*/
export interface LdapEntry {
/**
* DN contains distinguished name
*/
DN?: string,
/**
* Attributes contains list of attributes
*/
Attributes?: LdapAttributes,
}
/**
* Metadata is the metadata for ldap server.
* this is returned by CollectMetadata method
*/
export interface Metadata {
BaseDN?: string,
Domain?: string,
DefaultNamingContext?: string,
DomainFunctionality?: string,
ForestFunctionality?: string,
DomainControllerFunctionality?: string,
DnsHostName?: string,
}
/**
* SearchResult contains search result of any / all ldap search request
* @example
* ```javascript
* const ldap = require('nuclei/ldap');
* const client = new ldap.Client('ldap://ldap.example.com', 'acme.com');
* const results = client.Search('(objectinterface=*)', 'cn', 'mail');
* ```
*/
export interface SearchResult {
/**
* Referrals contains list of referrals
*/
Referrals?: string[],
/**
* Controls contains list of controls
*/
Controls?: string[],
/**
* Entries contains list of entries
*/
Entries?: LdapEntry[],
}
Reference in New Issue View Git Blame Copy Permalink