-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathconf.ini
42 lines (29 loc) · 1.42 KB
/
conf.ini
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
[common]
# If True, no users will be added to or deleted from the leaked_passwords_group_name group, only print
dry_run = True
# SambaAD smb.conf fullpath file
smbconf=/etc/samba/smb.conf
# AD Group to add users with leaked passwords
# If it's not already present in the SambaAD directory, the script automatically creates it
# To ensure security, do not use an explicit group name such as "users_with_leaked_password".
leaked_passwords_group_name = ad_group_xx
# Add users with leaked passwords to a SambaAD directory group
add_users_in_leaked_passwords_group = True
# Anonymize results, the script replace sAMAccountName by incremental anonymous usernames
anonymize_results = True
# Users base DN to check:
#users_basedn = DC=my,DC=domain,DC=lan
# Also check passwords for inactive accounts
check_inactive_accounts = False
# Check for duplicate passwords
check_duplicate_passwords = True
# Check for leaked passwords
check_leaked_passwords = True
# Local cache for hash already verified
local_json = /root/leaked_hash.json
# If you want to check privileged groups
check_privileged_group = True
# Enter privileged group names separated by commas, requires check_privileged_group to be set to True
privileged_groups = Domain Admins,tiers_0_admins,tiers_1_admins,tiers_2_admins
# If you want to export results in xlsx file, uncomment the line
#export_results_to_xlsx = /root/audit_passwords_results.xlsx