Post Exploitation Domain Enum.

The DomainEnum module is intended to support post-exploitation activities from within the user context on the target domain. It will enumerate domain computers, servers, users, emails, groups, group membership(s), sites, subnets, and subnets per site and save the results to one or more files. Whenever possible it will also enumerate computers, servers, users, groups, and group membership per OU. It’s really intended to establish situational awareness once you drop onto “patient 0” and set you up to make the most of who you pivot to.
Latest Change 2015.06.19 : changes to get-email, clean-up, and formatting.
– Create the following directory structure %USERPROFILE%\documents\windowspowershell\modules\DomainEnum
– Load the contents of the ‘DomainEnum’ directory into the new directory
– Open terminal
– Type
>powershell -ExecutionPolicy Bypass –
PS>import-module DomainEnum
PS>get-command -module DomainEnum
– All output will be posted to C:\Users\Public\



Script :

Source :