PowEnum - Penetration testers commonly enumerate active-directory data.

PowEnum – Penetration testers commonly enumerate active-directory data.

PowEnum is a Penetration testers commonly enumerate AD data – providing domain situational awareness and helping to identify soft targets. PowEnum helps automate the cartological view of your target domain.

PowEnum executes common PowerSploit Powerview functions and combines the output into a spreadsheet for easy analysis. All network traffic is only sent to the DC(s).
Syntax Examples:
– Invoke-PowEnum
– Invoke-PowEnum -PowerviewURL http://10.0.0.10/PowerView.ps1
– Invoke-PowEnum -FQDN test.domain.com
– Invoke-PowEnum -Mode SYSVOL
– Invoke-PowEnum -Credential test.domain.com\username -FQDN test.domain.com -Mode Special

PowEnum

Detection:
This enumeration will generate suspicious traffic between the PowEnum system and the target DC(s). If there are security products watching traffic to the DC(s) (i.e. Microsoft ATA) PowEnum will likely get flagged.

Usage:

Source: https://github.com/whitehat-zero