Pywerview

Features

- `get-netpki`: returns a list of all the `pKIEnrollmentService` objects.
- `get-netcerttmpl`: returns a list of all the `pKICertificateTemplate` objects. This function implements the `--caname CA-NAME` flag to only retrieve certificates for this certificate authority.

Modifications

- `get-netdomaintrust` now displays the SID of the trusted domain
- `NetRequester` object has now a `_resolve_sid()` function.
- pywerview now requires impacket [db71504](https://github.com/fortra/impacket/commit/db71504529008bdbdd900549f6e4293be2e32c88)
- `_get_netfqdn` in `LDAPRequester` now uses anonymous bind and root DSE to retrieve the fqdn
- code refactoring within requester.py

Bug fix

- Fixed an infinite recursion when using TLS and a wrong password (by jsherwood0)

Features

- pywerview now uses [ldap3-bleeding-edge](https://pypi.org/project/ldap3-bleeding-edge/). It will use it until [#1139](https://github.com/cannatag/ldap3/pull/1139) is merged and released.

Modifications

- When `LDAPInvalidCredentialsResult` is raised, pywerview parses the error code and displays it in human readable format.

Modifications

- Fix a bug in `get-objectacl` when the domain FQDN is longer than 2 "words" (aka the domain is something like foo.bar.local)
- Fix a bug in `find-gpocomputeradmin`
- `ALIAS_OBJECT` is now treated as group in `get-netgroupmember`
- Strip the trailing `\x00` while retrieving local disks (by Anhydrite)

Features

- new function: `get-objectowner`. You can use this function to retrieve owner of any Active Directory object.
- new attribute: `_well_known_rids` in `ADObject`. A (partial) list of well known RIDs.

Modifications

- better SPN patching: the realm part is ignored
- hunting functions are fixed
- hunting functions implement json output
- More well known SIDs

Features

- pywerview falls back to simple authentication if Channel Binding and LDAP Signing patches are not installed. This fallback only works if:
- Authentication is done with a password
- LDAPS (TCP port 636) is open

Modifications

- you can use impacket's pth syntax with pywerview (e.g. `--hashes :deadbeefdeadbeefdeadbeef`)
- adding possibility to change namespace and rpc auth level for wmi
- Docker file no longer manually installs dsinternals

Features

- pywerview can now use `ldap3` [special branch](https://github.com/ThePirateWhoSmellsOfSunflowers/ldap3/tree/tls_cb_and_seal_for_ntlm) to work against hardened DCs. Thus, if the targeted DC enforces LDAP Signing and/or Channel Binding, please use this custom `ldap3` version. S/O CravateRouge

Modifications

- Fixed `get-objectacl` when used with `--resolve-guid`
- Two new functions are available : `get-netsmsa` and `get-netgmsa` (by pbalmelle)
- `get-adservices` no longer exists, use `get-netgmsa` to retrieve gMSA