Pywerview

Features

- SChannel authentication is now supported (see `README` for details)

Modifications

- Fixed `get_adserviceaccount` to works with kerberos authentication
- Adding command line custom filter attributes to several functions
- `get-netdomaintrust` no longer tries to interpret results
- Adding `--full-data` flag to `get-netdomaintrust`
- fixed performance issues, no more multiple LDAP connections with some functions

Features

* Added a `--laps-passwords` option to `get-netcomputer` to query only computers for which the user can read LAPS passwords (thanks SAERXCIT).
* Added `allowed-to-authenticate` in the right filter list for `get-objectacl`. This can be useful when Selective Authentication is set (see https://twitter.com/AlmondOffSec/status/1577958969523535873).
* Added a `--pre-created` option to `get-netcomputer` to return potentially vulnerable computer accounts (see https://www.trustedsec.com/blog/diving-into-pre-created-computer-accounts/). Caution: This option is prone to false positives and negatives.
* Added a Dockerfile based on a Ubuntu image (thanks sdcampbell and p1gp1g).

Modifications

* `useraccountcontrol` attribute is now returned when using `get-netgroupmember` function. This can be useful to detect disabled admin accounts or accounts that are not allowed for delegation.
* The project now uses `beautifulsoup4` instead of `bs4` package (thanks fabaff).
* `ms-Mcs-AdmPwdExpirationTime` is now formatted as a timestamp.
* `get-netcomputer` now returns all computer accounts even those without `dnshostname`.
* `samaccountype` attribute is now formatted as a string.
* The project now falls back to pycryptodome if pycryptodomex is not installed (thanks thesamesam).
* `get-netgroupmember` now returns also computer accounts
* Better exception handling to detect Channel Binding and LDAP Signing

Features
- Kerberos authentication is now supported (see `README` for details)
- Added a `get-adserviceaccount` functionality
- Added a `--logging` option to get different debug levels and messages
- Results can be dumped as JSON using `--json`
- TLS connection can be forced using `--tls`

Modifications
- Fixed `find-gpocomputeradmin`: there was a bug when setting `isgroup` attribute in `GPOComputerAdmin` object
- Fixed `get-domainpolicy`: fixed a bug in SID resolving
- Fixed dependencies and setup script (merged 46 and 47)

Features
- `get-objectacl`: can be used to list ACL on a domain object
- `get-netpso`: lists Password Settings Objects (fine-grained password policies)

Modifications
- `ADObject` was simplified, both in its management by the code and its pretty-printing.
- Usage of formatters combined with ldap3 to better manage custom types in LDAP attributes.

Bug fix
- TLS fallback is properly handled
- `StringsIO` changed to `BytesIO` in GPO parsing functions

Modifications
- Requirements were simplified: only `impacket`, `bs4`, and `lxml` are needed

Bug fix

- Calls to `close()` were changed to `unbind()` (due to the change of LDAP library)
- Better handling of timestamp attributes for 32 bit systems
- Fixed `get-netgroup` when group names have parenthesis (this will have to be done for other functions, and maybe at another place of the code)
- Fixed `get-netfileserver` when file server attributes are absent