Find vulnerabilities in AD Group Policy Grouper2

Grouper2 is a tool for pentesters to help find security-related misconfigurations in Active Directory Group Policy.

It might also be useful for other people doing other stuff, but it is explicitly NOT meant to be an audit tool. If you want to check your policy configs against some particular standard, you probably want Microsoft's Security and Compliance Toolkit, not Grouper or Grouper2.

It dumps all the most interesting parts of group policy and then roots around in them for exploitable stuff.

New features:

  • better file permission checks that don't involve writing to disk.
  • doesn't miss those GPP passwords that Grouper 1 did.
  • HTML output option so you can preserve those sexy console colours and take them with you.
  • aim Grouper2 at an offline copy of SYSVOL if you want.
  • it's multithreaded!

How to Use:

Run the EXE on a domain joined machine in the context of a domain user, and magic JSON candy will fall out.

If the JSON burns your eyes, add -g to make it real pretty.

If you love the prettiness so much you wanna take it with you, do -f "$FILEPATH.html" to puke the candy into an HTML file.

If there's too much candy and you want to limit output to only the tastiest morsels, set the 'interest level' with -i $INT, the bigger the number the tastier the candy, e.g. -i 10 will only give you stuff that will probably result in creds or shells.

If you don't want to dig around in old policy and want to limit yourself to only current stuff, do -c.

If you want the candy to fall out faster, you can set the number of threads with-t $INT - the default is 10.

If you want to see the other options, do -h.

Download

https://github.com/l0ss/Grouper2