performing-privileged-account-discovery
CommunityRapid privileged account discovery and inventory
Software Engineering#discovery#auditing#iam#active-directory#service-accounts#ldap#privileged-accounts
AuthorAcczdy
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Discover and inventory privileged accounts across enterprise directories to identify excessive privileges, shadow admin paths, and unmanaged service accounts that increase risk and hinder incident response.
Core Features & Use Cases
- Privileged group enumeration: Detect memberships of Domain Admins, Enterprise Admins, Schema Admins, and other high-privilege groups.
- Service account discovery: Find accounts with servicePrincipalName and report SPNs for Kerberos/service mapping.
- Shadow admin detection: Resolve nested memberships via LDAP_MATCHING_RULE_IN_CHAIN and flag adminCount users for orphaned or delegated privileges.
- Reporting & integration: Output structured JSON reports for PAM onboarding, audit evidence, and SIEM ingestion.
- Use Case: Security teams and auditors can run the agent against a lab AD to produce a compliance-ready inventory of privileged identities and service accounts.
Quick Start
Run the LDAP discovery agent with valid bind credentials and an LDAP server URL to generate a JSON report of privileged accounts.
Dependency Matrix
Required Modules
ldap3
Components
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: performing-privileged-account-discovery Download link: https://github.com/Acczdy/MoZiSec/archive/main.zip#performing-privileged-account-discovery Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.