CoCalc -- ldap.ts

GitHub Repository: projectdiscovery/nuclei
Path: blob/dev/pkg/js/generated/ts/ldap.ts
²⁰⁷⁰ views
1

2

3
/** The user account is disabled. */
4
export const FilterAccountDisabled = "(userAccountControl:1.2.840.113556.1.4.803:=2)";
5

6
/** The user account is enabled. */
7
export const FilterAccountEnabled = "(!(userAccountControl:1.2.840.113556.1.4.803:=2))";
8

9
/** The user can send an encrypted password. */
10
export const FilterCanSendEncryptedPassword = "(userAccountControl:1.2.840.113556.1.4.803:=128)";
11

12
/** Represents the password, which should never expire on the account. */
13
export const FilterDontExpirePassword = "(userAccountControl:1.2.840.113556.1.4.803:=65536)";
14

15
/** This account doesn't require Kerberos pre-authentication for logging on. */
16
export const FilterDontRequirePreauth = "(userAccountControl:1.2.840.113556.1.4.803:=4194304)";
17

18
/** The object has a service principal name. */
19
export const FilterHasServicePrincipalName = "(servicePrincipalName=*)";
20

21
/** The home folder is required. */
22
export const FilterHomedirRequired = "(userAccountControl:1.2.840.113556.1.4.803:=8)";
23

24
/** It's a permit to trust an account for a system domain that trusts other domains. */
25
export const FilterInterdomainTrustAccount = "(userAccountControl:1.2.840.113556.1.4.803:=2048)";
26

27
/** The object is an admin. */
28
export const FilterIsAdmin = "(adminCount=1)";
29

30
/** The object is a computer. */
31
export const FilterIsComputer = "(objectCategory=computer)";
32

33
/** It's an account for users whose primary account is in another domain. */
34
export const FilterIsDuplicateAccount = "(userAccountControl:1.2.840.113556.1.4.803:=256)";
35

36
/** The object is a group. */
37
export const FilterIsGroup = "(objectCategory=group)";
38

39
/** It's a default account type that represents a typical user. */
40
export const FilterIsNormalAccount = "(userAccountControl:1.2.840.113556.1.4.803:=512)";
41

42
/** The object is a person. */
43
export const FilterIsPerson = "(objectCategory=person)";
44

45
/** The user is locked out. */
46
export const FilterLockout = "(userAccountControl:1.2.840.113556.1.4.803:=16)";
47

48
/** The logon script will be run. */
49
export const FilterLogonScript = "(userAccountControl:1.2.840.113556.1.4.803:=1)";
50

51
/** It's an MNS logon account. */
52
export const FilterMnsLogonAccount = "(userAccountControl:1.2.840.113556.1.4.803:=131072)";
53

54
/** When this flag is set, the security context of the user isn't delegated to a service even if the service account is set as trusted for Kerberos delegation. */
55
export const FilterNotDelegated = "(userAccountControl:1.2.840.113556.1.4.803:=1048576)";
56

57
/** The account is a read-only domain controller (RODC). */
58
export const FilterPartialSecretsAccount = "(userAccountControl:1.2.840.113556.1.4.803:=67108864)";
59

60
/** The user can't change the password. */
61
export const FilterPasswordCantChange = "(userAccountControl:1.2.840.113556.1.4.803:=64)";
62

63
/** The user's password has expired. */
64
export const FilterPasswordExpired = "(userAccountControl:1.2.840.113556.1.4.803:=8388608)";
65

66
/** No password is required. */
67
export const FilterPasswordNotRequired = "(userAccountControl:1.2.840.113556.1.4.803:=32)";
68

69
/** It's a computer account for a domain controller that is a member of this domain. */
70
export const FilterServerTrustAccount = "(userAccountControl:1.2.840.113556.1.4.803:=8192)";
71

72
/** When this flag is set, it forces the user to log on by using a smart card. */
73
export const FilterSmartCardRequired = "(userAccountControl:1.2.840.113556.1.4.803:=262144)";
74

75
/** When this flag is set, the service account (the user or computer account) under which a service runs is trusted for Kerberos delegation. */
76
export const FilterTrustedForDelegation = "(userAccountControl:1.2.840.113556.1.4.803:=524288)";
77

78
/** The account is enabled for delegation. */
79
export const FilterTrustedToAuthForDelegation = "(userAccountControl:1.2.840.113556.1.4.803:=16777216)";
80

81
/** Restrict this principal to use only Data Encryption Standard (DES) encryption types for keys. */
82
export const FilterUseDesKeyOnly = "(userAccountControl:1.2.840.113556.1.4.803:=2097152)";
83

84
/** It's a computer account for a computer that is running old Windows builds. */
85
export const FilterWorkstationTrustAccount = "(userAccountControl:1.2.840.113556.1.4.803:=4096)";
86

87
/**
88
 * DecodeADTimestamp decodes an Active Directory timestamp
89
 * @example
90
 * ```javascript
91
 * const ldap = require('nuclei/ldap');
92
 * const timestamp = ldap.DecodeADTimestamp('132036744000000000');
93
 * log(timestamp);
94
 * ```
95
 */
96
export function DecodeADTimestamp(timestamp: string): string {
97
    return "";
98
}
99

100

101

102
/**
103
 * DecodeSID decodes a SID string
104
 * @example
105
 * ```javascript
106
 * const ldap = require('nuclei/ldap');
107
 * const sid = ldap.DecodeSID('S-1-5-21-3623811015-3361044348-30300820-1013');
108
 * log(sid);
109
 * ```
110
 */
111
export function DecodeSID(s: string): string {
112
    return "";
113
}
114

115

116

117
/**
118
 * DecodeZuluTimestamp decodes a Zulu timestamp
119
 * @example
120
 * ```javascript
121
 * const ldap = require('nuclei/ldap');
122
 * const timestamp = ldap.DecodeZuluTimestamp('2021-08-25T10:00:00Z');
123
 * log(timestamp);
124
 * ```
125
 */
126
export function DecodeZuluTimestamp(timestamp: string): string {
127
    return "";
128
}
129

130

131

132
/**
133
 * JoinFilters joins multiple filters into a single filter
134
 * @example
135
 * ```javascript
136
 * const ldap = require('nuclei/ldap');
137
 * const filter = ldap.JoinFilters(ldap.FilterIsPerson, ldap.FilterAccountEnabled);
138
 * ```
139
 */
140
export function JoinFilters(filters: any): string {
141
    return "";
142
}
143

144

145

146
/**
147
 * NegativeFilter returns a negative filter for a given filter
148
 * @example
149
 * ```javascript
150
 * const ldap = require('nuclei/ldap');
151
 * const filter = ldap.NegativeFilter(ldap.FilterIsPerson);
152
 * ```
153
 */
154
export function NegativeFilter(filter: string): string {
155
    return "";
156
}
157

158

159

160
/**
161
 * Client is a client for ldap protocol in nuclei
162
 * @example
163
 * ```javascript
164
 * const ldap = require('nuclei/ldap');
165
 * // here ldap.example.com is the ldap server and acme.com is the realm
166
 * const client = new ldap.Client('ldap://ldap.example.com', 'acme.com');
167
 * ```
168
 * @example
169
 * ```javascript
170
 * const ldap = require('nuclei/ldap');
171
 * const cfg = new ldap.Config();
172
 * cfg.Timeout = 10;
173
 * cfg.ServerName = 'ldap.internal.acme.com';
174
 * // optional config can be passed as third argument
175
 * const client = new ldap.Client('ldap://ldap.example.com', 'acme.com', cfg);
176
 * ```
177
 */
178
export class Client {
179
    
180

181
    
182
    public Host?: string;
183
    
184

185
    
186
    public Port?: number;
187
    
188

189
    
190
    public Realm?: string;
191
    
192

193
    
194
    public BaseDN?: string;
195
    
196

197
    // Constructor of Client
198
    constructor(public ldapUrl: string, public realm: string, public config?: Config ) {}
199
    
200

201
    /**
202
    * FindADObjects finds AD objects based on a filter
203
    * and returns them as a list of ADObject
204
    * @example
205
    * ```javascript
206
    * const ldap = require('nuclei/ldap');
207
    * const client = new ldap.Client('ldap://ldap.example.com', 'acme.com');
208
    * const users = client.FindADObjects(ldap.FilterIsPerson);
209
    * log(to_json(users));
210
    * ```
211
    */
212
    public FindADObjects(filter: string): SearchResult | null {
213
        return null;
214
    }
215
    
216

217
    /**
218
    * GetADUsers returns all AD users
219
    * using FilterIsPerson filter query
220
    * @example
221
    * ```javascript
222
    * const ldap = require('nuclei/ldap');
223
    * const client = new ldap.Client('ldap://ldap.example.com', 'acme.com');
224
    * const users = client.GetADUsers();
225
    * log(to_json(users));
226
    * ```
227
    */
228
    public GetADUsers(): SearchResult | null {
229
        return null;
230
    }
231
    
232

233
    /**
234
    * GetADActiveUsers returns all AD users
235
    * using FilterIsPerson and FilterAccountEnabled filter query
236
    * @example
237
    * ```javascript
238
    * const ldap = require('nuclei/ldap');
239
    * const client = new ldap.Client('ldap://ldap.example.com', 'acme.com');
240
    * const users = client.GetADActiveUsers();
241
    * log(to_json(users));
242
    * ```
243
    */
244
    public GetADActiveUsers(): SearchResult | null {
245
        return null;
246
    }
247
    
248

249
    /**
250
    * GetAdUserWithNeverExpiringPasswords returns all AD users
251
    * using FilterIsPerson and FilterDontExpirePassword filter query
252
    * @example
253
    * ```javascript
254
    * const ldap = require('nuclei/ldap');
255
    * const client = new ldap.Client('ldap://ldap.example.com', 'acme.com');
256
    * const users = client.GetADUserWithNeverExpiringPasswords();
257
    * log(to_json(users));
258
    * ```
259
    */
260
    public GetADUserWithNeverExpiringPasswords(): SearchResult | null {
261
        return null;
262
    }
263
    
264

265
    /**
266
    * GetADUserTrustedForDelegation returns all AD users that are trusted for delegation
267
    * using FilterIsPerson and FilterTrustedForDelegation filter query
268
    * @example
269
    * ```javascript
270
    * const ldap = require('nuclei/ldap');
271
    * const client = new ldap.Client('ldap://ldap.example.com', 'acme.com');
272
    * const users = client.GetADUserTrustedForDelegation();
273
    * log(to_json(users));
274
    * ```
275
    */
276
    public GetADUserTrustedForDelegation(): SearchResult | null {
277
        return null;
278
    }
279
    
280

281
    /**
282
    * GetADUserWithPasswordNotRequired returns all AD users that do not require a password
283
    * using FilterIsPerson and FilterPasswordNotRequired filter query
284
    * @example
285
    * ```javascript
286
    * const ldap = require('nuclei/ldap');
287
    * const client = new ldap.Client('ldap://ldap.example.com', 'acme.com');
288
    * const users = client.GetADUserWithPasswordNotRequired();
289
    * log(to_json(users));
290
    * ```
291
    */
292
    public GetADUserWithPasswordNotRequired(): SearchResult | null {
293
        return null;
294
    }
295
    
296

297
    /**
298
    * GetADGroups returns all AD groups
299
    * using FilterIsGroup filter query
300
    * @example
301
    * ```javascript
302
    * const ldap = require('nuclei/ldap');
303
    * const client = new ldap.Client('ldap://ldap.example.com', 'acme.com');
304
    * const groups = client.GetADGroups();
305
    * log(to_json(groups));
306
    * ```
307
    */
308
    public GetADGroups(): SearchResult | null {
309
        return null;
310
    }
311
    
312

313
    /**
314
    * GetADDCList returns all AD domain controllers
315
    * using FilterIsComputer, FilterAccountEnabled and FilterServerTrustAccount filter query
316
    * @example
317
    * ```javascript
318
    * const ldap = require('nuclei/ldap');
319
    * const client = new ldap.Client('ldap://ldap.example.com', 'acme.com');
320
    * const dcs = client.GetADDCList();
321
    * log(to_json(dcs));
322
    * ```
323
    */
324
    public GetADDCList(): SearchResult | null {
325
        return null;
326
    }
327
    
328

329
    /**
330
    * GetADAdmins returns all AD admins
331
    * using FilterIsPerson, FilterAccountEnabled and FilterIsAdmin filter query
332
    * @example
333
    * ```javascript
334
    * const ldap = require('nuclei/ldap');
335
    * const client = new ldap.Client('ldap://ldap.example.com', 'acme.com');
336
    * const admins = client.GetADAdmins();
337
    * log(to_json(admins));
338
    * ```
339
    */
340
    public GetADAdmins(): SearchResult | null {
341
        return null;
342
    }
343
    
344

345
    /**
346
    * GetADUserKerberoastable returns all AD users that are kerberoastable
347
    * using FilterIsPerson, FilterAccountEnabled and FilterHasServicePrincipalName filter query
348
    * @example
349
    * ```javascript
350
    * const ldap = require('nuclei/ldap');
351
    * const client = new ldap.Client('ldap://ldap.example.com', 'acme.com');
352
    * const kerberoastable = client.GetADUserKerberoastable();
353
    * log(to_json(kerberoastable));
354
    * ```
355
    */
356
    public GetADUserKerberoastable(): SearchResult | null {
357
        return null;
358
    }
359
    
360

361
    /**
362
    * GetADUserAsRepRoastable returns all AD users that are AsRepRoastable
363
    * using FilterIsPerson, and FilterDontRequirePreauth filter query
364
    * @example
365
    * ```javascript
366
    * const ldap = require('nuclei/ldap');
367
    * const client = new ldap.Client('ldap://ldap.example.com', 'acme.com');
368
    * const AsRepRoastable = client.GetADUserAsRepRoastable();
369
    * log(to_json(AsRepRoastable));
370
    * ```
371
    */
372
    public GetADUserAsRepRoastable(): SearchResult | null {
373
        return null;
374
    }
375
    
376

377
    /**
378
    * GetADDomainSID returns the SID of the AD domain
379
    * @example
380
    * ```javascript
381
    * const ldap = require('nuclei/ldap');
382
    * const client = new ldap.Client('ldap://ldap.example.com', 'acme.com');
383
    * const domainSID = client.GetADDomainSID();
384
    * log(domainSID);
385
    * ```
386
    */
387
    public GetADDomainSID(): string {
388
        return "";
389
    }
390
    
391

392
    /**
393
    * Authenticate authenticates with the ldap server using the given username and password
394
    * performs NTLMBind first and then Bind/UnauthenticatedBind if NTLMBind fails
395
    * @example
396
    * ```javascript
397
    * const ldap = require('nuclei/ldap');
398
    * const client = new ldap.Client('ldap://ldap.example.com', 'acme.com');
399
    * client.Authenticate('user', 'password');
400
    * ```
401
    */
402
    public Authenticate(username: string): void {
403
        return;
404
    }
405
    
406

407
    /**
408
    * AuthenticateWithNTLMHash authenticates with the ldap server using the given username and NTLM hash
409
    * @example
410
    * ```javascript
411
    * const ldap = require('nuclei/ldap');
412
    * const client = new ldap.Client('ldap://ldap.example.com', 'acme.com');
413
    * client.AuthenticateWithNTLMHash('pdtm', 'hash');
414
    * ```
415
    */
416
    public AuthenticateWithNTLMHash(username: string): void {
417
        return;
418
    }
419
    
420

421
    /**
422
    * Search accepts whatever filter and returns a list of maps having provided attributes
423
    * as keys and associated values mirroring the ones returned by ldap
424
    * @example
425
    * ```javascript
426
    * const ldap = require('nuclei/ldap');
427
    * const client = new ldap.Client('ldap://ldap.example.com', 'acme.com');
428
    * const results = client.Search('(objectClass=*)', 'cn', 'mail');
429
    * ```
430
    */
431
    public Search(filter: string, attributes: any): SearchResult | null {
432
        return null;
433
    }
434
    
435

436
    /**
437
    * AdvancedSearch accepts all values of search request type and return Ldap Entry
438
    * its up to user to handle the response
439
    * @example
440
    * ```javascript
441
    * const ldap = require('nuclei/ldap');
442
    * const client = new ldap.Client('ldap://ldap.example.com', 'acme.com');
443
    * const results = client.AdvancedSearch(ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, '(objectClass=*)', ['cn', 'mail'], []);
444
    * ```
445
    */
446
    public AdvancedSearch(Scope: number, TypesOnly: boolean, Filter: string, Attributes: string[], Controls: any): SearchResult | null {
447
        return null;
448
    }
449
    
450

451
    /**
452
    * CollectLdapMetadata collects metadata from ldap server.
453
    * @example
454
    * ```javascript
455
    * const ldap = require('nuclei/ldap');
456
    * const client = new ldap.Client('ldap://ldap.example.com', 'acme.com');
457
    * const metadata = client.CollectMetadata();
458
    * log(to_json(metadata));
459
    * ```
460
    */
461
    public CollectMetadata(): Metadata | null {
462
        return null;
463
    }
464
    
465

466
    /**
467
    * close the ldap connection
468
    * @example
469
    * ```javascript
470
    * const ldap = require('nuclei/ldap');
471
    * const client = new ldap.Client('ldap://ldap.example.com', 'acme.com');
472
    * client.Close();
473
    * ```
474
    */
475
    public Close(): void {
476
        return;
477
    }
478
    
479

480
}
481

482

483

484
/**
485
 * Config is extra configuration for the ldap client
486
 * @example
487
 * ```javascript
488
 * const ldap = require('nuclei/ldap');
489
 * const cfg = new ldap.Config();
490
 * cfg.Timeout = 10;
491
 * cfg.ServerName = 'ldap.internal.acme.com';
492
 * cfg.Upgrade = true; // upgrade to tls
493
 * ```
494
 */
495
export interface Config {
496
    
497
    /**
498
    * Timeout is the timeout for the ldap client in seconds
499
    */
500
    
501
    Timeout?: number,
502
    
503
    ServerName?: string,
504
    
505
    Upgrade?: boolean,
506
}
507

508

509

510
/**
511
 * LdapAttributes represents all LDAP attributes of a particular
512
 * ldap entry
513
 */
514
export interface LdapAttributes {
515
    
516
    /**
517
    * CurrentTime contains current time
518
    */
519
    
520
    CurrentTime?: string[],
521
    
522
    /**
523
    * SubschemaSubentry contains subschema subentry
524
    */
525
    
526
    SubschemaSubentry?: string[],
527
    
528
    /**
529
    * DsServiceName contains ds service name
530
    */
531
    
532
    DsServiceName?: string[],
533
    
534
    /**
535
    * NamingContexts contains naming contexts
536
    */
537
    
538
    NamingContexts?: string[],
539
    
540
    /**
541
    * DefaultNamingContext contains default naming context
542
    */
543
    
544
    DefaultNamingContext?: string[],
545
    
546
    /**
547
    * SchemaNamingContext contains schema naming context
548
    */
549
    
550
    SchemaNamingContext?: string[],
551
    
552
    /**
553
    * ConfigurationNamingContext contains configuration naming context
554
    */
555
    
556
    ConfigurationNamingContext?: string[],
557
    
558
    /**
559
    * RootDomainNamingContext contains root domain naming context
560
    */
561
    
562
    RootDomainNamingContext?: string[],
563
    
564
    /**
565
    * SupportedLDAPVersion contains supported LDAP version
566
    */
567
    
568
    SupportedLDAPVersion?: string[],
569
    
570
    /**
571
    * HighestCommittedUSN contains highest committed USN
572
    */
573
    
574
    HighestCommittedUSN?: string[],
575
    
576
    /**
577
    * SupportedSASLMechanisms contains supported SASL mechanisms
578
    */
579
    
580
    SupportedSASLMechanisms?: string[],
581
    
582
    /**
583
    * DnsHostName contains DNS host name
584
    */
585
    
586
    DnsHostName?: string[],
587
    
588
    /**
589
    * LdapServiceName contains LDAP service name
590
    */
591
    
592
    LdapServiceName?: string[],
593
    
594
    /**
595
    * ServerName contains server name
596
    */
597
    
598
    ServerName?: string[],
599
    
600
    /**
601
    * IsSynchronized contains is synchronized
602
    */
603
    
604
    IsSynchronized?: string[],
605
    
606
    /**
607
    * IsGlobalCatalogReady contains is global catalog ready
608
    */
609
    
610
    IsGlobalCatalogReady?: string[],
611
    
612
    /**
613
    * DomainFunctionality contains domain functionality
614
    */
615
    
616
    DomainFunctionality?: string[],
617
    
618
    /**
619
    * ForestFunctionality contains forest functionality
620
    */
621
    
622
    ForestFunctionality?: string[],
623
    
624
    /**
625
    * DomainControllerFunctionality contains domain controller functionality
626
    */
627
    
628
    DomainControllerFunctionality?: string[],
629
    
630
    /**
631
    * DistinguishedName contains the distinguished name
632
    */
633
    
634
    DistinguishedName?: string[],
635
    
636
    /**
637
    * SAMAccountName contains the SAM account name
638
    */
639
    
640
    SAMAccountName?: string[],
641
    
642
    /**
643
    * PWDLastSet contains the password last set time
644
    */
645
    
646
    PWDLastSet?: string[],
647
    
648
    /**
649
    * LastLogon contains the last logon time
650
    */
651
    
652
    LastLogon?: string[],
653
    
654
    /**
655
    * MemberOf contains the groups the entry is a member of
656
    */
657
    
658
    MemberOf?: string[],
659
    
660
    /**
661
    * ServicePrincipalName contains the service principal names
662
    */
663
    
664
    ServicePrincipalName?: string[],
665
    
666
    /**
667
    * Extra contains other extra fields which might be present
668
    */
669
    
670
    Extra?: Record<string, any>,
671
}
672

673

674

675
/**
676
 * LdapEntry represents a single LDAP entry
677
 */
678
export interface LdapEntry {
679
    
680
    /**
681
    * DN contains distinguished name
682
    */
683
    
684
    DN?: string,
685
    
686
    /**
687
    * Attributes contains list of attributes
688
    */
689
    
690
    Attributes?: LdapAttributes,
691
}
692

693

694

695
/**
696
 * Metadata is the metadata for ldap server.
697
 * this is returned by CollectMetadata method
698
 */
699
export interface Metadata {
700
    
701
    BaseDN?: string,
702
    
703
    Domain?: string,
704
    
705
    DefaultNamingContext?: string,
706
    
707
    DomainFunctionality?: string,
708
    
709
    ForestFunctionality?: string,
710
    
711
    DomainControllerFunctionality?: string,
712
    
713
    DnsHostName?: string,
714
}
715

716

717

718
/**
719
 * SearchResult contains search result of any / all ldap search request
720
 * @example
721
 * ```javascript
722
 * const ldap = require('nuclei/ldap');
723
 * const client = new ldap.Client('ldap://ldap.example.com', 'acme.com');
724
 * const results = client.Search('(objectinterface=*)', 'cn', 'mail');
725
 * ```
726
 */
727
export interface SearchResult {
728
    
729
    /**
730
    * Referrals contains list of referrals
731
    */
732
    
733
    Referrals?: string[],
734
    
735
    /**
736
    * Controls contains list of controls
737
    */
738
    
739
    Controls?: string[],
740
    
741
    /**
742
    * Entries contains list of entries
743
    */
744
    
745
    Entries?: LdapEntry[],
746
}
747

748

749
Product

Resources

Company
