# LDAP Enum

#### All NMAP NSE scripts

```
for i in $(ls -la /usr/share/nmap/scripts/ldap* |cut -d "/" -f6); do nmap -p 389 --script $i 10.10.10.10; done
```

#### LDAP Search

```
nmap --script=ldap-search 10.10.10.10
```

#### LDAP Connect

```
ldapsearch -H ldap://10.10.10.10 -u username
```

#### LDAP DC namingcontexts

```
ldapsearch -x -h 10.10.10.10 -p 389 -s base namingcontexts
```

#### LDAP further enum

```
ldapsearch -x -h 10.10.10.10 -p 389 -b “dc=name,dc=net”
```