Just posted some code (libraries and scripts) that allows Nmap to do LDAP queries. It’s available from the nmap-scripts page. The code consists of two libraries asn1 and ldap that do most of the work. The LDAP library supports the SearchRequest, BindRequest and UnbindRequest operations and therefore supports both unauthenticated and authenticated searches.
The functionality is still somewhat limited and the library has the following shortcomings in my opinion:
- At the moment it only supports simple bind
- It lacks filter parsing support. That said, it supports filters, but they need to be supplied using tables rather than their textual representation as described in RFC 2254.
- SSL is currently not supported mainly because I didn’t have an SSL enabled LDAP server running.
- Some attributes returned by AD fail parsing and return a blob of hex characters.
- There’s an annoying GUI indentation bug that needs tending to.
Despite these shortcomings I’m releasing a first version of the library and scripts. The scripts have undergone limited testing against both OpenLDAP and ActiveDirectory.