diff --git a/README.md b/README.md index 2fb5248..1f50512 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,9 @@ ## Get SharpHound -The latest build of SharpHound will always be in the BloodHound repository [here](https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors) +The latest build of SharpHound will always be found [here](https://github.com/BloodHoundAD/SharpHound/releases). + +To determine the SharpHound version compatible with a deployed BloodHound CE instance, login to BloodHound CE's web UI and click on ⚙️ (Settings) → Download Collectors. Then, click either the "Download SharpHound" button in the user interface or use the displayed SharpHound version to download the appropriate [release binary](https://github.com/BloodHoundAD/SharpHound/releases). Alternatively, compile a SharpHound binary from the corresponding release commit. ## Compile Instructions @@ -26,8 +28,8 @@ dotnet restore . dotnet build ``` -# CLI - +# CLI Arguments +The listing below details the CLI arguments SharpHound supports. Additional details about these options can be found in the [BloodHound CE Collection documentation](https://support.bloodhoundenterprise.io/hc/en-us/articles/17481375424795-All-SharpHound-Community-Edition-Flags-Explained). ``` -c, --collectionmethods (Default: Default) Collection Methods: Container, Group, LocalGroup, GPOLocalGroup, Session, LoggedOn, ObjectProps, ACL, ComputerOnly, Trusts, Default, RDP, DCOM, DCOnly, UserRights, CARegistry, DCRegistry, CertServices diff --git a/src/Runtime/ObjectProcessors.cs b/src/Runtime/ObjectProcessors.cs index 10230ac..4e289ad 100644 --- a/src/Runtime/ObjectProcessors.cs +++ b/src/Runtime/ObjectProcessors.cs @@ -576,6 +576,7 @@ private async Task ProcessEnterpriseCA(IDirectoryObject entry, var cASecurityCollected = false; var enrollmentAgentRestrictionsCollected = false; var isUserSpecifiesSanEnabledCollected = false; + var roleSeparationEnabledCollected = false; var caName = entry.GetProperty(LDAPProperties.Name); var dnsHostName = entry.GetProperty(LDAPProperties.DNSHostName); if (caName != null && dnsHostName != null) { @@ -594,6 +595,7 @@ private async Task ProcessEnterpriseCA(IDirectoryObject entry, IsUserSpecifiesSanEnabled = _certAbuseProcessor.IsUserSpecifiesSanEnabled(dnsHostName, caName), EnrollmentAgentRestrictions = await _certAbuseProcessor.ProcessEAPermissions(caName, resolvedSearchResult.Domain, dnsHostName, ret.HostingComputer), + RoleSeparationEnabled = _certAbuseProcessor.RoleSeparationEnabled(dnsHostName, caName), // The CASecurity exist in the AD object DACL and in registry of the CA server. We prefer to use the values from registry as they are the ground truth. // If changes are made on the CA server, registry and the AD object is updated. If changes are made directly on the AD object, the CA server registry is not updated. @@ -604,12 +606,14 @@ private async Task ProcessEnterpriseCA(IDirectoryObject entry, cASecurityCollected = cARegistryData.CASecurity.Collected; enrollmentAgentRestrictionsCollected = cARegistryData.EnrollmentAgentRestrictions.Collected; isUserSpecifiesSanEnabledCollected = cARegistryData.IsUserSpecifiesSanEnabled.Collected; + roleSeparationEnabledCollected = cARegistryData.RoleSeparationEnabled.Collected; ret.CARegistryData = cARegistryData; } ret.Properties.Add("casecuritycollected", cASecurityCollected); ret.Properties.Add("enrollmentagentrestrictionscollected", enrollmentAgentRestrictionsCollected); ret.Properties.Add("isuserspecifiessanenabledcollected", isUserSpecifiesSanEnabledCollected); + ret.Properties.Add("roleseparationenabledcollected", roleSeparationEnabledCollected); } return ret;