https://github.com/m8sec/ActiveReign
ActiveReign, code name AR3, is a network enumeration and attack toolset designed for use on Windows Active Directory environments. It makes use of built-in Windows components to make enumerating large environments easier, all while keeping stealth in mind.
AR3 relies on the famous Impacket library and builds on the brilliant concepts found in CrackMapExec. Throughout building this tool there have been many intended and unintended contributors
$ activereign enum -u administrator -p Password123 --local-auth -M test_execution 192.168.1.1
[*] Enum Authentication \administrator (Password: P****) (Hash: False)
[+] DC01 192.168.1.1 ENUM Windows Server 2008 R2 Standard 7601 Service Pack 1 (Domain: DEMO) (Signing: True) (SMBv1: True) (Adm!n)
[*] DC01 192.168.1.1 TEST_EXECUTION Testing execution methods
[*] DC01 192.168.1.1 TEST_EXECUTION Execution Method: WMIEXEC Fileless: SUCCESS Remote (Default): SUCCESS
[*] DC01 192.168.1.1 TEST_EXECUTION Execution Method: SMBEXEC Fileless: SUCCESS Remote (Default): SUCCESS
[*] DC01 192.168.1.1 TEST_EXECUTION Execution Method: ATEXEC Fileless: SUCCESS Remote (Default): SUCCESS
[*] DC01 192.168.1.1 TEST_EXECUTION Execution Method: WINRM Fileless: N/A Remote (Default): SUCCESS