https://github.com/NetSPI/goddi
Goddi (go dump domain info) dumps Active Directory domain information.
ADReaper performs enumeration with various commands that performs LDAP queries with respective to it.
PS D:goddi> .\goddi.exe
-dc string
DC to connect to, use IP or full hostname ex. -dc="dc.test.local"
-domain string
domain ex. -domain="test.local"
-password string
password to connect with ex. -password="testpass!"
-startTLS
Use for StartTLS on 389. Default is TLS on 636
-unsafe
Use for testing and plaintext connection
-username string
username to connect with ex. -username="testuser"
StartTLS and TLS (tls.Client func) connections supported. Connections over TLS are default. All output goes to CSVs and are created in /csv/ in the current working directory. Dumps: