
A cross-platform tool to parse and describe the contents of a raw ntSecurityDescriptor structure.
<a href="https://github.com/TheManticoreProject/DescribeNTSecurityDescriptor/actions/workflows/release.yaml" title="Build"><img alt="Build and Release" src="https://github.com/TheManticoreProject/DescribeNTSecurityDescriptor/actions/workflows/release.yaml/badge.svg"></a>
<img alt="GitHub release (latest by date)" src="https://img.shields.io/github/v/release/TheManticoreProject/DescribeNTSecurityDescriptor">
<img alt="Go Report Card" src="https://goreportcard.com/badge/github.com/TheManticoreProject/DescribeNTSecurityDescriptor">
--summaryACCESS_ALLOWED_ACEACCESS_ALLOWED_OBJECT_ACEACCESS_DENIED_ACEACCESS_DENIED_OBJECT_ACEACCESS_ALLOWED_CALLBACK_ACEACCESS_DENIED_CALLBACK_ACEACCESS_ALLOWED_CALLBACK_OBJECT_ACEACCESS_DENIED_CALLBACK_OBJECT_ACESYSTEM_AUDIT_ACESYSTEM_AUDIT_OBJECT_ACESYSTEM_AUDIT_CALLBACK_ACESYSTEM_MANDATORY_LABEL_ACESYSTEM_AUDIT_CALLBACK_OBJECT_ACESYSTEM_RESOURCE_ATTRIBUTE_ACESYSTEM_SCOPED_POLICY_ID_ACE$ ./DescribeNTSecurityDescriptor -h
DescribeNTSecurityDescriptor - by Remi GASCOU (Podalirius) @ TheManticoreProject - v1.3.0
Usage: DescribeNTSecurityDescriptor [--debug] [--domain <string>] [--username <string>] [--password <string>] [--hashes <string>] [--dc-ip <string>] [--port <tcp port>] [--use-ldaps] [--distinguished-name <string>] [--file-hex <string>] [--file-base64 <string>] [--file-raw <string>] [--value-hex <string>] [--value-base64 <string>]
-d, --debug Debug mode. (default: false)
Authentication:
-d, --domain <string> Active Directory domain to authenticate to. (default: "")
-u, --username <string> User to authenticate as. (default: "")
-p, --password <string> Password to authenticate with. (default: "")
-H, --hashes <string> NT/LM hashes, format is LMhash:NThash. (default: "")
LDAP Connection Settings:
-dc, --dc-ip <string> IP Address of the domain controller or KDC (Key Distribution Center) for Kerberos. If omitted, it will use the domain part (FQDN) specified in the identity parameter. (default: "")
-P, --port <tcp port> Port number to connect to LDAP server. (default: 389)
-l, --use-ldaps Use LDAPS instead of LDAP. (default: false)
Source Values:
-D, --distinguished-name <string> Distinguished Name. (default: "")
-fh, --file-hex <string> Path to file containing the hexadecimal string value of NTSecurityDescriptor. (default: "")
-fb, --file-base64 <string> Path to file containing the base64 encoded value of NTSecurityDescriptor. (default: "")
-fr, --file-raw <string> Path to file containing the raw binary value of NTSecurityDescriptor. (default: "")
-vh, --value-hex <string> Raw hexadecimal string value of NTSecurityDescriptor. (default: "")
-vb, --value-base64 <string> Raw base64 encoded value of NTSecurityDescriptor. (default: "")
--distinguished-name./DescribeNTSecurityDescriptor --debug --username "Administrator" --domain "LAB.local" --password "Admin123!" --dc-ip "10.0.0.201" --distinguished-name "CN=Administrator,CN=Users,DC=LAB,DC=local"

--value-hex./DescribeNTSecurityDescriptor --username "Administrator" --domain "LAB.local" --password "Admin123!" --dc-ip "10.0.0.201" --debug --value-hex "0100149ccc000000e800000014000000a000000004008c00030000000240140020000c00010100000000000100000000075a38002000000003000000be3b0ef3f09fd111b6030000f80367c1a57a96bfe60dd011a28500aa003049e2010100000000000100000000075a38002000000003000000bf3b0ef3f09fd111b6030000f80367c1a57a96bfe60dd011a28500aa003049e201010000000000010000000002002c000100000000002400ff010f0001050000000000051500000028bb82279261b9fe2474aa5d0002000001050000000000051500000028bb82279261b9fe2474aa5d0002000001050000000000051500000028bb82279261b9fe20"

To build the project, use the following Docker command in this directory:
docker run -v $(pwd):/workspace/ podalirius/build-go-project
Or, if you want to build it manually, you can use the following commands:
GOOS=linux GOARCH=amd64; mkdir -p "/workspace/bin/linux/${GOOS}/${GOARCH}/" && /usr/local/go/bin/go build -o "/workspace/bin/linux/${GOOS}/${GOARCH}/DescribeNTSecurityDescriptor" -buildvcs=false
Pull requests are welcome. Feel free to open an issue if you want to add other features.
$ claude mcp add DescribeNTSecurityDescriptor \
-- python -m otcore.mcp_server <graph>