dsexport
Created by Brendan Chamberlain (@infosecB)
Description
dsexport is a command-line utility designed to export records from the directory services database on a local host or from a connected LDAP service. The tool can be used to gather information about users, groups, and computers. The tool can also be used to export the directory services database to a file for offline analysis.
| Created | Tactics | Tags |
|---|---|---|
| 2023-05-23 | Reconnaissance Discovery | ldap users groups |
Paths
/usr/bin/dsexport
Use Cases
Export local host users
Export the local host user information to a file
dsexport local_users.txt /Local/Default dsRecTypeStandard:Users
Export local host groups
Export the local host group information to a file
dsexport local_groups.txt /Local/Default dsRecTypeStandard:Groups
Detections
- No detections at time of publishing