Home
Nebulous Active Directory (or NebulousAD) is a tool built to audit user passwords in Active Directory. At NuID, we dedicate a lot of effort into understanding weaknesses in authentication. Project Nebulous is part of our research into this arena. Starting in 2009 as a personal project, we began collecting every single data breach that was publicly posted that we could get our hands on. We then made this data easily searchable, so we could more effectively take a proactive approach against password breaches, and stop credential stuffing attacks and targeted password reuse before they impacted our network.
We open-sourced and released NebulousAD at B-Sides Las Vegas in 2019, so that the entire industry can take advantage of one of the tools we've used to harden Enterprise networks. Designed to be easy to setup and easy to use, we hope this tool will be invaluable for systems administrators who are not savy on how to manually audit the credentials within their Active Directory domains.
Because privacy is always a concern, which is why we have taken several measures to limit or prevent our API from being abused by anyone, including us. You can read more about it by clicking "About K-Anonymity" in the Quicklinks section.
The most basic usage to dump and check hashes:
nebulousAD -v -snap --check
This will snapshot your domain and check the hashes against NuID's API.
To check and audit your hashes yourself offline without using NuID's API, you can dump the hashes to either JSON or CSV format:
nebulousAD -v -snap -csv C:\audit_output.csv
Then you can use your own database of hashes and scripts to check against, such as Troy hunt's list of NTLM hashes.
