From d04467ad3b27c58a9a764214c99b79303ba18ae5 Mon Sep 17 00:00:00 2001 From: JonasBK Date: Thu, 23 Apr 2026 15:02:26 +0200 Subject: [PATCH 1/2] collect or skip custom deny aces count --- .codex | 0 README.md | 2 ++ src/Options.cs | 3 +++ src/PowerShell/Template.ps1 | 7 +++++++ src/Runtime/ObjectProcessors.cs | 18 +++++++++--------- src/Sharphound.cs | 5 +++-- 6 files changed, 24 insertions(+), 11 deletions(-) create mode 100644 .codex diff --git a/.codex b/.codex new file mode 100644 index 0000000..e69de29 diff --git a/README.md b/README.md index fe61e32..864f3e9 100644 --- a/README.md +++ b/README.md @@ -109,6 +109,8 @@ The listing below details the CLI arguments SharpHound supports. Additional deta --collectallproperties Collect all LDAP properties from objects + --skipdenyacescount Skip collecting custom deny ACE counts in LDAP object properties + -l, --Loop Loop computer collection --loopduration Loop duration (hh:mm:ss - 05:00:00 is 5 hours, default: 2 hrs) diff --git a/src/Options.cs b/src/Options.cs index bdc84e2..98ed40b 100644 --- a/src/Options.cs +++ b/src/Options.cs @@ -139,6 +139,9 @@ public class Options [Option(HelpText = "Collect all LDAP properties from objects")] public bool CollectAllProperties { get; set; } + + [Option(HelpText = "Skip collecting custom deny ACE counts in LDAP object properties")] + public bool SkipDenyAcesCount { get; set; } [Option(HelpText = "Split the main ldap query into smaller chunks to attempt to reduce server load")] public bool PartitionLdapQueries { get; set; } diff --git a/src/PowerShell/Template.ps1 b/src/PowerShell/Template.ps1 index f19d7bb..6292b2e 100644 --- a/src/PowerShell/Template.ps1 +++ b/src/PowerShell/Template.ps1 @@ -184,6 +184,10 @@ .PARAMETER CollectAllProperties Collect all string LDAP properties on objects + + .PARAMETER SkipDenyAcesCount + + Skip collecting custom deny ACE counts in LDAP object properties .PARAMETER Loop @@ -360,6 +364,9 @@ [Switch] $CollectAllProperties, + [Switch] + $SkipDenyAcesCount, + [Switch] $Loop, diff --git a/src/Runtime/ObjectProcessors.cs b/src/Runtime/ObjectProcessors.cs index 457ddbf..5d2f5e6 100644 --- a/src/Runtime/ObjectProcessors.cs +++ b/src/Runtime/ObjectProcessors.cs @@ -581,7 +581,7 @@ private async Task ProcessGPOObject(IDirectoryObject entry, } if (_methods.HasFlag(CollectionMethod.ObjectProps)) { - ret.Properties = ContextUtils.Merge(ret.Properties, LdapPropertyProcessor.ReadGPOProperties(entry)); + ret.Properties = ContextUtils.Merge(ret.Properties, await _ldapPropertyProcessor.ReadGPOProperties(entry)); if (_context.Flags.CollectAllProperties) { ret.Properties = ContextUtils.Merge(_ldapPropertyProcessor.ParseAllProperties(entry), ret.Properties); @@ -611,7 +611,7 @@ private async Task ProcessOUObject(IDirectoryObject entry, } if (_methods.HasFlag(CollectionMethod.ObjectProps)) { - ret.Properties = ContextUtils.Merge(ret.Properties, LdapPropertyProcessor.ReadOUProperties(entry)); + ret.Properties = ContextUtils.Merge(ret.Properties, await _ldapPropertyProcessor.ReadOUProperties(entry)); if (_context.Flags.CollectAllProperties) { ret.Properties = ContextUtils.Merge(_ldapPropertyProcessor.ParseAllProperties(entry), ret.Properties); @@ -662,7 +662,7 @@ private async Task ProcessContainerObject(IDirectoryObject entry, if (_methods.HasFlag(CollectionMethod.ObjectProps) || _methods.HasFlag(CollectionMethod.CertServices)) { ret.Properties = - ContextUtils.Merge(LdapPropertyProcessor.ReadContainerProperties(entry), ret.Properties); + ContextUtils.Merge(await _ldapPropertyProcessor.ReadContainerProperties(entry), ret.Properties); if (_context.Flags.CollectAllProperties) { ret.Properties = ContextUtils.Merge(_ldapPropertyProcessor.ParseAllProperties(entry), ret.Properties); @@ -693,7 +693,7 @@ private async Task ProcessRootCA(IDirectoryObject entry, ResolvedSearchR } if (_methods.HasFlag(CollectionMethod.ObjectProps) || _methods.HasFlag(CollectionMethod.CertServices)) { - var props = LdapPropertyProcessor.ReadRootCAProperties(entry); + var props = await _ldapPropertyProcessor.ReadRootCAProperties(entry); ret.Properties.Merge(props); } @@ -724,7 +724,7 @@ private async Task ProcessAIACA(IDirectoryObject entry, ResolvedSearchRes } if (_methods.HasFlag(CollectionMethod.ObjectProps) || _methods.HasFlag(CollectionMethod.CertServices)) { - var props = LdapPropertyProcessor.ReadAIACAProperties(entry); + var props = await _ldapPropertyProcessor.ReadAIACAProperties(entry); ret.Properties.Merge(props); } @@ -754,7 +754,7 @@ private async Task ProcessEnterpriseCA(IDirectoryObject entry, Res } if (_methods.HasFlag(CollectionMethod.ObjectProps) || _methods.HasFlag(CollectionMethod.CertServices)) { - var props = LdapPropertyProcessor.ReadEnterpriseCAProperties(entry); + var props = await _ldapPropertyProcessor.ReadEnterpriseCAProperties(entry); ret.Properties.Merge(props); // Enabled cert templates @@ -871,7 +871,7 @@ private async Task ProcessNTAuthStore(IDirectoryObject entry, } if (_methods.HasFlag(CollectionMethod.ObjectProps) || _methods.HasFlag(CollectionMethod.CertServices)) { - var props = LdapPropertyProcessor.ReadNTAuthStoreProperties(entry); + var props = await _ldapPropertyProcessor.ReadNTAuthStoreProperties(entry); if (entry.TryGetByteArrayProperty(LDAPProperties.CACertificate, out var rawCertificates)) { var certificates = from rawCertificate in rawCertificates @@ -910,7 +910,7 @@ private async Task ProcessCertTemplate(IDirectoryObject entry, } if (_methods.HasFlag(CollectionMethod.ObjectProps) || _methods.HasFlag(CollectionMethod.CertServices)) { - var certTemplatesProps = LdapPropertyProcessor.ReadCertTemplateProperties(entry); + var certTemplatesProps = await _ldapPropertyProcessor.ReadCertTemplateProperties(entry); ret.Properties.Merge(certTemplatesProps); } @@ -956,4 +956,4 @@ private async Task ProcessIssuancePolicy(IDirectoryObject entry, return ret; } } -} \ No newline at end of file +} diff --git a/src/Sharphound.cs b/src/Sharphound.cs index 1229650..f0cebd1 100644 --- a/src/Sharphound.cs +++ b/src/Sharphound.cs @@ -104,7 +104,8 @@ await options.WithParsedAsync(async options => DisableSigning = options.DisableSigning, ForceSSL = options.ForceSecureLDAP, AuthType = AuthType.Negotiate, - DisableCertVerification = options.DisableCertVerification + DisableCertVerification = options.DisableCertVerification, + SkipDenyAcesCount = options.SkipDenyAcesCount }; if (options.DomainController != null) ldapOptions.Server = options.DomainController; @@ -264,4 +265,4 @@ public static void InvokeSharpHound(string[] args) { } #endregion -} \ No newline at end of file +} From b2079f19fcd2e054a226d295dfa0e9a4e72e8071 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jonas=20B=C3=BClow=20Knudsen?= <12843299+JonasBK@users.noreply.github.com> Date: Thu, 14 May 2026 20:41:23 +0200 Subject: [PATCH 2/2] Delete .codex --- .codex | 0 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 .codex diff --git a/.codex b/.codex deleted file mode 100644 index e69de29..0000000