ACLight is a tool designed for discovering privileged accounts through advanced Access Control Lists (ACLs) analysis in Active Directory environments. The following steps provide a basic guide on how to use ACLight.
Installation
- Download ACLight:
Clone or download the ACLight repository from GitHub.
- Navigate to the ACLight2 Directory:
Open a PowerShell window and navigate to the ACLight2 main folder.
- Import the Module:
Run the following command to import the ACLight2 module:
4. Start ACLs Analysis:
Run the following command to start the ACLs analysis:
5. Choose the Target Domain (Optional):
By default, ACLight automatically scans all domains in the scanned network forest. If you're interested in scanning a specific domain, use the Domain parameter:
Results
The tool generates several result files:
"Privileged Accounts - LayersAnalysis.txt":
Executive summary listing the mostprivileged accounts discovered in the scanned network.
"Privileged Accounts Permissions -Final Report.csv":
Final summary report detailing the exactsensitive permissions each account has.
"Privileged Accounts Permissions -Irregular Accounts.csv":
Similar to the final report, focusing onprivileged accounts with direct assignment of ACL permissions (not throughgroup membership).
Additional Information
- ACLight2 offers improved scan architecture, scalability, and performance.
- A recursive scan forms the foundation of the tool's multi-layered privileged accounts analysis.
- You may launch the programme by double-clicking "Execute-ACLight.bat" or by following the PowerShell instructions that come with it.
