Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/the-useless-one/pywerview/llms.txt

Use this file to discover all available pages before exploring further.

PywerView brings the power of PowerSploit’s PowerView to Linux, letting pentesters enumerate Active Directory environments without needing a domain-joined Windows machine. Built on impacket and ldap3, it supports NTLM, Kerberos, and certificate-based (SChannel) authentication against domain controllers and individual hosts.

Installation

Install PywerView via pip or Docker, with optional Kerberos support

Quickstart

Run your first AD enumeration command in minutes

Authentication

NTLM, Kerberos, SChannel, and TLS connection options

Command Reference

Full reference for all 37 enumeration and hunting commands

What PywerView Does

PywerView exposes two categories of commands:
  • LDAP commands — query a domain controller for users, groups, computers, GPOs, OUs, trusts, PKI, and service accounts
  • RPC/SMB commands — query individual hosts for active sessions, shares, logged-on users, local groups, running processes, and event logs
All commands support JSON output (--json) for easy integration into pipelines and other tooling.

User & Group Enumeration

Query users, groups, group memberships, and admin accounts

Computer & Domain Recon

Enumerate computers, DCs, OUs, sites, subnets, and domain trusts

GPO Analysis

Map GPOs to computers and users to find privilege escalation paths

Network & Shares

Discover shares, sessions, logged-on users, and local admins

User Hunting

Find where specific domain users are currently logged in

PKI Enumeration

Enumerate certificate authorities and vulnerable certificate templates

Quick Example

# List all domain computers
pywerview get-netcomputer -t dc.contoso.com -u alice -p 'P@ssw0rd' -w contoso.com

# Find where Domain Admins are logged in
pywerview invoke-userhunter -t dc.contoso.com -u alice -p 'P@ssw0rd' -w contoso.com --groupname "Domain Admins"
PywerView requires Python 3.6+ and network access to your target domain controller. The domain name must be specified in UPN format (e.g., contoso.com), not the legacy Win2k format (CONTOSO).

Guides

Run with Docker

Use the official Docker image for isolated, dependency-free execution

Use as a Python Library

Import PywerView modules directly into your Python scripts

Kerberos Authentication

Authenticate with Kerberos tickets from a ccache credential file

Output Formats

Parse JSON output and integrate with other security tools

Build docs developers (and LLMs) love

Get started for freeTalk to us