integrated enum_trusts

termanix · termanix · commit c87d0c206b96 · 2025-05-07T15:06:44.000-04:00
diff --git a/nxc/protocols/ldap.py b/nxc/protocols/ldap.py
@@ -815,6 +815,26 @@ def resolve_and_display_hostname(name, domain_name=None):
                     trust_flat_name = trust["flatName"]
                     trust_direction = int(trust["trustDirection"])
                     trust_type = int(trust["trustType"])
+                    trust_attributes = trust["trustAttributes"]
+                    
+                    trust_attribute_flags = {
+                        0x1:    "Non-Transitive",
+                        0x2:    "Uplevel-Only",
+                        0x4:    "Quarantined Domain",
+                        0x8:    "Forest Transitive",
+                        0x10:   "Cross Organization",
+                        0x20:   "Within Forest",
+                        0x40:   "Treat as External",
+                        0x80:   "Uses RC4 Encryption",
+                        0x100:  "Cross Organization No TGT Delegation",
+                        0x2000: "PAM Trust"
+                    }
+
+                    # For check if multiple posibble flags, like Uplevel-Only, Treat as External
+                    trust_attributes_text = ", ".join([
+                        text for flag, text in trust_attribute_flags.items()
+                        if int(trust_attributes) & flag
+                    ]) or "Other"  # If Trust attrs not known
 
                     # Convert trust direction/type to human-readable format
                     direction_text = {
@@ -833,7 +853,7 @@ def resolve_and_display_hostname(name, domain_name=None):
                     }[trust_type]
 
                     self.logger.info(f"Processing trusted domain: {trust_name} ({trust_flat_name})")
-                    self.logger.info(f"Trust type: {trust_type_text}, Direction: {direction_text}")
+                    self.logger.info(f"Trust type: {trust_type_text}, Direction: {direction_text}, Trust Attributes: {trust_attributes_text}")
 
                 except Exception as e:
                     self.logger.fail(f"Failed {e} in trust entry: {trust}")
@@ -849,6 +869,7 @@ def resolve_and_display_hostname(name, domain_name=None):
                         for srv in srv_records:
                             dc_hostname = str(srv.target).rstrip(".")
                             self.logger.highlight(f"Found DC in trusted domain: {colored(dc_hostname, host_info_colors[0])}")
+                            self.logger.highlight(f"{trust_name} -> {direction_text} -> {trust_attributes_text}")
                             resolve_and_display_hostname(dc_hostname)
                     except Exception as e:
                         self.logger.fail(f"Failed to resolve DCs for {trust_name} via DNS: {e}")
