Metadata-Version: 2.1
Name: ntdsdotsqlite
Version: 1.1.7
Summary: A small utility to get an SQLite  database from an NTDS.DIT file.
Home-page: https://github.com/almandin/ntdsdotsqlite
License: Beerware
Author: Virgile Jarry
Author-email: virgile@mailbox.org
Requires-Python: >=3.9,<4.0
Classifier: License :: Other/Proprietary License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Requires-Dist: dissect[ese] (>=3.5,<4.0)
Requires-Dist: impacket (>=0.10,<0.11)
Requires-Dist: pycryptodomex (>=3.18.0,<4.0.0)
Requires-Dist: tqdm (>=4.65.0,<5.0.0)
Project-URL: Documentation, https://github.com/almandin/ntdsdotsqlite/README.md
Project-URL: Repository, https://github.com/almandin/ntdsdotsqlite
Description-Content-Type: text/markdown

# NTDS.Sqlite

This software can be used either directly as a CLI utility or as a library to get an SQLite database from an NTDS.DIT one. Encrypted bits can be decrypted if the associated system hive is provided altogether.

# Installation

`python -m pip install ntdsdotsqlite`

# Usage

`ntdsdotsqlite NTDS.DIT --system SYSTEM -o NTDS.sqlite`

```
usage: NTDS.sqlite [-h] [--system SYSTEM] -o OUTFILE NTDS

This tool helps dumping NTDS.DIT file to an SQLite database

positional arguments:
  NTDS                  The NTDS.DIT file

optional arguments:
  -h, --help            show this help message and exit
  --system SYSTEM       The SYSTEM hive to decrypt hashes. If not provided, hashes will be encrypted inside the sqlite database.
  -o OUTFILE, --outfile OUTFILE
                        The sqlite database. Example : NTDS.sqlite
```

# SQL model

The SQL model is described in the `sql_model.md` file in this repository. Basicaly, not all objects are extracted (at all), but the following are retrieved as of today : domain object, user accounts, machine accounts, groups, organizational units and containers. I thought these would be the most useful. If you need more object classes to be extracted or additional attributes, feel free to open an issue or a pull request !

# Performances

Performances can be a bit low for huge NTDS files. The whole NTDS is not stored in memory to prevent memory exhaustion when working on huge files (NTDS databases can grow to several gigabytes).

