MAELSTROM STATUS · STABLE PYTHON 3.8+
REPO SECURITY MIT
Real-Fruit-Snacks  //  AD enumeration  //  stable release

MAELSTROM.

modules
35+ queries
protocols
SMB · WinRM
tests
parallel spin
stack
Python 3.8+
01 Premise

Pull everything in range into the vortex — chaotic, powerful, thorough.

Maelstrom is a NetExec wrapper that sweeps through AD environments with 35+ enumeration queries spinning in parallel. Multi-target scanning with actionable recommendations for Windows domains.

Transform scattered enumeration into structured intelligence with prioritized findings and clear remediation guidance.

02 Specs

What's in the box.

MODULES
35+ NetExec modules — shares, users, groups, policies, certificates, registry, services
PROTOCOLS
SMB · WinRM · LDAP with automatic authentication and session management
TARGETS
Multi-target scanning — CIDR ranges, target files, domain controller discovery
OUTPUT
Structured results — JSON export, HTML reports, terminal tables with color coding
TESTS
Parallel execution — all 35+ queries spin simultaneously for maximum throughput
STACK
Python wrapper · NetExec backend · Rich TUI · multi-threading · result aggregation
03 Quickstart

Authenticate, enumerate, analyze, report.

Maelstrom orchestrates NetExec modules for comprehensive Active Directory enumeration.

# Install from PyPI
$ pip install maelstrom

# Single target with credentials
$ maelstrom --target 10.10.10.10 --username admin --password Password123

# Domain sweep with domain credentials
$ maelstrom --targets domain_controllers.txt --domain CONTOSO --username bob --password Winter2024

# Full enumeration with hash authentication
$ maelstrom --cidr 10.10.10.0/24 --username administrator --hash aad3b435b51404eeaad3b435b51404ee:8846f7eaee8fb117ad06bdd830b7586c
04 Reference

Module categories and options.

Complete reference for NetExec module orchestration and AD enumeration workflows.

TARGETING

--target <ip>Single target host
--targets <file>Target list file (one IP per line)
--cidr <range>CIDR range (e.g., 10.10.10.0/24)
--domain <name>Domain name for authentication context

AUTHENTICATION

--username <user>Username for authentication
--password <pass>Password authentication
--hash <lm:ntlm>Pass-the-hash authentication
--kerberosUse Kerberos authentication

MODULES

--modules <list>Specific modules: shares,users,groups,gpp,certificates
--all-modulesRun all 35+ available enumeration modules
--list-modulesShow all available NetExec modules
--exclude <list>Skip specific modules

OUTPUT

--output-dir <path>Report output directory
--format <type>Output format: table, json, html, csv
--verboseShow detailed NetExec output
--recommendationsInclude actionable security recommendations
05 Architecture

Orchestrator with parallel execution.

Python wrapper around NetExec that manages authentication, coordinates module execution across multiple targets, and aggregates results with security recommendations.

maelstrom/
core/          // NetExec wrapper · auth management
modules/       // 35+ enumeration module configs
├── shares.py  // SMB share enumeration
├── users.py   // domain user discovery
├── certs.py   // certificate services audit
└── gpp.py     // Group Policy Preferences
executor.py    // parallel coordination
reporting.py   // result aggregation · recommendations
06 Authorization

Authorized AD assessments only.

Maelstrom is designed for legitimate Active Directory security assessments with proper authorization. The comprehensive enumeration generates significant logs — ensure proper scope and permissions.

Security issues should be reported through private security advisories.

All enumeration runs through standard SMB/WinRM protocols with provided credentials.

→ GET STARTED

Sweep the domain
with parallel enumeration.

Open repo