Releases: srkyn/relic
Releases · srkyn/relic
relic v0.1.0
relic v0.1.0
Initial public release.
What It Finds
- Stale computer accounts — machines that have not authenticated since the threshold. Silently offline machines still receive group policy and appear in security groups.
-
- Dormant user accounts — users who have not logged in within the threshold. Includes service accounts identified by
servicePrincipalName.
- Dormant user accounts — users who have not logged in within the threshold. Includes service accounts identified by
-
- Disabled accounts with group memberships — most immediately actionable: account is disabled but memberships are still live, closing a re-enablement path.
-
- Accounts with non-expiring passwords —
DONT_EXPIRE_PASSWORDinuserAccountControl, escalates to HIGH when account is also stale.
- Accounts with non-expiring passwords —
-
- Service accounts with aging passwords — SPNs with
pwdLastSetolder than the threshold are flagged as Kerberoasting exposure.
- Service accounts with aging passwords — SPNs with
Risk Levels
| Condition | Severity |
|---|---|
| Disabled account still holds group memberships | HIGH |
| Service account (SPN), password unchanged >365 days | HIGH |
| Computer account inactive >365 days | HIGH |
| Non-expiring password + inactive >180 days | HIGH |
| Stale user or computer account | MEDIUM |
| Non-expiring password (active account) | MEDIUM |
| Disabled account, no group memberships | MEDIUM |
| Service account password unchanged >90 days | MEDIUM |
Installation
git clone https://github.com/srkyn/relic.git
cd relic && pip install .
rl --version
Usage
rl -s dc01.corp.local --domain corp.local
rl -s dc01.corp.local --domain corp.local -F --dry-run
Validation
- 48 unit tests pass.
-
- CI passes on Python 3.8 and 3.12.