Fast multi-threaded SAMR RID enumeration tool written in Python using Impacket.
This tool performs user enumeration over the SAMR RPC interface without relying on the rpcclient binary.
- Null session support
- Multi-threaded RID enumeration
- No dependency on Samba tools
- Pure Python implementation
- Compatible with Linux and Windows
- Hexadecimal or decimal RID display
- Output file support
git clone https://github.com/sty-nathan/samr-rid-enum.git
cd samr-rid-enumpip install -r requirements.txtOr manually:
pip install impacketpython3 samr_rid_enum.py 192.168.1.10python3 samr_rid_enum.py 192.168.1.10 --start 500 --end 3000python3 samr_rid_enum.py 192.168.1.10 -u administrator -p password123python3 samr_rid_enum.py 192.168.1.10 -t 50python3 samr_rid_enum.py 192.168.1.10 --output users.txt[*] Target : 192.168.1.10:445
[*] RID range: 500 – 1100
[*] Threads : 10
User Name : Administrator
user_rid : 0x1f4
group_rid : 0x220
User Name : Guest
user_rid : 0x1f5
group_rid : 0x220
| Argument | Description |
|---|---|
host |
Target IP or hostname |
--start |
Starting RID |
--end |
Ending RID |
-u |
SMB username |
-p |
SMB password |
-d |
Domain/workgroup |
-t |
Number of threads |
--decimal |
Show RIDs in decimal |
--output |
Save results to file |
Traditional RID enumeration commonly relies on:
rpcclient -N -U "" targetThis project removes the dependency on Samba utilities and directly interacts with the SAMR RPC interface using Impacket.
Useful for:
- Internal pentests
- Active Directory enumeration
- Red team operations
- Lab environments
- Windows RPC research
- Python 3.9+
- Impacket
This tool is intended for authorized security testing and educational purposes only.
The author is not responsible for misuse or damage caused by this project.
MIT License