-
-
Notifications
You must be signed in to change notification settings - Fork 120
02 ‐ Target Selection
The-Viper-One edited this page Oct 14, 2025
·
5 revisions
Target acquisition in PsMapExec is handled through the ADSI Searcher mechanism. As long as the tool is executed from a domain-joined machine under a valid domain user context, it should reliably enumerate targets from Active Directory.
By default, only enabled computer objects in Active Directory are included in the target list.
Note: PsMapExec also supports targeting multiple domains at once.
PsMapExec [Method] -Targets [Targets] -Domain [Domain]The -Targets parameter supports several input types, as demonstrated below:
# Enumerates all workstations, servers, and domain controllers from the domain
PsMapExec SMB -Targets All -Domain sevenkingdoms.local
# Enumerates only servers from the domain (DCs excluded)
PsMapExec SMB -Targets Servers -Domain sevenkingdoms.local
# Enumerates only domain controllers from the specified domains
PsMapExec SMB -Targets DCs -Domain "sevenkingdoms.local, essos.local"
# Enumerates only workstations from the domain over WMI
PsMapExec WMI -Targets Workstations -Domain sevenkingdoms.local
# Specifies a particular computer by FQDN
PsMapExec WMI -Targets redkeep.sevenkingdoms.local -Domain sevenkingdoms.local
# Uses a wildcard pattern to match hostnames using WinRM
PsMapExec WinRM -Targets SRV0* -Domain sevenkingdoms.local
# Loads a list of targets from a file
PsMapExec SMB -Targets "C:\Targets.txt" -Domain sevenkingdoms.local
# Specifies a single IP address as a target
PsMapExec WMI -Targets 192.168.56.11 -Domain essos.local
# Specifies a range of IPs using CIDR notation
PsMapExec SMB -Targets 192.168.56.0/24 -Domain essos.local
# Mix CIDR and hostname target across multiple domains
PsMapExec WMI -Targets "192.168.56.0/28, BRAAVOS" -Domain "sevenkingdoms.local, essos.local"