# dcFinder dcFinder is basic python script that detects domain controllers in forest enviroinment using scapy module and DNS SRV records. In addition to detect hostname of domain controller, you can find Primary DC that is included in a specific site. Query types: site, primarydc, globalcatalogdc, nonglobalcatalogdc, kerberos ``` SRV Records: _ldap._tcp.._sites.dc. _ldap._tcp.pdc._msdcs. _ldap._tcp.gc._msdcs. _ldap._tcp.dc._msdcs. _kerberos._tcp.dc._msdcs. ``` #### Usage: ``` ​Use globalcatalogdc option to detect DCs in the Forest. Example : python3 dcFinder.py --lookup --domain offensive.local --query globalcatalogdc Use nonglobalcatalogdc option to check if there are Domain Controller(s) non-global catalog or not. Example : python3 dcFinder.py --lookup --domain offensive.local --query nonglobalcatalogdc Use site option to detect DC in the site. Example : python3 dcFinder.py --lookup --domain offensive.local --query site --sitename gotham Use kerberos option, if you have issue with ldap srv query for finding domain controller. Example : python3 dcFinder.py --lookup --domain offensive.local --query kerberos ``` ![](/files/-MQBeRUQtERM78CmZxvq) {% embed url="" %} 
# Author: Metin Yunus Kandemir
--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.unsafe-inline.com/inline/dcfinder.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.