npm - @etcsec-com/etc-collector - Versions diffs - 1.4.0 - Mend

@etcsec-com/etc-collector 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (617) hide show

package/.env.example +60 -0
package/.env.test.example +33 -0
package/.github/workflows/ci.yml +83 -0
package/.github/workflows/release.yml +246 -0
package/.prettierrc.json +10 -0
package/CHANGELOG.md +15 -0
package/Dockerfile +57 -0
package/LICENSE +190 -0
package/README.md +194 -0
package/dist/api/controllers/audit.controller.d.ts +21 -0
package/dist/api/controllers/audit.controller.d.ts.map +1 -0
package/dist/api/controllers/audit.controller.js +179 -0
package/dist/api/controllers/audit.controller.js.map +1 -0
package/dist/api/controllers/auth.controller.d.ts +16 -0
package/dist/api/controllers/auth.controller.d.ts.map +1 -0
package/dist/api/controllers/auth.controller.js +146 -0
package/dist/api/controllers/auth.controller.js.map +1 -0
package/dist/api/controllers/export.controller.d.ts +27 -0
package/dist/api/controllers/export.controller.d.ts.map +1 -0
package/dist/api/controllers/export.controller.js +80 -0
package/dist/api/controllers/export.controller.js.map +1 -0
package/dist/api/controllers/health.controller.d.ts +5 -0
package/dist/api/controllers/health.controller.d.ts.map +1 -0
package/dist/api/controllers/health.controller.js +16 -0
package/dist/api/controllers/health.controller.js.map +1 -0
package/dist/api/controllers/jobs.controller.d.ts +13 -0
package/dist/api/controllers/jobs.controller.d.ts.map +1 -0
package/dist/api/controllers/jobs.controller.js +125 -0
package/dist/api/controllers/jobs.controller.js.map +1 -0
package/dist/api/controllers/providers.controller.d.ts +15 -0
package/dist/api/controllers/providers.controller.d.ts.map +1 -0
package/dist/api/controllers/providers.controller.js +112 -0
package/dist/api/controllers/providers.controller.js.map +1 -0
package/dist/api/dto/AuditRequest.dto.d.ts +6 -0
package/dist/api/dto/AuditRequest.dto.d.ts.map +1 -0
package/dist/api/dto/AuditRequest.dto.js +3 -0
package/dist/api/dto/AuditRequest.dto.js.map +1 -0
package/dist/api/dto/AuditResponse.dto.d.ts +17 -0
package/dist/api/dto/AuditResponse.dto.d.ts.map +1 -0
package/dist/api/dto/AuditResponse.dto.js +3 -0
package/dist/api/dto/AuditResponse.dto.js.map +1 -0
package/dist/api/dto/TokenRequest.dto.d.ts +6 -0
package/dist/api/dto/TokenRequest.dto.d.ts.map +1 -0
package/dist/api/dto/TokenRequest.dto.js +3 -0
package/dist/api/dto/TokenRequest.dto.js.map +1 -0
package/dist/api/dto/TokenResponse.dto.d.ts +12 -0
package/dist/api/dto/TokenResponse.dto.d.ts.map +1 -0
package/dist/api/dto/TokenResponse.dto.js +3 -0
package/dist/api/dto/TokenResponse.dto.js.map +1 -0
package/dist/api/middlewares/authenticate.d.ts +12 -0
package/dist/api/middlewares/authenticate.d.ts.map +1 -0
package/dist/api/middlewares/authenticate.js +141 -0
package/dist/api/middlewares/authenticate.js.map +1 -0
package/dist/api/middlewares/errorHandler.d.ts +3 -0
package/dist/api/middlewares/errorHandler.d.ts.map +1 -0
package/dist/api/middlewares/errorHandler.js +30 -0
package/dist/api/middlewares/errorHandler.js.map +1 -0
package/dist/api/middlewares/rateLimit.d.ts +3 -0
package/dist/api/middlewares/rateLimit.d.ts.map +1 -0
package/dist/api/middlewares/rateLimit.js +34 -0
package/dist/api/middlewares/rateLimit.js.map +1 -0
package/dist/api/middlewares/validate.d.ts +4 -0
package/dist/api/middlewares/validate.d.ts.map +1 -0
package/dist/api/middlewares/validate.js +31 -0
package/dist/api/middlewares/validate.js.map +1 -0
package/dist/api/routes/audit.routes.d.ts +5 -0
package/dist/api/routes/audit.routes.d.ts.map +1 -0
package/dist/api/routes/audit.routes.js +24 -0
package/dist/api/routes/audit.routes.js.map +1 -0
package/dist/api/routes/auth.routes.d.ts +6 -0
package/dist/api/routes/auth.routes.d.ts.map +1 -0
package/dist/api/routes/auth.routes.js +22 -0
package/dist/api/routes/auth.routes.js.map +1 -0
package/dist/api/routes/export.routes.d.ts +5 -0
package/dist/api/routes/export.routes.d.ts.map +1 -0
package/dist/api/routes/export.routes.js +16 -0
package/dist/api/routes/export.routes.js.map +1 -0
package/dist/api/routes/health.routes.d.ts +4 -0
package/dist/api/routes/health.routes.d.ts.map +1 -0
package/dist/api/routes/health.routes.js +11 -0
package/dist/api/routes/health.routes.js.map +1 -0
package/dist/api/routes/index.d.ts +10 -0
package/dist/api/routes/index.d.ts.map +1 -0
package/dist/api/routes/index.js +20 -0
package/dist/api/routes/index.js.map +1 -0
package/dist/api/routes/providers.routes.d.ts +5 -0
package/dist/api/routes/providers.routes.d.ts.map +1 -0
package/dist/api/routes/providers.routes.js +13 -0
package/dist/api/routes/providers.routes.js.map +1 -0
package/dist/api/validators/audit.schemas.d.ts +60 -0
package/dist/api/validators/audit.schemas.d.ts.map +1 -0
package/dist/api/validators/audit.schemas.js +55 -0
package/dist/api/validators/audit.schemas.js.map +1 -0
package/dist/api/validators/auth.schemas.d.ts +17 -0
package/dist/api/validators/auth.schemas.d.ts.map +1 -0
package/dist/api/validators/auth.schemas.js +21 -0
package/dist/api/validators/auth.schemas.js.map +1 -0
package/dist/app.d.ts +3 -0
package/dist/app.d.ts.map +1 -0
package/dist/app.js +62 -0
package/dist/app.js.map +1 -0
package/dist/config/config.schema.d.ts +65 -0
package/dist/config/config.schema.d.ts.map +1 -0
package/dist/config/config.schema.js +95 -0
package/dist/config/config.schema.js.map +1 -0
package/dist/config/index.d.ts +4 -0
package/dist/config/index.d.ts.map +1 -0
package/dist/config/index.js +75 -0
package/dist/config/index.js.map +1 -0
package/dist/container.d.ts +47 -0
package/dist/container.d.ts.map +1 -0
package/dist/container.js +137 -0
package/dist/container.js.map +1 -0
package/dist/data/database.d.ts +13 -0
package/dist/data/database.d.ts.map +1 -0
package/dist/data/database.js +68 -0
package/dist/data/database.js.map +1 -0
package/dist/data/jobs/token-cleanup.job.d.ts +23 -0
package/dist/data/jobs/token-cleanup.job.d.ts.map +1 -0
package/dist/data/jobs/token-cleanup.job.js +96 -0
package/dist/data/jobs/token-cleanup.job.js.map +1 -0
package/dist/data/migrations/migration.runner.d.ts +13 -0
package/dist/data/migrations/migration.runner.d.ts.map +1 -0
package/dist/data/migrations/migration.runner.js +136 -0
package/dist/data/migrations/migration.runner.js.map +1 -0
package/dist/data/models/Token.model.d.ts +30 -0
package/dist/data/models/Token.model.d.ts.map +1 -0
package/dist/data/models/Token.model.js +3 -0
package/dist/data/models/Token.model.js.map +1 -0
package/dist/data/repositories/token.repository.d.ts +16 -0
package/dist/data/repositories/token.repository.d.ts.map +1 -0
package/dist/data/repositories/token.repository.js +97 -0
package/dist/data/repositories/token.repository.js.map +1 -0
package/dist/providers/azure/auth.provider.d.ts +5 -0
package/dist/providers/azure/auth.provider.d.ts.map +1 -0
package/dist/providers/azure/auth.provider.js +13 -0
package/dist/providers/azure/auth.provider.js.map +1 -0
package/dist/providers/azure/azure-errors.d.ts +40 -0
package/dist/providers/azure/azure-errors.d.ts.map +1 -0
package/dist/providers/azure/azure-errors.js +121 -0
package/dist/providers/azure/azure-errors.js.map +1 -0
package/dist/providers/azure/azure-retry.d.ts +41 -0
package/dist/providers/azure/azure-retry.d.ts.map +1 -0
package/dist/providers/azure/azure-retry.js +85 -0
package/dist/providers/azure/azure-retry.js.map +1 -0
package/dist/providers/azure/graph-client.d.ts +26 -0
package/dist/providers/azure/graph-client.d.ts.map +1 -0
package/dist/providers/azure/graph-client.js +146 -0
package/dist/providers/azure/graph-client.js.map +1 -0
package/dist/providers/azure/graph.provider.d.ts +23 -0
package/dist/providers/azure/graph.provider.d.ts.map +1 -0
package/dist/providers/azure/graph.provider.js +161 -0
package/dist/providers/azure/graph.provider.js.map +1 -0
package/dist/providers/azure/queries/app.queries.d.ts +6 -0
package/dist/providers/azure/queries/app.queries.d.ts.map +1 -0
package/dist/providers/azure/queries/app.queries.js +9 -0
package/dist/providers/azure/queries/app.queries.js.map +1 -0
package/dist/providers/azure/queries/policy.queries.d.ts +6 -0
package/dist/providers/azure/queries/policy.queries.d.ts.map +1 -0
package/dist/providers/azure/queries/policy.queries.js +9 -0
package/dist/providers/azure/queries/policy.queries.js.map +1 -0
package/dist/providers/azure/queries/user.queries.d.ts +7 -0
package/dist/providers/azure/queries/user.queries.d.ts.map +1 -0
package/dist/providers/azure/queries/user.queries.js +10 -0
package/dist/providers/azure/queries/user.queries.js.map +1 -0
package/dist/providers/interfaces/IGraphProvider.d.ts +31 -0
package/dist/providers/interfaces/IGraphProvider.d.ts.map +1 -0
package/dist/providers/interfaces/IGraphProvider.js +3 -0
package/dist/providers/interfaces/IGraphProvider.js.map +1 -0
package/dist/providers/interfaces/ILDAPProvider.d.ts +37 -0
package/dist/providers/interfaces/ILDAPProvider.d.ts.map +1 -0
package/dist/providers/interfaces/ILDAPProvider.js +3 -0
package/dist/providers/interfaces/ILDAPProvider.js.map +1 -0
package/dist/providers/ldap/acl-parser.d.ts +8 -0
package/dist/providers/ldap/acl-parser.d.ts.map +1 -0
package/dist/providers/ldap/acl-parser.js +157 -0
package/dist/providers/ldap/acl-parser.js.map +1 -0
package/dist/providers/ldap/ad-mappers.d.ts +8 -0
package/dist/providers/ldap/ad-mappers.d.ts.map +1 -0
package/dist/providers/ldap/ad-mappers.js +162 -0
package/dist/providers/ldap/ad-mappers.js.map +1 -0
package/dist/providers/ldap/ldap-client.d.ts +33 -0
package/dist/providers/ldap/ldap-client.d.ts.map +1 -0
package/dist/providers/ldap/ldap-client.js +195 -0
package/dist/providers/ldap/ldap-client.js.map +1 -0
package/dist/providers/ldap/ldap-errors.d.ts +48 -0
package/dist/providers/ldap/ldap-errors.d.ts.map +1 -0
package/dist/providers/ldap/ldap-errors.js +120 -0
package/dist/providers/ldap/ldap-errors.js.map +1 -0
package/dist/providers/ldap/ldap-retry.d.ts +14 -0
package/dist/providers/ldap/ldap-retry.d.ts.map +1 -0
package/dist/providers/ldap/ldap-retry.js +102 -0
package/dist/providers/ldap/ldap-retry.js.map +1 -0
package/dist/providers/ldap/ldap-sanitizer.d.ts +12 -0
package/dist/providers/ldap/ldap-sanitizer.d.ts.map +1 -0
package/dist/providers/ldap/ldap-sanitizer.js +104 -0
package/dist/providers/ldap/ldap-sanitizer.js.map +1 -0
package/dist/providers/ldap/ldap.provider.d.ts +21 -0
package/dist/providers/ldap/ldap.provider.d.ts.map +1 -0
package/dist/providers/ldap/ldap.provider.js +165 -0
package/dist/providers/ldap/ldap.provider.js.map +1 -0
package/dist/providers/ldap/queries/computer.queries.d.ts +6 -0
package/dist/providers/ldap/queries/computer.queries.d.ts.map +1 -0
package/dist/providers/ldap/queries/computer.queries.js +9 -0
package/dist/providers/ldap/queries/computer.queries.js.map +1 -0
package/dist/providers/ldap/queries/group.queries.d.ts +6 -0
package/dist/providers/ldap/queries/group.queries.d.ts.map +1 -0
package/dist/providers/ldap/queries/group.queries.js +9 -0
package/dist/providers/ldap/queries/group.queries.js.map +1 -0
package/dist/providers/ldap/queries/user.queries.d.ts +7 -0
package/dist/providers/ldap/queries/user.queries.d.ts.map +1 -0
package/dist/providers/ldap/queries/user.queries.js +10 -0
package/dist/providers/ldap/queries/user.queries.js.map +1 -0
package/dist/providers/smb/smb.provider.d.ts +68 -0
package/dist/providers/smb/smb.provider.d.ts.map +1 -0
package/dist/providers/smb/smb.provider.js +382 -0
package/dist/providers/smb/smb.provider.js.map +1 -0
package/dist/server.d.ts +2 -0
package/dist/server.d.ts.map +1 -0
package/dist/server.js +44 -0
package/dist/server.js.map +1 -0
package/dist/services/audit/ad-audit.service.d.ts +70 -0
package/dist/services/audit/ad-audit.service.d.ts.map +1 -0
package/dist/services/audit/ad-audit.service.js +1019 -0
package/dist/services/audit/ad-audit.service.js.map +1 -0
package/dist/services/audit/attack-graph.service.d.ts +62 -0
package/dist/services/audit/attack-graph.service.d.ts.map +1 -0
package/dist/services/audit/attack-graph.service.js +702 -0
package/dist/services/audit/attack-graph.service.js.map +1 -0
package/dist/services/audit/audit.service.d.ts +4 -0
package/dist/services/audit/audit.service.d.ts.map +1 -0
package/dist/services/audit/audit.service.js +10 -0
package/dist/services/audit/audit.service.js.map +1 -0
package/dist/services/audit/azure-audit.service.d.ts +37 -0
package/dist/services/audit/azure-audit.service.d.ts.map +1 -0
package/dist/services/audit/azure-audit.service.js +153 -0
package/dist/services/audit/azure-audit.service.js.map +1 -0
package/dist/services/audit/detectors/ad/accounts.detector.d.ts +37 -0
package/dist/services/audit/detectors/ad/accounts.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/accounts.detector.js +881 -0
package/dist/services/audit/detectors/ad/accounts.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/adcs.detector.d.ts +21 -0
package/dist/services/audit/detectors/ad/adcs.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/adcs.detector.js +227 -0
package/dist/services/audit/detectors/ad/adcs.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/advanced.detector.d.ts +63 -0
package/dist/services/audit/detectors/ad/advanced.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/advanced.detector.js +867 -0
package/dist/services/audit/detectors/ad/advanced.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/attack-paths.detector.d.ts +16 -0
package/dist/services/audit/detectors/ad/attack-paths.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/attack-paths.detector.js +369 -0
package/dist/services/audit/detectors/ad/attack-paths.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/compliance.detector.d.ts +28 -0
package/dist/services/audit/detectors/ad/compliance.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/compliance.detector.js +896 -0
package/dist/services/audit/detectors/ad/compliance.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/computers.detector.d.ts +30 -0
package/dist/services/audit/detectors/ad/computers.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/computers.detector.js +799 -0
package/dist/services/audit/detectors/ad/computers.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/gpo.detector.d.ts +17 -0
package/dist/services/audit/detectors/ad/gpo.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/gpo.detector.js +257 -0
package/dist/services/audit/detectors/ad/gpo.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/groups.detector.d.ts +19 -0
package/dist/services/audit/detectors/ad/groups.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/groups.detector.js +488 -0
package/dist/services/audit/detectors/ad/groups.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/index.d.ts +15 -0
package/dist/services/audit/detectors/ad/index.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/index.js +51 -0
package/dist/services/audit/detectors/ad/index.js.map +1 -0
package/dist/services/audit/detectors/ad/kerberos.detector.d.ts +17 -0
package/dist/services/audit/detectors/ad/kerberos.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/kerberos.detector.js +293 -0
package/dist/services/audit/detectors/ad/kerberos.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/monitoring.detector.d.ts +23 -0
package/dist/services/audit/detectors/ad/monitoring.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/monitoring.detector.js +328 -0
package/dist/services/audit/detectors/ad/monitoring.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/network.detector.d.ts +39 -0
package/dist/services/audit/detectors/ad/network.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/network.detector.js +257 -0
package/dist/services/audit/detectors/ad/network.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/password.detector.d.ts +14 -0
package/dist/services/audit/detectors/ad/password.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/password.detector.js +235 -0
package/dist/services/audit/detectors/ad/password.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/permissions.detector.d.ts +20 -0
package/dist/services/audit/detectors/ad/permissions.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/permissions.detector.js +392 -0
package/dist/services/audit/detectors/ad/permissions.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/trusts.detector.d.ts +11 -0
package/dist/services/audit/detectors/ad/trusts.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/trusts.detector.js +186 -0
package/dist/services/audit/detectors/ad/trusts.detector.js.map +1 -0
package/dist/services/audit/detectors/azure/app-security.detector.d.ts +11 -0
package/dist/services/audit/detectors/azure/app-security.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/azure/app-security.detector.js +184 -0
package/dist/services/audit/detectors/azure/app-security.detector.js.map +1 -0
package/dist/services/audit/detectors/azure/conditional-access.detector.d.ts +10 -0
package/dist/services/audit/detectors/azure/conditional-access.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/azure/conditional-access.detector.js +130 -0
package/dist/services/audit/detectors/azure/conditional-access.detector.js.map +1 -0
package/dist/services/audit/detectors/azure/privilege-security.detector.d.ts +8 -0
package/dist/services/audit/detectors/azure/privilege-security.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/azure/privilege-security.detector.js +113 -0
package/dist/services/audit/detectors/azure/privilege-security.detector.js.map +1 -0
package/dist/services/audit/detectors/azure/user-security.detector.d.ts +14 -0
package/dist/services/audit/detectors/azure/user-security.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/azure/user-security.detector.js +198 -0
package/dist/services/audit/detectors/azure/user-security.detector.js.map +1 -0
package/dist/services/audit/detectors/index.d.ts +2 -0
package/dist/services/audit/detectors/index.d.ts.map +1 -0
package/dist/services/audit/detectors/index.js +38 -0
package/dist/services/audit/detectors/index.js.map +1 -0
package/dist/services/audit/response-formatter.d.ts +176 -0
package/dist/services/audit/response-formatter.d.ts.map +1 -0
package/dist/services/audit/response-formatter.js +240 -0
package/dist/services/audit/response-formatter.js.map +1 -0
package/dist/services/audit/scoring.service.d.ts +15 -0
package/dist/services/audit/scoring.service.d.ts.map +1 -0
package/dist/services/audit/scoring.service.js +139 -0
package/dist/services/audit/scoring.service.js.map +1 -0
package/dist/services/auth/crypto.service.d.ts +19 -0
package/dist/services/auth/crypto.service.d.ts.map +1 -0
package/dist/services/auth/crypto.service.js +135 -0
package/dist/services/auth/crypto.service.js.map +1 -0
package/dist/services/auth/errors.d.ts +19 -0
package/dist/services/auth/errors.d.ts.map +1 -0
package/dist/services/auth/errors.js +46 -0
package/dist/services/auth/errors.js.map +1 -0
package/dist/services/auth/token.service.d.ts +41 -0
package/dist/services/auth/token.service.d.ts.map +1 -0
package/dist/services/auth/token.service.js +208 -0
package/dist/services/auth/token.service.js.map +1 -0
package/dist/services/config/config.service.d.ts +6 -0
package/dist/services/config/config.service.d.ts.map +1 -0
package/dist/services/config/config.service.js +64 -0
package/dist/services/config/config.service.js.map +1 -0
package/dist/services/export/export.service.d.ts +28 -0
package/dist/services/export/export.service.d.ts.map +1 -0
package/dist/services/export/export.service.js +28 -0
package/dist/services/export/export.service.js.map +1 -0
package/dist/services/export/formatters/csv.formatter.d.ts +8 -0
package/dist/services/export/formatters/csv.formatter.d.ts.map +1 -0
package/dist/services/export/formatters/csv.formatter.js +46 -0
package/dist/services/export/formatters/csv.formatter.js.map +1 -0
package/dist/services/export/formatters/json.formatter.d.ts +40 -0
package/dist/services/export/formatters/json.formatter.d.ts.map +1 -0
package/dist/services/export/formatters/json.formatter.js +58 -0
package/dist/services/export/formatters/json.formatter.js.map +1 -0
package/dist/services/jobs/azure-job-runner.d.ts +38 -0
package/dist/services/jobs/azure-job-runner.d.ts.map +1 -0
package/dist/services/jobs/azure-job-runner.js +199 -0
package/dist/services/jobs/azure-job-runner.js.map +1 -0
package/dist/services/jobs/index.d.ts +4 -0
package/dist/services/jobs/index.d.ts.map +1 -0
package/dist/services/jobs/index.js +20 -0
package/dist/services/jobs/index.js.map +1 -0
package/dist/services/jobs/job-runner.d.ts +64 -0
package/dist/services/jobs/job-runner.d.ts.map +1 -0
package/dist/services/jobs/job-runner.js +952 -0
package/dist/services/jobs/job-runner.js.map +1 -0
package/dist/services/jobs/job-store.d.ts +27 -0
package/dist/services/jobs/job-store.d.ts.map +1 -0
package/dist/services/jobs/job-store.js +261 -0
package/dist/services/jobs/job-store.js.map +1 -0
package/dist/services/jobs/job.types.d.ts +67 -0
package/dist/services/jobs/job.types.d.ts.map +1 -0
package/dist/services/jobs/job.types.js +36 -0
package/dist/services/jobs/job.types.js.map +1 -0
package/dist/types/ad.types.d.ts +74 -0
package/dist/types/ad.types.d.ts.map +1 -0
package/dist/types/ad.types.js +3 -0
package/dist/types/ad.types.js.map +1 -0
package/dist/types/adcs.types.d.ts +58 -0
package/dist/types/adcs.types.d.ts.map +1 -0
package/dist/types/adcs.types.js +38 -0
package/dist/types/adcs.types.js.map +1 -0
package/dist/types/attack-graph.types.d.ts +135 -0
package/dist/types/attack-graph.types.d.ts.map +1 -0
package/dist/types/attack-graph.types.js +58 -0
package/dist/types/attack-graph.types.js.map +1 -0
package/dist/types/audit.types.d.ts +34 -0
package/dist/types/audit.types.d.ts.map +1 -0
package/dist/types/audit.types.js +3 -0
package/dist/types/audit.types.js.map +1 -0
package/dist/types/azure.types.d.ts +61 -0
package/dist/types/azure.types.d.ts.map +1 -0
package/dist/types/azure.types.js +3 -0
package/dist/types/azure.types.js.map +1 -0
package/dist/types/config.types.d.ts +63 -0
package/dist/types/config.types.d.ts.map +1 -0
package/dist/types/config.types.js +3 -0
package/dist/types/config.types.js.map +1 -0
package/dist/types/error.types.d.ts +33 -0
package/dist/types/error.types.d.ts.map +1 -0
package/dist/types/error.types.js +70 -0
package/dist/types/error.types.js.map +1 -0
package/dist/types/finding.types.d.ts +133 -0
package/dist/types/finding.types.d.ts.map +1 -0
package/dist/types/finding.types.js +3 -0
package/dist/types/finding.types.js.map +1 -0
package/dist/types/gpo.types.d.ts +39 -0
package/dist/types/gpo.types.d.ts.map +1 -0
package/dist/types/gpo.types.js +15 -0
package/dist/types/gpo.types.js.map +1 -0
package/dist/types/token.types.d.ts +26 -0
package/dist/types/token.types.d.ts.map +1 -0
package/dist/types/token.types.js +3 -0
package/dist/types/token.types.js.map +1 -0
package/dist/types/trust.types.d.ts +45 -0
package/dist/types/trust.types.d.ts.map +1 -0
package/dist/types/trust.types.js +71 -0
package/dist/types/trust.types.js.map +1 -0
package/dist/utils/entity-converter.d.ts +17 -0
package/dist/utils/entity-converter.d.ts.map +1 -0
package/dist/utils/entity-converter.js +285 -0
package/dist/utils/entity-converter.js.map +1 -0
package/dist/utils/graph.util.d.ts +66 -0
package/dist/utils/graph.util.d.ts.map +1 -0
package/dist/utils/graph.util.js +382 -0
package/dist/utils/graph.util.js.map +1 -0
package/dist/utils/logger.d.ts +7 -0
package/dist/utils/logger.d.ts.map +1 -0
package/dist/utils/logger.js +86 -0
package/dist/utils/logger.js.map +1 -0
package/dist/utils/type-name-normalizer.d.ts +5 -0
package/dist/utils/type-name-normalizer.d.ts.map +1 -0
package/dist/utils/type-name-normalizer.js +218 -0
package/dist/utils/type-name-normalizer.js.map +1 -0
package/docker-compose.yml +26 -0
package/docs/api/README.md +178 -0
package/docs/api/openapi.yaml +1524 -0
package/eslint.config.js +54 -0
package/jest.config.js +38 -0
package/package.json +97 -0
package/scripts/fetch-ad-cert.sh +142 -0
package/src/.gitkeep +0 -0
package/src/api/.gitkeep +0 -0
package/src/api/controllers/.gitkeep +0 -0
package/src/api/controllers/audit.controller.ts +313 -0
package/src/api/controllers/auth.controller.ts +258 -0
package/src/api/controllers/export.controller.ts +153 -0
package/src/api/controllers/health.controller.ts +16 -0
package/src/api/controllers/jobs.controller.ts +187 -0
package/src/api/controllers/providers.controller.ts +165 -0
package/src/api/dto/.gitkeep +0 -0
package/src/api/dto/AuditRequest.dto.ts +8 -0
package/src/api/dto/AuditResponse.dto.ts +19 -0
package/src/api/dto/TokenRequest.dto.ts +8 -0
package/src/api/dto/TokenResponse.dto.ts +14 -0
package/src/api/middlewares/.gitkeep +0 -0
package/src/api/middlewares/authenticate.ts +203 -0
package/src/api/middlewares/errorHandler.ts +54 -0
package/src/api/middlewares/rateLimit.ts +35 -0
package/src/api/middlewares/validate.ts +32 -0
package/src/api/routes/.gitkeep +0 -0
package/src/api/routes/audit.routes.ts +77 -0
package/src/api/routes/auth.routes.ts +71 -0
package/src/api/routes/export.routes.ts +34 -0
package/src/api/routes/health.routes.ts +14 -0
package/src/api/routes/index.ts +40 -0
package/src/api/routes/providers.routes.ts +24 -0
package/src/api/validators/.gitkeep +0 -0
package/src/api/validators/audit.schemas.ts +59 -0
package/src/api/validators/auth.schemas.ts +59 -0
package/src/app.ts +87 -0
package/src/config/.gitkeep +0 -0
package/src/config/config.schema.ts +108 -0
package/src/config/index.ts +82 -0
package/src/container.ts +221 -0
package/src/data/.gitkeep +0 -0
package/src/data/database.ts +78 -0
package/src/data/jobs/token-cleanup.job.ts +166 -0
package/src/data/migrations/.gitkeep +0 -0
package/src/data/migrations/001_initial_schema.sql +47 -0
package/src/data/migrations/migration.runner.ts +125 -0
package/src/data/models/.gitkeep +0 -0
package/src/data/models/Token.model.ts +35 -0
package/src/data/repositories/.gitkeep +0 -0
package/src/data/repositories/token.repository.ts +160 -0
package/src/providers/.gitkeep +0 -0
package/src/providers/azure/.gitkeep +0 -0
package/src/providers/azure/auth.provider.ts +14 -0
package/src/providers/azure/azure-errors.ts +189 -0
package/src/providers/azure/azure-retry.ts +168 -0
package/src/providers/azure/graph-client.ts +315 -0
package/src/providers/azure/graph.provider.ts +294 -0
package/src/providers/azure/queries/app.queries.ts +9 -0
package/src/providers/azure/queries/policy.queries.ts +9 -0
package/src/providers/azure/queries/user.queries.ts +10 -0
package/src/providers/interfaces/.gitkeep +0 -0
package/src/providers/interfaces/IGraphProvider.ts +117 -0
package/src/providers/interfaces/ILDAPProvider.ts +142 -0
package/src/providers/ldap/.gitkeep +0 -0
package/src/providers/ldap/acl-parser.ts +231 -0
package/src/providers/ldap/ad-mappers.ts +280 -0
package/src/providers/ldap/ldap-client.ts +259 -0
package/src/providers/ldap/ldap-errors.ts +188 -0
package/src/providers/ldap/ldap-retry.ts +267 -0
package/src/providers/ldap/ldap-sanitizer.ts +273 -0
package/src/providers/ldap/ldap.provider.ts +293 -0
package/src/providers/ldap/queries/computer.queries.ts +9 -0
package/src/providers/ldap/queries/group.queries.ts +9 -0
package/src/providers/ldap/queries/user.queries.ts +10 -0
package/src/providers/smb/smb.provider.ts +653 -0
package/src/server.ts +60 -0
package/src/services/.gitkeep +0 -0
package/src/services/audit/.gitkeep +0 -0
package/src/services/audit/ad-audit.service.ts +1481 -0
package/src/services/audit/attack-graph.service.ts +1104 -0
package/src/services/audit/audit.service.ts +12 -0
package/src/services/audit/azure-audit.service.ts +286 -0
package/src/services/audit/detectors/ad/accounts.detector.ts +1232 -0
package/src/services/audit/detectors/ad/adcs.detector.ts +449 -0
package/src/services/audit/detectors/ad/advanced.detector.ts +1270 -0
package/src/services/audit/detectors/ad/attack-paths.detector.ts +600 -0
package/src/services/audit/detectors/ad/compliance.detector.ts +1421 -0
package/src/services/audit/detectors/ad/computers.detector.ts +1188 -0
package/src/services/audit/detectors/ad/gpo.detector.ts +485 -0
package/src/services/audit/detectors/ad/groups.detector.ts +685 -0
package/src/services/audit/detectors/ad/index.ts +84 -0
package/src/services/audit/detectors/ad/kerberos.detector.ts +424 -0
package/src/services/audit/detectors/ad/monitoring.detector.ts +501 -0
package/src/services/audit/detectors/ad/network.detector.ts +538 -0
package/src/services/audit/detectors/ad/password.detector.ts +324 -0
package/src/services/audit/detectors/ad/permissions.detector.ts +637 -0
package/src/services/audit/detectors/ad/trusts.detector.ts +315 -0
package/src/services/audit/detectors/azure/app-security.detector.ts +246 -0
package/src/services/audit/detectors/azure/conditional-access.detector.ts +186 -0
package/src/services/audit/detectors/azure/privilege-security.detector.ts +176 -0
package/src/services/audit/detectors/azure/user-security.detector.ts +280 -0
package/src/services/audit/detectors/index.ts +18 -0
package/src/services/audit/response-formatter.ts +604 -0
package/src/services/audit/scoring.service.ts +234 -0
package/src/services/auth/.gitkeep +0 -0
package/src/services/auth/crypto.service.ts +230 -0
package/src/services/auth/errors.ts +47 -0
package/src/services/auth/token.service.ts +420 -0
package/src/services/config/.gitkeep +0 -0
package/src/services/config/config.service.ts +75 -0
package/src/services/export/.gitkeep +0 -0
package/src/services/export/export.service.ts +99 -0
package/src/services/export/formatters/csv.formatter.ts +124 -0
package/src/services/export/formatters/json.formatter.ts +160 -0
package/src/services/jobs/azure-job-runner.ts +312 -0
package/src/services/jobs/index.ts +9 -0
package/src/services/jobs/job-runner.ts +1280 -0
package/src/services/jobs/job-store.ts +384 -0
package/src/services/jobs/job.types.ts +182 -0
package/src/types/.gitkeep +0 -0
package/src/types/ad.types.ts +91 -0
package/src/types/adcs.types.ts +107 -0
package/src/types/attack-graph.types.ts +260 -0
package/src/types/audit.types.ts +42 -0
package/src/types/azure.types.ts +68 -0
package/src/types/config.types.ts +79 -0
package/src/types/error.types.ts +69 -0
package/src/types/finding.types.ts +284 -0
package/src/types/gpo.types.ts +72 -0
package/src/types/smb2.d.ts +73 -0
package/src/types/token.types.ts +32 -0
package/src/types/trust.types.ts +140 -0
package/src/utils/.gitkeep +0 -0
package/src/utils/entity-converter.ts +453 -0
package/src/utils/graph.util.ts +609 -0
package/src/utils/logger.ts +111 -0
package/src/utils/type-name-normalizer.ts +302 -0
package/tests/.gitkeep +0 -0
package/tests/e2e/.gitkeep +0 -0
package/tests/fixtures/.gitkeep +0 -0
package/tests/integration/.gitkeep +0 -0
package/tests/integration/README.md +156 -0
package/tests/integration/ad-audit.integration.test.ts +216 -0
package/tests/integration/api/.gitkeep +0 -0
package/tests/integration/api/endpoints.integration.test.ts +431 -0
package/tests/integration/auth/jwt-authentication.integration.test.ts +358 -0
package/tests/integration/providers/.gitkeep +0 -0
package/tests/integration/providers/azure-basic.integration.test.ts +167 -0
package/tests/integration/providers/ldap-basic.integration.test.ts +152 -0
package/tests/integration/providers/ldap-connectivity.test.ts +44 -0
package/tests/integration/providers/ldap-provider.integration.test.ts +347 -0
package/tests/mocks/.gitkeep +0 -0
package/tests/setup.ts +16 -0
package/tests/unit/.gitkeep +0 -0
package/tests/unit/api/middlewares/authenticate.test.ts +446 -0
package/tests/unit/providers/.gitkeep +0 -0
package/tests/unit/providers/azure/azure-errors.test.ts +193 -0
package/tests/unit/providers/azure/azure-retry.test.ts +254 -0
package/tests/unit/providers/azure/graph-provider.test.ts +313 -0
package/tests/unit/providers/ldap/ad-mappers.test.ts +392 -0
package/tests/unit/providers/ldap/ldap-provider.test.ts +376 -0
package/tests/unit/providers/ldap/ldap-retry.test.ts +377 -0
package/tests/unit/providers/ldap/ldap-sanitizer.test.ts +301 -0
package/tests/unit/sample.test.ts +19 -0
package/tests/unit/services/.gitkeep +0 -0
package/tests/unit/services/audit/detectors/ad/accounts.detector.test.ts +393 -0
package/tests/unit/services/audit/detectors/ad/advanced.detector.test.ts +380 -0
package/tests/unit/services/audit/detectors/ad/computers.detector.test.ts +440 -0
package/tests/unit/services/audit/detectors/ad/groups.detector.test.ts +276 -0
package/tests/unit/services/audit/detectors/ad/kerberos.detector.test.ts +215 -0
package/tests/unit/services/audit/detectors/ad/password.detector.test.ts +226 -0
package/tests/unit/services/audit/detectors/ad/permissions.detector.test.ts +244 -0
package/tests/unit/services/audit/detectors/azure/app-security.detector.test.ts +349 -0
package/tests/unit/services/audit/detectors/azure/conditional-access.detector.test.ts +374 -0
package/tests/unit/services/audit/detectors/azure/privilege-security.detector.test.ts +374 -0
package/tests/unit/services/audit/detectors/azure/user-security.detector.test.ts +297 -0
package/tests/unit/services/auth/crypto.service.test.ts +296 -0
package/tests/unit/services/auth/token.service.test.ts +579 -0
package/tests/unit/services/export/export.service.test.ts +241 -0
package/tests/unit/services/export/formatters/csv.formatter.test.ts +270 -0
package/tests/unit/services/export/formatters/json.formatter.test.ts +258 -0
package/tests/unit/utils/.gitkeep +0 -0
package/tsconfig.json +50 -0

package/dist/services/audit/detectors/ad/accounts.detector.js ADDED Viewed

@@ -0,0 +1,881 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.detectSensitiveDelegation = detectSensitiveDelegation;
+exports.detectDisabledAccountInAdminGroup = detectDisabledAccountInAdminGroup;
+exports.detectExpiredAccountInAdminGroup = detectExpiredAccountInAdminGroup;
+exports.detectSidHistory = detectSidHistory;
+exports.detectNotInProtectedUsers = detectNotInProtectedUsers;
+exports.detectDomainAdminInDescription = detectDomainAdminInDescription;
+exports.detectBackupOperatorsMember = detectBackupOperatorsMember;
+exports.detectAccountOperatorsMember = detectAccountOperatorsMember;
+exports.detectServerOperatorsMember = detectServerOperatorsMember;
+exports.detectPrintOperatorsMember = detectPrintOperatorsMember;
+exports.detectInactive365Days = detectInactive365Days;
+exports.detectStaleAccount = detectStaleAccount;
+exports.detectNeverLoggedOn = detectNeverLoggedOn;
+exports.detectAccountExpireSoon = detectAccountExpireSoon;
+exports.detectAdminLogonCountLow = detectAdminLogonCountLow;
+exports.detectTestAccount = detectTestAccount;
+exports.detectSharedAccount = detectSharedAccount;
+exports.detectSmartcardNotRequired = detectSmartcardNotRequired;
+exports.detectPrimaryGroupIdSpoofing = detectPrimaryGroupIdSpoofing;
+exports.detectServiceAccountWithSpn = detectServiceAccountWithSpn;
+exports.detectServiceAccountNaming = detectServiceAccountNaming;
+exports.detectServiceAccountOldPassword = detectServiceAccountOldPassword;
+exports.detectServiceAccountPrivileged = detectServiceAccountPrivileged;
+exports.detectServiceAccountNoPreauth = detectServiceAccountNoPreauth;
+exports.detectServiceAccountWeakEncryption = detectServiceAccountWeakEncryption;
+exports.detectAdminCountOrphaned = detectAdminCountOrphaned;
+exports.detectPrivilegedAccountSpn = detectPrivilegedAccountSpn;
+exports.detectAdminNoSmartcard = detectAdminNoSmartcard;
+exports.detectServiceAccountInteractive = detectServiceAccountInteractive;
+exports.detectServiceAccountVulnerabilities = detectServiceAccountVulnerabilities;
+exports.detectReplicaDirectoryChanges = detectReplicaDirectoryChanges;
+exports.detectDangerousBuiltinMembership = detectDangerousBuiltinMembership;
+exports.detectLockedAccountAdmin = detectLockedAccountAdmin;
+exports.detectAccountsVulnerabilities = detectAccountsVulnerabilities;
+const entity_converter_1 = require("../../../../utils/entity-converter");
+function detectSensitiveDelegation(users, includeDetails) {
+    const privilegedGroups = [
+        'Domain Admins',
+        'Enterprise Admins',
+        'Schema Admins',
+        'Administrators',
+    ];
+    const affected = users.filter((u) => {
+        if (!u.userAccountControl || !u.memberOf)
+            return false;
+        const hasUnconstrainedDeleg = (u.userAccountControl & 0x80000) !== 0;
+        const isPrivileged = u.memberOf.some((dn) => privilegedGroups.some((group) => dn.includes(`CN=${group}`)));
+        return hasUnconstrainedDeleg && isPrivileged;
+    });
+    return {
+        type: 'SENSITIVE_DELEGATION',
+        severity: 'critical',
+        category: 'accounts',
+        title: 'Sensitive Account with Delegation',
+        description: 'Privileged accounts (Domain/Enterprise Admins) with unconstrained delegation. Extreme security risk.',
+        count: affected.length,
+        affectedEntities: includeDetails ? (0, entity_converter_1.toAffectedUserEntities)(affected) : undefined,
+    };
+}
+function detectDisabledAccountInAdminGroup(users, includeDetails) {
+    const adminGroups = ['Domain Admins', 'Enterprise Admins', 'Schema Admins'];
+    const affected = users.filter((u) => {
+        if (!u.userAccountControl || !u.memberOf)
+            return false;
+        const isDisabled = (u.userAccountControl & 0x2) !== 0;
+        const isInAdminGroup = u.memberOf.some((dn) => adminGroups.some((group) => dn.includes(`CN=${group}`)));
+        return isDisabled && isInAdminGroup;
+    });
+    return {
+        type: 'DISABLED_ACCOUNT_IN_ADMIN_GROUP',
+        severity: 'high',
+        category: 'accounts',
+        title: 'Disabled Account in Admin Group',
+        description: 'Disabled user accounts still present in privileged groups. Should be removed immediately.',
+        count: affected.length,
+        affectedEntities: includeDetails ? (0, entity_converter_1.toAffectedUserEntities)(affected) : undefined,
+    };
+}
+function detectExpiredAccountInAdminGroup(users, includeDetails) {
+    const adminGroups = ['Domain Admins', 'Enterprise Admins', 'Schema Admins'];
+    const now = Date.now();
+    const affected = users.filter((u) => {
+        if (!u.memberOf)
+            return false;
+        const accountExpires = u['accountExpires'];
+        const isExpired = accountExpires && accountExpires.getTime() < now;
+        const isInAdminGroup = u.memberOf.some((dn) => adminGroups.some((group) => dn.includes(`CN=${group}`)));
+        return isExpired && isInAdminGroup;
+    });
+    return {
+        type: 'EXPIRED_ACCOUNT_IN_ADMIN_GROUP',
+        severity: 'high',
+        category: 'accounts',
+        title: 'Expired Account in Admin Group',
+        description: 'Expired user accounts still present in privileged groups. Should be removed immediately.',
+        count: affected.length,
+        affectedEntities: includeDetails ? (0, entity_converter_1.toAffectedUserEntities)(affected) : undefined,
+    };
+}
+function detectSidHistory(users, includeDetails) {
+    const affected = users.filter((u) => {
+        const userObj = u;
+        const sidHistory = userObj['sIDHistory'] ??
+            userObj['sidhistory'] ??
+            userObj['SIDHistory'] ??
+            userObj['sidHistory'];
+        if (!sidHistory)
+            return false;
+        if (Array.isArray(sidHistory)) {
+            return sidHistory.length > 0;
+        }
+        return !!sidHistory;
+    });
+    return {
+        type: 'SID_HISTORY',
+        severity: 'high',
+        category: 'accounts',
+        title: 'SID History Present',
+        description: 'User accounts with sIDHistory attribute. Can be abused for privilege escalation.',
+        count: affected.length,
+        affectedEntities: includeDetails ? (0, entity_converter_1.toAffectedUserEntities)(affected) : undefined,
+    };
+}
+function detectNotInProtectedUsers(users, includeDetails) {
+    const privilegedGroups = ['Domain Admins', 'Enterprise Admins', 'Schema Admins'];
+    const affected = users.filter((u) => {
+        if (!u.memberOf)
+            return false;
+        const isPrivileged = u.memberOf.some((dn) => privilegedGroups.some((group) => dn.includes(`CN=${group}`)));
+        const isInProtectedUsers = u.memberOf.some((dn) => dn.includes('CN=Protected Users'));
+        return isPrivileged && !isInProtectedUsers;
+    });
+    return {
+        type: 'NOT_IN_PROTECTED_USERS',
+        severity: 'high',
+        category: 'accounts',
+        title: 'Not in Protected Users Group',
+        description: 'Privileged accounts not in Protected Users group. Missing additional security protections.',
+        count: affected.length,
+        affectedEntities: includeDetails ? (0, entity_converter_1.toAffectedUserEntities)(affected) : undefined,
+    };
+}
+function detectDomainAdminInDescription(users, includeDetails) {
+    const sensitiveKeywords = [
+        /domain\s*admin/i,
+        /enterprise\s*admin/i,
+        /administrator/i,
+        /admin\s*account/i,
+        /privileged/i,
+    ];
+    const affected = users.filter((u) => {
+        const description = (0, entity_converter_1.ldapAttrToString)(u['description']);
+        if (!description)
+            return false;
+        return sensitiveKeywords.some((pattern) => pattern.test(description));
+    });
+    return {
+        type: 'DOMAIN_ADMIN_IN_DESCRIPTION',
+        severity: 'high',
+        category: 'accounts',
+        title: 'Sensitive Terms in Description',
+        description: 'User accounts with admin/privileged keywords in description field. Information disclosure.',
+        count: affected.length,
+        affectedEntities: includeDetails ? (0, entity_converter_1.toAffectedUserEntities)(affected) : undefined,
+    };
+}
+function detectBackupOperatorsMember(users, includeDetails) {
+    const affected = users.filter((u) => {
+        if (!u.memberOf)
+            return false;
+        return u.memberOf.some((dn) => dn.includes('CN=Backup Operators'));
+    });
+    return {
+        type: 'BACKUP_OPERATORS_MEMBER',
+        severity: 'high',
+        category: 'accounts',
+        title: 'Backup Operators Member',
+        description: 'Users in Backup Operators group. Can backup/restore files and bypass ACLs.',
+        count: affected.length,
+        affectedEntities: includeDetails ? (0, entity_converter_1.toAffectedUserEntities)(affected) : undefined,
+    };
+}
+function detectAccountOperatorsMember(users, includeDetails) {
+    const affected = users.filter((u) => {
+        if (!u.memberOf)
+            return false;
+        return u.memberOf.some((dn) => dn.includes('CN=Account Operators'));
+    });
+    return {
+        type: 'ACCOUNT_OPERATORS_MEMBER',
+        severity: 'high',
+        category: 'accounts',
+        title: 'Account Operators Member',
+        description: 'Users in Account Operators group. Can create/modify user accounts.',
+        count: affected.length,
+        affectedEntities: includeDetails ? (0, entity_converter_1.toAffectedUserEntities)(affected) : undefined,
+    };
+}
+function detectServerOperatorsMember(users, includeDetails) {
+    const affected = users.filter((u) => {
+        if (!u.memberOf)
+            return false;
+        return u.memberOf.some((dn) => dn.includes('CN=Server Operators'));
+    });
+    return {
+        type: 'SERVER_OPERATORS_MEMBER',
+        severity: 'high',
+        category: 'accounts',
+        title: 'Server Operators Member',
+        description: 'Users in Server Operators group. Can manage domain controllers.',
+        count: affected.length,
+        affectedEntities: includeDetails ? (0, entity_converter_1.toAffectedUserEntities)(affected) : undefined,
+    };
+}
+function detectPrintOperatorsMember(users, includeDetails) {
+    const affected = users.filter((u) => {
+        if (!u.memberOf)
+            return false;
+        return u.memberOf.some((dn) => dn.includes('CN=Print Operators'));
+    });
+    return {
+        type: 'PRINT_OPERATORS_MEMBER',
+        severity: 'high',
+        category: 'accounts',
+        title: 'Print Operators Member',
+        description: 'Users in Print Operators group. Can load drivers and manage printers on DCs.',
+        count: affected.length,
+        affectedEntities: includeDetails ? (0, entity_converter_1.toAffectedUserEntities)(affected) : undefined,
+    };
+}
+function detectInactive365Days(users, includeDetails) {
+    const now = Date.now();
+    const oneYearAgo = now - 365 * 24 * 60 * 60 * 1000;
+    const affected = users.filter((u) => {
+        if (!u.lastLogon)
+            return false;
+        return u.lastLogon.getTime() < oneYearAgo;
+    });
+    return {
+        type: 'INACTIVE_365_DAYS',
+        severity: 'medium',
+        category: 'accounts',
+        title: 'Inactive 365+ Days',
+        description: 'User accounts inactive for 365+ days. Should be disabled or deleted.',
+        count: affected.length,
+        affectedEntities: includeDetails ? (0, entity_converter_1.toAffectedUserEntities)(affected) : undefined,
+    };
+}
+function detectStaleAccount(users, includeDetails) {
+    const now = Date.now();
+    const sixMonthsAgo = now - 180 * 24 * 60 * 60 * 1000;
+    const affected = users.filter((u) => {
+        if (!u.enabled)
+            return false;
+        if (!u.lastLogon)
+            return false;
+        const lastLogonTime = u.lastLogon instanceof Date ? u.lastLogon.getTime() : new Date(u.lastLogon).getTime();
+        if (isNaN(lastLogonTime))
+            return false;
+        return lastLogonTime < sixMonthsAgo;
+    });
+    return {
+        type: 'STALE_ACCOUNT',
+        severity: 'high',
+        category: 'accounts',
+        title: 'Stale Account (180+ Days)',
+        description: 'Enabled user accounts inactive for 180+ days. Stale accounts increase attack surface and should be reviewed.',
+        count: affected.length,
+        affectedEntities: includeDetails ? (0, entity_converter_1.toAffectedUserEntities)(affected) : undefined,
+    };
+}
+function detectNeverLoggedOn(users, includeDetails) {
+    const affected = users.filter((u) => {
+        if (!u.enabled)
+            return false;
+        return !u.lastLogon;
+    });
+    return {
+        type: 'NEVER_LOGGED_ON',
+        severity: 'medium',
+        category: 'accounts',
+        title: 'Never Logged On',
+        description: 'Enabled user accounts that have never logged into the domain. May indicate orphaned accounts, provisioning issues, or unused accounts that should be disabled.',
+        count: affected.length,
+        affectedEntities: includeDetails ? (0, entity_converter_1.toAffectedUserEntities)(affected) : undefined,
+    };
+}
+function filetimeToDate(filetime) {
+    if (!filetime)
+        return null;
+    const ft = typeof filetime === 'string' ? BigInt(filetime) : BigInt(filetime);
+    if (ft === BigInt(0) || ft === BigInt('9223372036854775807'))
+        return null;
+    const ms = Number(ft / BigInt(10000)) - 11644473600000;
+    return new Date(ms);
+}
+function detectAccountExpireSoon(users, includeDetails) {
+    const now = Date.now();
+    const thirtyDaysFromNow = now + 30 * 24 * 60 * 60 * 1000;
+    const affected = users.filter((u) => {
+        if (!u.enabled)
+            return false;
+        const expiresDate = filetimeToDate(u.accountExpires);
+        if (!expiresDate)
+            return false;
+        return expiresDate.getTime() > now && expiresDate.getTime() <= thirtyDaysFromNow;
+    });
+    return {
+        type: 'ACCOUNT_EXPIRE_SOON',
+        severity: 'medium',
+        category: 'accounts',
+        title: 'Account Expiring Soon',
+        description: 'User accounts set to expire within the next 30 days. Review if these expirations are intentional or if accounts need to be extended.',
+        count: affected.length,
+        affectedEntities: includeDetails ? (0, entity_converter_1.toAffectedUserEntities)(affected) : undefined,
+    };
+}
+function detectAdminLogonCountLow(users, includeDetails) {
+    const affected = users.filter((u) => {
+        if (!u.enabled)
+            return false;
+        if (u.adminCount !== 1)
+            return false;
+        const logonCount = u['logonCount'];
+        return logonCount !== undefined && logonCount < 5;
+    });
+    return {
+        type: 'ADMIN_LOGON_COUNT_LOW',
+        severity: 'low',
+        category: 'accounts',
+        title: 'Admin Account with Low Logon Count',
+        description: 'Administrative accounts (adminCount=1) with fewer than 5 logons. May indicate unused privileged accounts that should be reviewed or disabled.',
+        count: affected.length,
+        affectedEntities: includeDetails ? (0, entity_converter_1.toAffectedUserEntities)(affected) : undefined,
+    };
+}
+function detectTestAccount(users, includeDetails) {
+    const testPatterns = [/^test/i, /test$/i, /_test/i, /\.test/i, /^demo/i, /^temp/i];
+    const affected = users.filter((u) => {
+        return testPatterns.some((pattern) => pattern.test(u.sAMAccountName));
+    });
+    return {
+        type: 'TEST_ACCOUNT',
+        severity: 'medium',
+        category: 'accounts',
+        title: 'Test Account',
+        description: 'User accounts with test/demo/temp naming. Should be removed from production.',
+        count: affected.length,
+        affectedEntities: includeDetails ? (0, entity_converter_1.toAffectedUserEntities)(affected) : undefined,
+    };
+}
+function detectSharedAccount(users, includeDetails) {
+    const sharedPatterns = [/^shared/i, /^common/i, /^generic/i, /^service/i, /^svc/i];
+    const affected = users.filter((u) => {
+        return sharedPatterns.some((pattern) => pattern.test(u.sAMAccountName));
+    });
+    return {
+        type: 'SHARED_ACCOUNT',
+        severity: 'medium',
+        category: 'accounts',
+        title: 'Shared Account',
+        description: 'User accounts with shared/generic naming. Prevents proper accountability.',
+        count: affected.length,
+        affectedEntities: includeDetails ? (0, entity_converter_1.toAffectedUserEntities)(affected) : undefined,
+    };
+}
+function detectSmartcardNotRequired(users, includeDetails) {
+    const affected = users.filter((u) => {
+        if (!u.enabled)
+            return false;
+        if (!u.adminCount || u.adminCount !== 1)
+            return false;
+        const uac = u.userAccountControl || 0;
+        return (uac & 0x40000) === 0;
+    });
+    return {
+        type: 'SMARTCARD_NOT_REQUIRED',
+        severity: 'medium',
+        category: 'accounts',
+        title: 'Smartcard Not Required',
+        description: 'Privileged accounts (adminCount=1) without smartcard requirement. ' +
+            'High-value accounts should require strong authentication.',
+        count: affected.length,
+        affectedEntities: includeDetails ? (0, entity_converter_1.toAffectedUserEntities)(affected) : undefined,
+    };
+}
+function detectPrimaryGroupIdSpoofing(users, includeDetails) {
+    const affected = users.filter((u) => {
+        const primaryGroupId = u.primaryGroupID;
+        if (!primaryGroupId)
+            return false;
+        return primaryGroupId !== 513;
+    });
+    return {
+        type: 'PRIMARYGROUPID_SPOOFING',
+        severity: 'medium',
+        category: 'accounts',
+        title: 'primaryGroupID Spoofing',
+        description: 'User accounts with non-standard primaryGroupID. Can be used to hide group membership.',
+        count: affected.length,
+        affectedEntities: includeDetails ? (0, entity_converter_1.toAffectedUserEntities)(affected) : undefined,
+    };
+}
+const SERVICE_ACCOUNT_PATTERNS = [
+    /^svc[_-]/i,
+    /[_-]svc$/i,
+    /^service[_-]/i,
+    /[_-]service$/i,
+    /^sa[_-]/i,
+    /[_-]sa$/i,
+    /^app[_-]/i,
+    /^sql[_-]/i,
+    /^iis[_-]/i,
+    /^web[_-]/i,
+    /^batch[_-]/i,
+    /^task[_-]/i,
+    /^job[_-]/i,
+    /^daemon[_-]/i,
+    /^agent[_-]/i,
+];
+function getServicePrincipalNames(user) {
+    const spn = user['servicePrincipalName'];
+    if (!spn)
+        return [];
+    if (Array.isArray(spn))
+        return spn;
+    return [spn];
+}
+function isServiceAccount(user) {
+    const spns = getServicePrincipalNames(user);
+    if (spns.length > 0) {
+        return true;
+    }
+    return SERVICE_ACCOUNT_PATTERNS.some((pattern) => pattern.test(user.sAMAccountName));
+}
+function detectServiceAccountWithSpn(users, includeDetails) {
+    const affected = users.filter((u) => {
+        const spns = getServicePrincipalNames(u);
+        if (spns.length === 0)
+            return false;
+        if (u.userAccountControl && (u.userAccountControl & 0x2) !== 0)
+            return false;
+        return true;
+    });
+    return {
+        type: 'SERVICE_ACCOUNT_WITH_SPN',
+        severity: 'medium',
+        category: 'accounts',
+        title: 'Service Account with SPN (Kerberoasting Target)',
+        description: 'User accounts with Service Principal Name configured. These accounts are targets for Kerberoasting attacks where attackers request TGS tickets and crack them offline.',
+        count: affected.length,
+        affectedEntities: includeDetails ? (0, entity_converter_1.toAffectedUserEntities)(affected) : undefined,
+        details: affected.length > 0
+            ? {
+                recommendation: 'Use gMSA (Group Managed Service Accounts) instead. For existing accounts, ensure strong passwords (25+ chars) and regular rotation.',
+                spnCount: affected.reduce((sum, u) => sum + getServicePrincipalNames(u).length, 0),
+            }
+            : undefined,
+    };
+}
+function detectServiceAccountNaming(users, includeDetails) {
+    const affected = users.filter((u) => {
+        const spns = getServicePrincipalNames(u);
+        if (spns.length > 0)
+            return false;
+        if (u.userAccountControl && (u.userAccountControl & 0x2) !== 0)
+            return false;
+        return SERVICE_ACCOUNT_PATTERNS.some((pattern) => pattern.test(u.sAMAccountName));
+    });
+    return {
+        type: 'SERVICE_ACCOUNT_NAMING',
+        severity: 'low',
+        category: 'accounts',
+        title: 'Service Account by Naming Convention',
+        description: 'User accounts matching service account naming patterns (svc_, _svc, service, etc.) without SPN. Review if these are actual service accounts.',
+        count: affected.length,
+        affectedEntities: includeDetails ? (0, entity_converter_1.toAffectedUserEntities)(affected) : undefined,
+    };
+}
+function detectServiceAccountOldPassword(users, includeDetails) {
+    const now = Date.now();
+    const oneYearAgo = now - 365 * 24 * 60 * 60 * 1000;
+    const affected = users.filter((u) => {
+        if (!isServiceAccount(u))
+            return false;
+        if (u.userAccountControl && (u.userAccountControl & 0x2) !== 0)
+            return false;
+        if (!u.passwordLastSet)
+            return true;
+        return u.passwordLastSet.getTime() < oneYearAgo;
+    });
+    return {
+        type: 'SERVICE_ACCOUNT_OLD_PASSWORD',
+        severity: 'high',
+        category: 'accounts',
+        title: 'Service Account with Old Password',
+        description: 'Service accounts with passwords not changed in over 1 year. These accounts are high-value targets and passwords should be rotated regularly.',
+        count: affected.length,
+        affectedEntities: includeDetails ? (0, entity_converter_1.toAffectedUserEntities)(affected) : undefined,
+        details: affected.length > 0
+            ? {
+                recommendation: 'Rotate service account passwords every 90 days or migrate to gMSA for automatic password management.',
+            }
+            : undefined,
+    };
+}
+function detectServiceAccountPrivileged(users, includeDetails) {
+    const privilegedGroups = [
+        'Domain Admins',
+        'Enterprise Admins',
+        'Schema Admins',
+        'Administrators',
+        'Backup Operators',
+        'Account Operators',
+        'Server Operators',
+    ];
+    const affected = users.filter((u) => {
+        if (!isServiceAccount(u))
+            return false;
+        if (u.userAccountControl && (u.userAccountControl & 0x2) !== 0)
+            return false;
+        if (!u.memberOf)
+            return false;
+        return u.memberOf.some((dn) => privilegedGroups.some((group) => dn.includes(`CN=${group}`)));
+    });
+    return {
+        type: 'SERVICE_ACCOUNT_PRIVILEGED',
+        severity: 'critical',
+        category: 'accounts',
+        title: 'Service Account in Privileged Group',
+        description: 'Service accounts with membership in privileged groups (Domain Admins, etc.). If compromised, attackers gain full domain control.',
+        count: affected.length,
+        affectedEntities: includeDetails ? (0, entity_converter_1.toAffectedUserEntities)(affected) : undefined,
+        details: affected.length > 0
+            ? {
+                recommendation: 'Remove service accounts from privileged groups. Grant only the minimum permissions needed for the service to function.',
+            }
+            : undefined,
+    };
+}
+function detectServiceAccountNoPreauth(users, includeDetails) {
+    const DONT_REQUIRE_PREAUTH = 0x400000;
+    const affected = users.filter((u) => {
+        if (!isServiceAccount(u))
+            return false;
+        if (!u.userAccountControl)
+            return false;
+        if ((u.userAccountControl & 0x2) !== 0)
+            return false;
+        return (u.userAccountControl & DONT_REQUIRE_PREAUTH) !== 0;
+    });
+    return {
+        type: 'SERVICE_ACCOUNT_NO_PREAUTH',
+        severity: 'high',
+        category: 'accounts',
+        title: 'Service Account Without Pre-Authentication (AS-REP Roasting)',
+        description: 'Service accounts with "Do not require Kerberos pre-authentication" enabled. Attackers can request AS-REP tickets and crack them offline.',
+        count: affected.length,
+        affectedEntities: includeDetails ? (0, entity_converter_1.toAffectedUserEntities)(affected) : undefined,
+        details: affected.length > 0
+            ? {
+                recommendation: 'Enable Kerberos pre-authentication for all service accounts.',
+            }
+            : undefined,
+    };
+}
+function detectServiceAccountWeakEncryption(users, includeDetails) {
+    const affected = users.filter((u) => {
+        if (!isServiceAccount(u))
+            return false;
+        if (u.userAccountControl && (u.userAccountControl & 0x2) !== 0)
+            return false;
+        const encTypes = u['msDS-SupportedEncryptionTypes'];
+        if (!encTypes)
+            return false;
+        const encTypesNum = typeof encTypes === 'string' ? parseInt(encTypes, 10) : encTypes;
+        const hasOnlyWeak = (encTypesNum & 0x7) !== 0 && (encTypesNum & 0x18) === 0;
+        return hasOnlyWeak;
+    });
+    return {
+        type: 'SERVICE_ACCOUNT_WEAK_ENCRYPTION',
+        severity: 'medium',
+        category: 'accounts',
+        title: 'Service Account Using Weak Kerberos Encryption',
+        description: 'Service accounts configured to use only weak Kerberos encryption (DES/RC4) without AES. Makes offline cracking easier.',
+        count: affected.length,
+        affectedEntities: includeDetails ? (0, entity_converter_1.toAffectedUserEntities)(affected) : undefined,
+        details: affected.length > 0
+            ? {
+                recommendation: 'Enable AES128 and AES256 encryption for all service accounts.',
+            }
+            : undefined,
+    };
+}
+function detectAdminCountOrphaned(users, includeDetails) {
+    const adminGroups = [
+        'Domain Admins',
+        'Enterprise Admins',
+        'Schema Admins',
+        'Administrators',
+        'Account Operators',
+        'Server Operators',
+        'Backup Operators',
+        'Print Operators',
+    ];
+    const affected = users.filter((u) => {
+        if (u.adminCount !== 1)
+            return false;
+        const memberOf = u['memberOf'];
+        if (!memberOf || memberOf.length === 0)
+            return true;
+        const isInAdminGroup = memberOf.some((dn) => adminGroups.some((group) => dn.toLowerCase().includes(`cn=${group.toLowerCase()}`)));
+        return !isInAdminGroup;
+    });
+    return {
+        type: 'ADMIN_COUNT_ORPHANED',
+        severity: 'medium',
+        category: 'accounts',
+        title: 'Orphaned AdminCount Flag',
+        description: 'Accounts with adminCount=1 but not in any privileged group. This may indicate removed admins that still have residual privileges or SDProp protection.',
+        count: affected.length,
+        affectedEntities: includeDetails ? (0, entity_converter_1.toAffectedUserEntities)(affected) : undefined,
+        details: affected.length > 0
+            ? {
+                recommendation: 'Review these accounts. If no longer admins, clear adminCount flag and reset ACLs to allow proper inheritance.',
+                impact: 'Accounts may still have protected ACLs preventing proper management.',
+            }
+            : undefined,
+    };
+}
+function detectPrivilegedAccountSpn(users, includeDetails) {
+    const affected = users.filter((u) => {
+        if (u.adminCount !== 1)
+            return false;
+        if (!u.enabled)
+            return false;
+        const spn = u['servicePrincipalName'];
+        const hasSPN = spn && Array.isArray(spn) && spn.length > 0;
+        return hasSPN;
+    });
+    return {
+        type: 'PRIVILEGED_ACCOUNT_SPN',
+        severity: 'high',
+        category: 'accounts',
+        title: 'Privileged Account with SPN',
+        description: 'Privileged accounts (adminCount=1) have Service Principal Names configured. These accounts are vulnerable to Kerberoasting attacks.',
+        count: affected.length,
+        affectedEntities: includeDetails ? (0, entity_converter_1.toAffectedUserEntities)(affected) : undefined,
+        details: affected.length > 0
+            ? {
+                attackVector: 'Request TGS ticket → Offline crack password → Full admin access',
+                recommendation: 'Remove SPNs from admin accounts. Use dedicated service accounts (preferably gMSA) for services.',
+                criticalRisk: 'Compromising these accounts grants immediate Domain Admin or equivalent access.',
+            }
+            : undefined,
+    };
+}
+function detectAdminNoSmartcard(users, includeDetails) {
+    const affected = users.filter((u) => {
+        if (u.adminCount !== 1)
+            return false;
+        if (!u.enabled)
+            return false;
+        const smartcardRequired = u.userAccountControl ? (u.userAccountControl & 0x40000) !== 0 : false;
+        return !smartcardRequired;
+    });
+    return {
+        type: 'ADMIN_NO_SMARTCARD',
+        severity: 'medium',
+        category: 'accounts',
+        title: 'Admin Account Without Smartcard Requirement',
+        description: 'Privileged accounts can authenticate with passwords instead of smartcards. Passwords are more vulnerable to theft and phishing.',
+        count: affected.length,
+        affectedEntities: includeDetails ? (0, entity_converter_1.toAffectedUserEntities)(affected) : undefined,
+        details: affected.length > 0
+            ? {
+                recommendation: 'Enable "Smart card is required for interactive logon" for all admin accounts.',
+                benefits: [
+                    'Eliminates password-based attacks (phishing, credential theft)',
+                    'Provides two-factor authentication',
+                    'Reduces risk of credential replay attacks',
+                ],
+            }
+            : undefined,
+    };
+}
+function detectServiceAccountInteractive(users, includeDetails) {
+    const affected = users.filter((u) => {
+        const spn = u['servicePrincipalName'];
+        const hasSPN = spn && Array.isArray(spn) && spn.length > 0;
+        const servicePatterns = [/^svc[_-]/i, /^sa[_-]/i, /service/i, /^sql/i, /^iis/i, /^app/i];
+        const matchesPattern = servicePatterns.some((p) => p.test(u.sAMAccountName || ''));
+        if (!hasSPN && !matchesPattern)
+            return false;
+        if (!u.enabled)
+            return false;
+        const lastLogonStr = u.lastLogon;
+        if (lastLogonStr) {
+            const lastLogon = new Date(lastLogonStr);
+            const daysSinceLogon = (Date.now() - lastLogon.getTime()) / (1000 * 60 * 60 * 24);
+            if (daysSinceLogon < 30) {
+                return true;
+            }
+        }
+        const pwdNeverExpires = u.userAccountControl ? (u.userAccountControl & 0x10000) !== 0 : false;
+        const notDelegated = u.userAccountControl ? (u.userAccountControl & 0x100000) !== 0 : false;
+        return pwdNeverExpires && !notDelegated;
+    });
+    return {
+        type: 'SERVICE_ACCOUNT_INTERACTIVE',
+        severity: 'high',
+        category: 'accounts',
+        title: 'Service Account with Interactive Logon',
+        description: 'Service accounts appear to allow or use interactive logon. Service accounts should be restricted to service-only authentication.',
+        count: affected.length,
+        affectedEntities: includeDetails ? (0, entity_converter_1.toAffectedUserEntities)(affected) : undefined,
+        details: affected.length > 0
+            ? {
+                recommendation: 'Apply "Deny log on locally" and "Deny log on through Remote Desktop Services" rights. Use gMSA where possible.',
+                risks: [
+                    'Interactive sessions leave credentials in memory (mimikatz target)',
+                    'Increases attack surface for credential theft',
+                    'May indicate misuse of service accounts',
+                ],
+            }
+            : undefined,
+    };
+}
+function detectServiceAccountVulnerabilities(users, includeDetails) {
+    return [
+        detectServiceAccountWithSpn(users, includeDetails),
+        detectServiceAccountNaming(users, includeDetails),
+        detectServiceAccountOldPassword(users, includeDetails),
+        detectServiceAccountPrivileged(users, includeDetails),
+        detectServiceAccountNoPreauth(users, includeDetails),
+        detectServiceAccountWeakEncryption(users, includeDetails),
+    ].filter((finding) => finding.count > 0);
+}
+function detectReplicaDirectoryChanges(users, includeDetails) {
+    const replicationGroups = [
+        'Domain Controllers',
+        'Enterprise Domain Controllers',
+        'Administrators',
+        'Domain Admins',
+        'Enterprise Admins',
+    ];
+    const affected = users.filter((u) => {
+        if (!u.enabled || !u.memberOf)
+            return false;
+        const rawDesc = u['description'];
+        const description = typeof rawDesc === 'string' ? rawDesc : (Array.isArray(rawDesc) ? rawDesc[0] : '') || '';
+        const hasReplicationHint = description.toLowerCase().includes('replication') ||
+            description.toLowerCase().includes('dcsync') ||
+            description.toLowerCase().includes('directory sync');
+        const isServiceLike = /^(svc|service|sync|repl)/i.test(u.sAMAccountName);
+        const hasAdminCount = u.adminCount === 1;
+        const isInReplicationGroup = u.memberOf.some((dn) => replicationGroups.some((g) => dn.toLowerCase().includes(g.toLowerCase())));
+        return hasReplicationHint || (isServiceLike && hasAdminCount && !isInReplicationGroup);
+    });
+    return {
+        type: 'REPLICA_DIRECTORY_CHANGES',
+        severity: 'critical',
+        category: 'accounts',
+        title: 'Potential Directory Replication Rights',
+        description: 'Accounts that may have directory replication rights (DCSync capability). ' +
+            'These accounts can extract all password hashes from the domain.',
+        count: affected.length,
+        affectedEntities: includeDetails ? (0, entity_converter_1.toAffectedUserEntities)(affected) : undefined,
+        details: {
+            recommendation: 'Review ACLs on domain head for DS-Replication-Get-Changes rights. Only Domain Controllers should have this permission.',
+        },
+    };
+}
+function detectDangerousBuiltinMembership(users, includeDetails) {
+    const dangerousGroups = [
+        'Cert Publishers',
+        'RAS and IAS Servers',
+        'Windows Authorization Access Group',
+        'Terminal Server License Servers',
+        'Incoming Forest Trust Builders',
+        'Performance Log Users',
+        'Performance Monitor Users',
+        'Distributed COM Users',
+        'Remote Desktop Users',
+        'Network Configuration Operators',
+        'Cryptographic Operators',
+        'Event Log Readers',
+        'Hyper-V Administrators',
+        'Access Control Assistance Operators',
+        'Remote Management Users',
+    ];
+    const affected = users.filter((u) => {
+        if (!u.enabled || !u.memberOf)
+            return false;
+        return u.memberOf.some((dn) => dangerousGroups.some((g) => dn.toLowerCase().includes(g.toLowerCase())));
+    });
+    return {
+        type: 'DANGEROUS_BUILTIN_MEMBERSHIP',
+        severity: 'medium',
+        category: 'accounts',
+        title: 'Dangerous Built-in Group Membership',
+        description: 'User accounts with membership in overlooked but dangerous built-in groups. ' +
+            'These groups grant elevated privileges that may allow privilege escalation.',
+        count: affected.length,
+        affectedEntities: includeDetails ? (0, entity_converter_1.toAffectedUserEntities)(affected) : undefined,
+        details: {
+            dangerousGroups: dangerousGroups,
+        },
+    };
+}
+function detectLockedAccountAdmin(users, includeDetails) {
+    const adminGroups = [
+        'Domain Admins',
+        'Enterprise Admins',
+        'Schema Admins',
+        'Administrators',
+        'Account Operators',
+        'Server Operators',
+        'Backup Operators',
+    ];
+    const affected = users.filter((u) => {
+        if (!u.memberOf)
+            return false;
+        const isLocked = (u.lockoutTime && u.lockoutTime !== '0' && u.lockoutTime !== 0) ||
+            (u.userAccountControl && (u.userAccountControl & 0x10) !== 0);
+        const isAdmin = u.memberOf.some((dn) => adminGroups.some((g) => dn.toLowerCase().includes(g.toLowerCase())));
+        return isLocked && isAdmin;
+    });
+    return {
+        type: 'LOCKED_ACCOUNT_ADMIN',
+        severity: 'high',
+        category: 'accounts',
+        title: 'Locked Administrative Account',
+        description: 'Administrative accounts that are currently locked out. ' +
+            'May indicate password spray attacks or compromised credential attempts.',
+        count: affected.length,
+        affectedEntities: includeDetails ? (0, entity_converter_1.toAffectedUserEntities)(affected) : undefined,
+        details: {
+            recommendation: 'Investigate why these admin accounts are locked. Check security logs for failed authentication attempts.',
+        },
+    };
+}
+function detectAccountsVulnerabilities(users, includeDetails) {
+    return [
+        detectSensitiveDelegation(users, includeDetails),
+        detectDisabledAccountInAdminGroup(users, includeDetails),
+        detectExpiredAccountInAdminGroup(users, includeDetails),
+        detectSidHistory(users, includeDetails),
+        detectNotInProtectedUsers(users, includeDetails),
+        detectDomainAdminInDescription(users, includeDetails),
+        detectBackupOperatorsMember(users, includeDetails),
+        detectAccountOperatorsMember(users, includeDetails),
+        detectServerOperatorsMember(users, includeDetails),
+        detectPrintOperatorsMember(users, includeDetails),
+        detectStaleAccount(users, includeDetails),
+        detectInactive365Days(users, includeDetails),
+        detectNeverLoggedOn(users, includeDetails),
+        detectAccountExpireSoon(users, includeDetails),
+        detectAdminLogonCountLow(users, includeDetails),
+        detectTestAccount(users, includeDetails),
+        detectSharedAccount(users, includeDetails),
+        detectSmartcardNotRequired(users, includeDetails),
+        detectPrimaryGroupIdSpoofing(users, includeDetails),
+        detectServiceAccountWithSpn(users, includeDetails),
+        detectServiceAccountNaming(users, includeDetails),
+        detectServiceAccountOldPassword(users, includeDetails),
+        detectServiceAccountPrivileged(users, includeDetails),
+        detectServiceAccountNoPreauth(users, includeDetails),
+        detectServiceAccountWeakEncryption(users, includeDetails),
+        detectAdminCountOrphaned(users, includeDetails),
+        detectPrivilegedAccountSpn(users, includeDetails),
+        detectAdminNoSmartcard(users, includeDetails),
+        detectServiceAccountInteractive(users, includeDetails),
+        detectReplicaDirectoryChanges(users, includeDetails),
+        detectDangerousBuiltinMembership(users, includeDetails),
+        detectLockedAccountAdmin(users, includeDetails),
+    ].filter((finding) => finding.count > 0);
+}
+//# sourceMappingURL=accounts.detector.js.map