Added -ldap-port flag in the find action

README.md

@@ -116,6 +116,11 @@ authentication options:
   -sspi                 Use Windows Integrated Authentication (SSPI)
   -aes hex key          AES key to use for Kerberos Authentication (128 or 256 bits)
   -no-pass              Don't ask for password (useful for -k and -sspi)
+
+ldap options:
+  -ldap-channel-binding
+                        Use LDAP channel binding for LDAP communication (LDAPS only)
+  -ldap-port LDAP_PORT  Choose LDAP port
 ```
 
 The output can come in various formats. By default, Certipy will output the enumeration results as text, JSON, and BloodHound data.

certipy/commands/parsers/target.py

@@ -103,4 +103,10 @@ def add_argument_group(
         "-ldap-channel-binding",
         action="store_true",
         help="Use LDAP channel binding for LDAP communication (LDAPS only)",
-    )
+    )
+    group.add_argument(
+        "-ldap-port",
+        action="store",
+        required=False,
+        help="Choose LDAP port",
+    )

certipy/lib/ldap.py

@@ -52,9 +52,15 @@ def __init__(self, target: Target, scheme: str = "ldaps"):
         self.target = target
         self.scheme = scheme
         if self.scheme == "ldap":
-            self.port = 389
+            if target.ldap_port is not None:
+                self.port = int(target.ldap_port)
+            else:
+                self.port = 389
         elif self.scheme == "ldaps":
-            self.port = 636
+            if target.ldap_port is not None:
+                self.port = int(target.ldap_port)
+            else:
+                self.port = 636
 
         self.default_path: str = None
         self.configuration_path: str = None
@@ -105,7 +111,7 @@ def connect(self, version: ssl._SSLMethod = None) -> None:
                     connect_timeout=self.target.timeout,
                 )
 
-            logging.debug("Authenticating to LDAP server")
+            logging.debug("Authenticating to LDAP server on port %s", self.port)
 
             if self.target.do_kerberos or self.target.use_sspi:
                 ldap_conn = ldap3.Connection(
@@ -145,7 +151,10 @@ def connect(self, version: ssl._SSLMethod = None) -> None:
                         "Trying to connect over LDAPS instead..."
                     )
                     self.scheme = "ldaps"
-                    self.port = 636
+                    if self.target.ldap_port is not None:
+                        self.port = int(self.target.ldap_port)
+                    else:
+                        self.port = 636
                     return self.connect()
                 else:
                     if result["description"] == "invalidCredentials" and result["message"].split(":")[0] == "80090346":

certipy/lib/target.py

@@ -159,6 +159,7 @@ def __init__(self):
         self.timeout: int = 5
         self.resolver: Resolver = None
         self.ldap_channel_binding = None
+        self.ldap_port: int = 0
 
     @staticmethod
     def from_options(
@@ -255,6 +256,9 @@ def from_options(
             else:
                 raise Exception("Could not find a target in the specified options")
 
+        if options.ldap_port is not None:
+            ldap_port = options.ldap_port
+
         self.domain = domain
         self.username = username
         self.password = password
@@ -269,6 +273,7 @@ def from_options(
         self.dc_host = dc_host
         self.timeout = options.timeout
         self.ldap_channel_binding = options.ldap_channel_binding
+        self.ldap_port = ldap_port
 
         if dc_as_target and options.dc_ip is None and is_ip(remote_name):
             self.dc_ip = remote_name
@@ -307,6 +312,7 @@ def create(
         dns_tcp: bool = False,
         timeout: int = 5,
         ldap_channel_binding: bool = False,
+        ldap_port: int = 0,
     ) -> "Target":
 
         self = Target()
@@ -366,6 +372,7 @@ def create(
         self.dc_ip = dc_ip
         self.timeout = timeout
         self.ldap_channel_binding = ldap_channel_binding
+        self.ldap_port = ldap_port
 
         if ns is None:
             ns = dc_ip