https://goshs.de/en/usage/collaboration/ldap/index.html How to use goshs as an LDAP server goshs can act as a rogue LDAP server. Any client that connects and authenticates — whether it sends a plaintext DN/password bind, a SASL PLAIN credential, or an NTLM handshake — will have those credentials captured and displayed in real time in the goshs web UI. This is useful for: Coercing Windows clients or services into authenticating against your server (e.g., via relay or misconfiguration) Exploiting Log4Shell (CVE-2021-44228) and similar JNDI injection vulnerabilities Capturing LDAP bind credentials from misconfigured applications and appliances Hugo en-US