SPN发现 cmd¶ >setspn -T 域名 -Q */* Powershell¶ https://github.com/PyroTek3/PowerShell-AD-Recon Powerview >Get-NetComputer -SPN termsrv* >Get-NetUser -SPN >import module GetUserSPNs.ps1 Empire¶ >usemodule situational_awareness/network/get_spn
