diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..f3be1d7
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,59 @@
+*~
+TODO
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+env/
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+*.egg-info/
+.installed.cfg
+*.egg
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*,cover
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+target/
\ No newline at end of file
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..94a9ed0
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,674 @@
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                            Preamble
+
+  The GNU General Public License is a free, copyleft license for
+software and other kinds of works.
+
+  The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works.  By contrast,
+the GNU General Public License is intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users.  We, the Free Software Foundation, use the
+GNU General Public License for most of our software; it applies also to
+any other work released this way by its authors.  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+  To protect your rights, we need to prevent others from denying you
+these rights or asking you to surrender the rights.  Therefore, you have
+certain responsibilities if you distribute copies of the software, or if
+you modify it: responsibilities to respect the freedom of others.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must pass on to the recipients the same
+freedoms that you received.  You must make sure that they, too, receive
+or can get the source code.  And you must show them these terms so they
+know their rights.
+
+  Developers that use the GNU GPL protect your rights with two steps:
+(1) assert copyright on the software, and (2) offer you this License
+giving you legal permission to copy, distribute and/or modify it.
+
+  For the developers' and authors' protection, the GPL clearly explains
+that there is no warranty for this free software.  For both users' and
+authors' sake, the GPL requires that modified versions be marked as
+changed, so that their problems will not be attributed erroneously to
+authors of previous versions.
+
+  Some devices are designed to deny users access to install or run
+modified versions of the software inside them, although the manufacturer
+can do so.  This is fundamentally incompatible with the aim of
+protecting users' freedom to change the software.  The systematic
+pattern of such abuse occurs in the area of products for individuals to
+use, which is precisely where it is most unacceptable.  Therefore, we
+have designed this version of the GPL to prohibit the practice for those
+products.  If such problems arise substantially in other domains, we
+stand ready to extend this provision to those domains in future versions
+of the GPL, as needed to protect the freedom of users.
+
+  Finally, every program is threatened constantly by software patents.
+States should not allow patents to restrict development and use of
+software on general-purpose computers, but in those that do, we wish to
+avoid the special danger that patents applied to a free program could
+make it effectively proprietary.  To prevent this, the GPL assures that
+patents cannot be used to render the program non-free.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                       TERMS AND CONDITIONS
+
+  0. Definitions.
+
+  "This License" refers to version 3 of the GNU General Public License.
+
+  "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+  "The Program" refers to any copyrightable work licensed under this
+License.  Each licensee is addressed as "you".  "Licensees" and
+"recipients" may be individuals or organizations.
+
+  To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy.  The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+  A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+  To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy.  Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+  To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies.  Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+  An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License.  If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+  1. Source Code.
+
+  The "source code" for a work means the preferred form of the work
+for making modifications to it.  "Object code" means any non-source
+form of a work.
+
+  A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+  The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form.  A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+  The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities.  However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work.  For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+  The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+  The Corresponding Source for a work in source code form is that
+same work.
+
+  2. Basic Permissions.
+
+  All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met.  This License explicitly affirms your unlimited
+permission to run the unmodified Program.  The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work.  This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+  You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force.  You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright.  Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+  Conveying under any other circumstances is permitted solely under
+the conditions stated below.  Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+  No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+  When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+  4. Conveying Verbatim Copies.
+
+  You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+  You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+  5. Conveying Modified Source Versions.
+
+  You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+    a) The work must carry prominent notices stating that you modified
+    it, and giving a relevant date.
+
+    b) The work must carry prominent notices stating that it is
+    released under this License and any conditions added under section
+    7.  This requirement modifies the requirement in section 4 to
+    "keep intact all notices".
+
+    c) You must license the entire work, as a whole, under this
+    License to anyone who comes into possession of a copy.  This
+    License will therefore apply, along with any applicable section 7
+    additional terms, to the whole of the work, and all its parts,
+    regardless of how they are packaged.  This License gives no
+    permission to license the work in any other way, but it does not
+    invalidate such permission if you have separately received it.
+
+    d) If the work has interactive user interfaces, each must display
+    Appropriate Legal Notices; however, if the Program has interactive
+    interfaces that do not display Appropriate Legal Notices, your
+    work need not make them do so.
+
+  A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit.  Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+  6. Conveying Non-Source Forms.
+
+  You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+    a) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by the
+    Corresponding Source fixed on a durable physical medium
+    customarily used for software interchange.
+
+    b) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by a
+    written offer, valid for at least three years and valid for as
+    long as you offer spare parts or customer support for that product
+    model, to give anyone who possesses the object code either (1) a
+    copy of the Corresponding Source for all the software in the
+    product that is covered by this License, on a durable physical
+    medium customarily used for software interchange, for a price no
+    more than your reasonable cost of physically performing this
+    conveying of source, or (2) access to copy the
+    Corresponding Source from a network server at no charge.
+
+    c) Convey individual copies of the object code with a copy of the
+    written offer to provide the Corresponding Source.  This
+    alternative is allowed only occasionally and noncommercially, and
+    only if you received the object code with such an offer, in accord
+    with subsection 6b.
+
+    d) Convey the object code by offering access from a designated
+    place (gratis or for a charge), and offer equivalent access to the
+    Corresponding Source in the same way through the same place at no
+    further charge.  You need not require recipients to copy the
+    Corresponding Source along with the object code.  If the place to
+    copy the object code is a network server, the Corresponding Source
+    may be on a different server (operated by you or a third party)
+    that supports equivalent copying facilities, provided you maintain
+    clear directions next to the object code saying where to find the
+    Corresponding Source.  Regardless of what server hosts the
+    Corresponding Source, you remain obligated to ensure that it is
+    available for as long as needed to satisfy these requirements.
+
+    e) Convey the object code using peer-to-peer transmission, provided
+    you inform other peers where the object code and Corresponding
+    Source of the work are being offered to the general public at no
+    charge under subsection 6d.
+
+  A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+  A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling.  In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage.  For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product.  A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+  "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source.  The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+  If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information.  But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+  The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed.  Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+  Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+  7. Additional Terms.
+
+  "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law.  If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+  When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it.  (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.)  You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+  Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+    a) Disclaiming warranty or limiting liability differently from the
+    terms of sections 15 and 16 of this License; or
+
+    b) Requiring preservation of specified reasonable legal notices or
+    author attributions in that material or in the Appropriate Legal
+    Notices displayed by works containing it; or
+
+    c) Prohibiting misrepresentation of the origin of that material, or
+    requiring that modified versions of such material be marked in
+    reasonable ways as different from the original version; or
+
+    d) Limiting the use for publicity purposes of names of licensors or
+    authors of the material; or
+
+    e) Declining to grant rights under trademark law for use of some
+    trade names, trademarks, or service marks; or
+
+    f) Requiring indemnification of licensors and authors of that
+    material by anyone who conveys the material (or modified versions of
+    it) with contractual assumptions of liability to the recipient, for
+    any liability that these contractual assumptions directly impose on
+    those licensors and authors.
+
+  All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10.  If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term.  If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+  If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+  Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+  8. Termination.
+
+  You may not propagate or modify a covered work except as expressly
+provided under this License.  Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+  However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+  Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+  Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License.  If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+  9. Acceptance Not Required for Having Copies.
+
+  You are not required to accept this License in order to receive or
+run a copy of the Program.  Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance.  However,
+nothing other than this License grants you permission to propagate or
+modify any covered work.  These actions infringe copyright if you do
+not accept this License.  Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+  10. Automatic Licensing of Downstream Recipients.
+
+  Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License.  You are not responsible
+for enforcing compliance by third parties with this License.
+
+  An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations.  If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+  You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License.  For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+  11. Patents.
+
+  A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based.  The
+work thus licensed is called the contributor's "contributor version".
+
+  A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version.  For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+  Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+  In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement).  To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+  If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients.  "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+  If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+  A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License.  You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+  Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+  12. No Surrender of Others' Freedom.
+
+  If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all.  For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+  13. Use with the GNU Affero General Public License.
+
+  Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU Affero General Public License into a single
+combined work, and to convey the resulting work.  The terms of this
+License will continue to apply to the part which is the covered work,
+but the special requirements of the GNU Affero General Public License,
+section 13, concerning interaction through a network will apply to the
+combination as such.
+
+  14. Revised Versions of this License.
+
+  The Free Software Foundation may publish revised and/or new versions of
+the GNU General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+  Each version is given a distinguishing version number.  If the
+Program specifies that a certain numbered version of the GNU General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation.  If the Program does not specify a version number of the
+GNU General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+  If the Program specifies that a proxy can decide which future
+versions of the GNU General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+  Later license versions may give you additional or different
+permissions.  However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+  15. Disclaimer of Warranty.
+
+  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+  16. Limitation of Liability.
+
+  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+  17. Interpretation of Sections 15 and 16.
+
+  If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper mail.
+
+  If the program does terminal interaction, make it output a short
+notice like this when it starts in an interactive mode:
+
+    <program>  Copyright (C) <year>  <name of author>
+    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, your program's commands
+might be different; for a GUI interface, you would use an "about box".
+
+  You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU GPL, see
+<http://www.gnu.org/licenses/>.
+
+  The GNU General Public License does not permit incorporating your program
+into proprietary programs.  If your program is a subroutine library, you
+may consider it more useful to permit linking proprietary applications with
+the library.  If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.  But first, please read
+<http://www.gnu.org/philosophy/why-not-lgpl.html>.
diff --git a/MANIFEST.in b/MANIFEST.in
new file mode 100644
index 0000000..64ad321
--- /dev/null
+++ b/MANIFEST.in
@@ -0,0 +1 @@
+include README.md LICENSE
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..e9ed445
--- /dev/null
+++ b/README.md
@@ -0,0 +1,204 @@
+# PywerView
+      ____                        __     ___
+     |  _ \ _   ___      _____ _ _\ \   / (_) _____      __
+     | |_) | | | \ \ /\ / / _ \ '__\ \ / /| |/ _ \ \ /\ / /
+     |  __/| |_| |\ V  V /  __/ |   \ V / | |  __/\ V  V /
+     |_|    \__, | \_/\_/ \___|_|    \_/  |_|\___| \_/\_/
+            |___/
+
+A (partial) Python rewriting of [PowerSploit](https://github.com/PowerShellMafia/PowerSploit)'s
+[PowerView](https://github.com/PowerShellMafia/PowerSploit/tree/master/Recon).
+
+Fork me on [GitHub](https://github.com/the-useless-one/pywerview).
+
+![License](https://img.shields.io/github/license/the-useless-one/pywerview.svg?maxAge=2592000)
+![Python versions](https://img.shields.io/pypi/pyversions/pywerview.svg?maxAge=2592000)
+[![GitHub release](https://img.shields.io/github/release/the-useless-one/pywerview.svg?maxAge=2592001&label=GitHub%20release)](https://github.com/the-useless-one/pywerview/releases/latest)
+[![PyPI version](https://img.shields.io/pypi/v/pywerview.svg?maxAge=2592000)](https://pypi.python.org/pypi/pywerview)
+
+## HISTORY
+
+As a pentester, I love using PowerView during my assignments. It makes it so
+easy to find vulnerable machines, or list what domain users were added to the
+local Administrators group of a machine, and much more.
+
+However, running PowerView on a computer which is not connected to the domain
+is a pain: I always find myself using [mimikatz](https://github.com/gentilkiwi/mimikatz/)'s
+`sekurlsa::pth` to run a Powershell prompt with stolen domain credentials, and
+that's not easy to script. Plus, I'm a Linux guy and I've always found it a
+shame that there were no complete Windows/Active Directory enumeration tool on
+Linux.
+
+That's why I decided to rewrite some of PowerView's functionalities in Python,
+using the wonderful [impacket](https://github.com/SecureAuthCorp/impacket)
+library.
+
+*Update:* I haven't tested the last version of PowerView yet, which can run
+from a machine not connected to a domain. I don't know if it works correctly
+under Linux using Powershell. If anyone has had any experience with this at all,
+you can contact me, I'm really interested. We'll see if pywerview has become
+obsoleted ;) but I think I'll continue working on it eitherway: I'd still
+rather use Python than Powershell on Linux, and I'm learning a lot! Plus, it
+may integrated in existing Linux tools written in Python. It's still great news
+that PowerView now supports machines not connected to the domain!
+
+## DISCLAIMER
+
+This tool is far from complete (as you'll see in the [TODO](#todo) section)! I
+still have a lot more awesome PowerView functionalities to implement (the user
+hunting functions, the GPO functions, the local process enumeration, etc.),
+but I still think it can be useful as is.
+
+It's also (very) possible that there are (many) bugs in the code: I've only
+tested the simplest test cases. If you use this tool during an assignment and
+you get an error, please, open an issue with the error and the conditions that
+triggered this error.
+
+Also, blah blah blah, don't use it for evil purposes.
+
+## REQUIREMENTS
+
+* Python 3.6
+* impacket >= 0.9.22
+* ldap3 >= 2.8.1
+
+## FUNCTIONALITIES
+
+If you like living on the bleeding edge, check out the
+[development branch](https://github.com/the-useless-one/pywerview/tree/develop).
+
+Here's the list of available commands:
+
+    $ ./pywerview.py --help
+    usage: pywerview.py [-h]
+                        {get-adobject,get-netuser,get-netgroup,get-netcomputer,get-netdomaincontroller,get-netfileserver,get-dfsshare,get-netou,get-netsite,get-netsubnet,get-netgpo,get-domainpolicy,get-gpttmpl,get-netgpogroup,get-netgroupmember,get-netsession,get-localdisks,get-netdomain,get-netshare,get-netloggedon,get-netlocalgroup,invoke-checklocaladminaccess,get-netprocess,get-userevent,invoke-userhunter,invoke-processhunter,invoke-eventhunter}
+                        ...
+
+    Rewriting of some PowerView's functionalities in Python
+
+    optional arguments:
+      -h, --help            show this help message and exit
+
+    Subcommands:
+      Available subcommands
+
+      {get-adobject,get-netuser,get-netgroup,get-netcomputer,get-netdomaincontroller,get-netfileserver,get-dfsshare,get-netou,get-netsite,get-netsubnet,get-netgpo,get-domainpolicy,get-gpttmpl,get-netgpogroup,find-gpocomputeradmin,find-gpolocation,get-netgroupmember,get-netsession,get-localdisks,get-netdomain,get-netshare,get-netloggedon,get-netlocalgroup,invoke-checklocaladminaccess,get-netprocess,get-userevent,invoke-userhunter,invoke-processhunter,invoke-eventhunter}
+        get-adobject        Takes a domain SID, samAccountName or name, and return
+                            the associated object
+        get-netuser         Queries information about a domain user
+        get-netgroup        Get a list of all current domain groups, or a list of
+                            groups a domain user is member of
+        get-netcomputer     Queries informations about domain computers
+        get-netdomaincontroller
+                            Get a list of domain controllers for the given domain
+        get-netfileserver   Return a list of file servers, extracted from the
+                            domain users' homeDirectory, scriptPath, and
+                            profilePath fields
+        get-dfsshare        Return a list of all fault tolerant distributed file
+                            systems for a given domain
+        get-netou           Get a list of all current OUs in the domain
+        get-netsite         Get a list of all current sites in the domain
+        get-netsubnet       Get a list of all current subnets in the domain
+        get-netgpo          Get a list of all current GPOs in the domain
+        get-domainpolicy    Returns the default domain or DC policy for the
+                            queried domain or DC
+        get-gpttmpl         Helper to parse a GptTmpl.inf policy file path into a
+                            custom object
+        get-netgpogroup     Parses all GPOs in the domain that set "Restricted
+                            Group" or "Groups.xml"
+        find-gpocomputeradmin
+                            Takes a computer (or OU) and determine who has
+                            administrative access to it via GPO
+        find-gpolocation    Takes a username or a group name and determine the
+                            computers it has administrative access to via GPO
+        get-netgroupmember  Return a list of members of a domain group
+        get-netsession      Queries a host to return a list of active sessions on
+                            the host (you can use local credentials instead of
+                            domain credentials)
+        get-localdisks      Queries a host to return a list of active disks on the
+                            host (you can use local credentials instead of domain
+                            credentials)
+        get-netdomain       Queries a host for available domains
+        get-netshare        Queries a host to return a list of available shares on
+                            the host (you can use local credentials instead of
+                            domain credentials)
+        get-netloggedon     This function will execute the NetWkstaUserEnum RPC
+                            call to query a given host for actively logged on
+                            users
+        get-netlocalgroup   Gets a list of members of a local group on a machine,
+                            or returns every local group. You can use local
+                            credentials instead of domain credentials, however,
+                            domain credentials are needed to resolve domain SIDs.
+        invoke-checklocaladminaccess
+                            Checks if the given user has local admin access on the
+                            given host
+        get-netprocess      This function will execute the 'Select * from
+                            Win32_Process' WMI query to a given host for a list of
+                            executed process
+        get-userevent       This function will execute the 'Select * from
+                            Win32_Process' WMI query to a given host for a list of
+                            executed process
+        invoke-userhunter   Finds which machines domain users are logged into
+        invoke-processhunter
+                            Searches machines for processes with specific name, or
+                            ran by specific users
+        invoke-eventhunter  Searches machines for events with specific name, or
+                            ran by specific users
+
+Take a look at the [wiki](https://github.com/the-useless-one/pywerview/wiki) to
+see a more detailed usage of every command.
+
+*Attention:* in every command, the used domain name must be the post-Win2k UPN,
+and not the Win2k compatible name.
+
+For example, my domain name is `uselessdomain.local`. The Win2K compatible name
+is `USELESSDOMAIN`. In every command,  I must use __`uselessdomain.local`__ as
+an argument, and __not__ `USELESSDOMAIN`.
+
+## TODO
+
+* Many, many more PowerView functionalities to implement. I'll now focus on
+  forest functions, then inter-forest trust functions
+* Lots of rewrite due to the last version of PowerView
+* Implement a debugging mode (for easier troubleshooting)
+* Gracefully fail against Unix machines running Samba
+* Support Kerberos authentication
+* Perform range cycling in `get-netgroupmember`
+* Manage request to the Global Catalog
+* Try to fall back to `tcp/139` for RPC communications if `tcp/445` is closed
+* Comment, document, and clean the code
+
+## THANKS
+
+* Thanks to the [@PowerSploit](https://github.com/PowerShellMafia/PowerSploit/)
+  team for an awesome tool.
+* Thanks to [@CoreSecurity](https://github.com/CoreSecurity/) for this complete
+  and comprehensive library that is [impacket](https://github.com/CoreSecurity/impacket).
+* Special thanks to [@asolino](https://github.com/asolino) for his help on
+  developing using impacket.
+* Thanks to [@byt3bl33d3r](https://github.com/byt3bl33d3r) for his
+  contributions.
+* Thanks to [@ThePirateWhoSmellsOfSunflowers](https://github.com/ThePirateWhoSmellsOfSunflowers)
+  for his debugging, love you baby :heart:
+* Thanks to [@mpgn](https://github.com/mpgn) for his python 3 contributions.
+
+## COPYRIGHT
+
+PywerView - A Python rewriting of PowerSploit's PowerView
+
+Yannick Méheut [yannick (at) meheut (dot) org] - Copyright © 2021
+
+This program is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by the
+Free Software Foundation, either version 3 of the License, or (at your
+option) any later version.
+
+This program is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
+Public License for more details.
+
+You should have received a copy of the GNU General Public License along
+with this program. If not, see
+[http://www.gnu.org/licenses/](http://www.gnu.org/licenses/).
+
diff --git a/pywerview.py b/pywerview.py
new file mode 100755
index 0000000..d93e5a8
--- /dev/null
+++ b/pywerview.py
@@ -0,0 +1,24 @@
+#!/usr/bin/env python3
+#
+# This file is part of PywerView.
+
+# PywerView is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# PywerView is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with PywerView.  If not, see <http://www.gnu.org/licenses/>.
+
+# Yannick Méheut [yannick (at) meheut (dot) org] - Copyright © 2021
+
+from pywerview.cli.main import main
+
+if __name__ == '__main__':
+    main()
+
diff --git a/pywerview/__init__.py b/pywerview/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/pywerview/cli/__init__.py b/pywerview/cli/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/pywerview/cli/helpers.py b/pywerview/cli/helpers.py
new file mode 100644
index 0000000..911942a
--- /dev/null
+++ b/pywerview/cli/helpers.py
@@ -0,0 +1,330 @@
+#!/usr/bin/env python
+#
+# This file is part of PywerView.
+
+# PywerView is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# PywerView is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with PywerView.  If not, see <http://www.gnu.org/licenses/>.
+
+# Yannick Méheut [yannick (at) meheut (dot) org] - Copyright © 2021
+
+from pywerview.functions.net import NetRequester
+from pywerview.functions.gpo import GPORequester
+from pywerview.functions.misc import Misc
+from pywerview.functions.hunting import UserHunter, ProcessHunter, EventHunter
+
+def get_adobject(domain_controller, domain, user, password=str(),
+                lmhash=str(), nthash=str(), queried_domain=str(), queried_sid=str(),
+                queried_name=str(), queried_sam_account_name=str(), ads_path=str(),
+                custom_filter=str()):
+    requester = NetRequester(domain_controller, domain, user, password,
+                                 lmhash, nthash)
+    return requester.get_adobject(queried_domain=queried_domain,
+                    queried_sid=queried_sid, queried_name=queried_name,
+                    queried_sam_account_name=queried_sam_account_name,
+                    ads_path=ads_path, custom_filter=custom_filter)
+
+def get_netuser(domain_controller, domain, user, password=str(), lmhash=str(),
+                nthash=str(), queried_username=str(), queried_domain=str(), ads_path=str(),
+                admin_count=False, spn=False, unconstrained=False, allow_delegation=False,
+                preauth_notreq=False, custom_filter=str(),
+                attributes=[]):
+    requester = NetRequester(domain_controller, domain, user, password,
+                             lmhash, nthash)
+    return requester.get_netuser(queried_username=queried_username,
+                                    queried_domain=queried_domain, ads_path=ads_path, admin_count=admin_count,
+                                    spn=spn, unconstrained=unconstrained, allow_delegation=allow_delegation,
+                                    preauth_notreq=preauth_notreq, custom_filter=custom_filter,
+                                    attributes=attributes)
+
+def get_netgroup(domain_controller, domain, user, password=str(),
+                lmhash=str(), nthash=str(), queried_groupname='*', queried_sid=str(),
+                queried_username=str(), queried_domain=str(), ads_path=str(),
+                admin_count=False, full_data=False, custom_filter=str()):
+    requester = NetRequester(domain_controller, domain, user, password,
+                                lmhash, nthash)
+    return requester.get_netgroup(queried_groupname=queried_groupname,
+                                    queried_sid=queried_sid, queried_username=queried_username,
+                                    queried_domain=queried_domain, ads_path=ads_path, admin_count=admin_count,
+                                    full_data=full_data, custom_filter=custom_filter)
+
+def get_netcomputer(domain_controller, domain, user, password=str(),
+                    lmhash=str(), nthash=str(), queried_computername='*', queried_spn=str(),
+                    queried_os=str(), queried_sp=str(), queried_domain=str(), ads_path=str(),
+                    printers=False, unconstrained=False, ping=False, full_data=False,
+                    custom_filter=str(), attributes=[]):
+    requester = NetRequester(domain_controller, domain, user, password,
+                                 lmhash, nthash)
+    return requester.get_netcomputer(queried_computername=queried_computername,
+                                        queried_spn=queried_spn, queried_os=queried_os, queried_sp=queried_sp,
+                                        queried_domain=queried_domain, ads_path=ads_path, printers=printers,
+                                        unconstrained=unconstrained, ping=ping, full_data=full_data,
+                                        custom_filter=custom_filter, attributes=attributes)
+
+def get_netdomaincontroller(domain_controller, domain, user, password=str(),
+                                 lmhash=str(), nthash=str(), queried_domain=str()):
+    requester = NetRequester(domain_controller, domain, user, password,
+                                 lmhash, nthash)
+    return requester.get_netdomaincontroller(queried_domain=queried_domain)
+
+def get_netfileserver(domain_controller, domain, user, password=str(),
+                                 lmhash=str(), nthash=str(), queried_domain=str(), target_users=list()):
+    requester = NetRequester(domain_controller, domain, user, password,
+                                 lmhash, nthash)
+    return requester.get_netfileserver(queried_domain=queried_domain,
+                                            target_users=target_users)
+
+def get_dfsshare(domain_controller, domain, user, password=str(),
+                 lmhash=str(), nthash=str(), version=['v1', 'v2'], queried_domain=str(),
+                 ads_path=str()):
+    requester = NetRequester(domain_controller, domain, user, password,
+                                 lmhash, nthash)
+    return requester.get_dfsshare(version=version, queried_domain=queried_domain, ads_path=ads_path)
+
+def get_netou(domain_controller, domain, user, password=str(), lmhash=str(),
+              nthash=str(), queried_domain=str(), queried_ouname='*', queried_guid=str(),
+              ads_path=str(), full_data=False):
+    requester = NetRequester(domain_controller, domain, user, password,
+                                 lmhash, nthash)
+    return requester.get_netou(queried_domain=queried_domain,
+                                   queried_ouname=queried_ouname, queried_guid=queried_guid, ads_path=ads_path,
+                                   full_data=full_data)
+
+def get_netsite(domain_controller, domain, user, password=str(), lmhash=str(),
+                nthash=str(), queried_domain=str(), queried_sitename=str(),
+                queried_guid=str(), ads_path=str(), ads_prefix='CN=Sites,CN=Configuration',
+                full_data=False):
+    requester = NetRequester(domain_controller, domain, user, password,
+                                 lmhash, nthash)
+    return requester.get_netsite(queried_domain=queried_domain,
+                                    queried_sitename=queried_sitename, queried_guid=queried_guid,
+                                    ads_path=ads_path, ads_prefix=ads_prefix, full_data=full_data)
+
+def get_netsubnet(domain_controller, domain, user, password=str(),
+                  lmhash=str(), nthash=str(), queried_domain=str(), queried_sitename=str(),
+                  ads_path=str(), ads_prefix='CN=Sites,CN=Configuration', full_data=False):
+    requester = NetRequester(domain_controller, domain, user, password,
+                                 lmhash, nthash)
+    return requester.get_netsubnet(queried_domain=queried_domain,
+                                       queried_sitename=queried_sitename, ads_path=ads_path, ads_prefix=ads_prefix,
+                                       full_data=full_data)
+
+def get_netdomaintrust(domain_controller, domain, user, password=str(),
+                  lmhash=str(), nthash=str(), queried_domain=str()):
+    requester = NetRequester(domain_controller, domain, user, password,
+                                 lmhash, nthash)
+    return requester.get_netdomaintrust(queried_domain=queried_domain)
+
+def get_netgroupmember(domain_controller, domain, user, password=str(),
+                       lmhash=str(), nthash=str(), queried_groupname=str(), queried_sid=str(),
+                       queried_domain=str(), ads_path=str(), recurse=False, use_matching_rule=False,
+                       full_data=False, custom_filter=str()):
+    requester = NetRequester(domain_controller, domain, user, password,
+                                 lmhash, nthash)
+    return requester.get_netgroupmember(queried_groupname=queried_groupname,
+                                            queried_sid=queried_sid, queried_domain=queried_domain,
+                                            ads_path=ads_path, recurse=recurse,
+                                            use_matching_rule=use_matching_rule,
+                                            full_data=full_data, custom_filter=custom_filter)
+
+def get_netsession(target_computername, domain, user, password=str(),
+                   lmhash=str(), nthash=str()):
+    requester = NetRequester(target_computername, domain, user, password,
+                                 lmhash, nthash)
+    return requester.get_netsession()
+
+def get_netshare(target_computername, domain, user, password=str(),
+                                 lmhash=str(), nthash=str()):
+    requester = NetRequester(target_computername, domain, user, password,
+                                 lmhash, nthash)
+    return requester.get_netshare()
+
+def get_localdisks(target_computername, domain, user, password=str(),
+                                 lmhash=str(), nthash=str()):
+    requester = NetRequester(target_computername, domain, user, password,
+                                 lmhash, nthash)
+    return requester.get_localdisks()
+
+def get_netdomain(domain_controller, domain, user, password=str(),
+                                 lmhash=str(), nthash=str()):
+    requester = NetRequester(domain_controller, domain, user, password,
+                                 lmhash, nthash)
+    return requester.get_netdomain()
+
+def get_netloggedon(target_computername, domain, user, password=str(),
+                                 lmhash=str(), nthash=str()):
+    requester = NetRequester(target_computername, domain, user, password,
+                                 lmhash, nthash)
+    return requester.get_netloggedon()
+
+def get_netlocalgroup(target_computername, domain_controller, domain, user,
+                      password=str(), lmhash=str(), nthash=str(), queried_groupname=str(),
+                      list_groups=False, recurse=False):
+    requester = NetRequester(target_computername, domain, user, password,
+                                 lmhash, nthash, domain_controller)
+    return requester.get_netlocalgroup(queried_groupname=queried_groupname,
+                                           list_groups=list_groups, recurse=recurse)
+
+def get_netprocess(target_computername, domain, user, password=str(),
+                   lmhash=str(), nthash=str()):
+    requester = NetRequester(target_computername, domain, user, password,
+                                 lmhash, nthash)
+    return requester.get_netprocess()
+
+def get_userevent(target_computername, domain, user, password=str(),
+                   lmhash=str(), nthash=str(), event_type=['logon', 'tgt'],
+                   date_start=5):
+    requester = NetRequester(target_computername, domain, user, password,
+                                 lmhash, nthash)
+    return requester.get_userevent(event_type=event_type,
+                                       date_start=date_start)
+
+def get_netgpo(domain_controller, domain, user, password=str(),
+               lmhash=str(), nthash=str(), queried_gponame='*',
+               queried_displayname=str(), queried_domain=str(), ads_path=str()):
+    requester = GPORequester(domain_controller, domain, user, password,
+                                 lmhash, nthash)
+    return requester.get_netgpo(queried_gponame=queried_gponame,
+                                    queried_displayname=queried_displayname,
+                                    queried_domain=queried_domain, ads_path=ads_path)
+
+def get_domainpolicy(domain_controller, domain, user, password=str(),
+                     lmhash=str(), nthash=str(), source='domain', queried_domain=str(),
+                     resolve_sids=False):
+    requester = GPORequester(domain_controller, domain, user, password,
+                                 lmhash, nthash)
+
+    return requester.get_domainpolicy(source=source, queried_domain=queried_domain,
+                                          resolve_sids=resolve_sids)
+
+def get_gpttmpl(gpttmpl_path, domain_controller, domain, user, password=str(), lmhash=str(),
+                nthash=str()):
+    requester = GPORequester(domain_controller, domain, user, password,
+                                 lmhash, nthash)
+
+    return requester.get_gpttmpl(gpttmpl_path)
+
+def get_netgpogroup(domain_controller, domain, user, password=str(), lmhash=str(),
+                    nthash=str(), queried_gponame='*', queried_displayname=str(),
+                    queried_domain=str(), ads_path=str(), resolve_sids=False):
+    requester = GPORequester(domain_controller, domain, user, password,
+                                 lmhash, nthash)
+
+    return requester.get_netgpogroup(queried_gponame=queried_gponame,
+                                         queried_displayname=queried_displayname,
+                                         queried_domain=queried_domain,
+                                         ads_path=ads_path,
+                                         resolve_sids=resolve_sids)
+
+def find_gpocomputeradmin(domain_controller, domain, user, password=str(), lmhash=str(),
+                          nthash=str(), queried_computername=str(),
+                          queried_ouname=str(), queried_domain=str(),
+                          recurse=False):
+    requester = GPORequester(domain_controller, domain, user, password,
+                                 lmhash, nthash)
+
+    return requester.find_gpocomputeradmin(queried_computername=queried_computername,
+                                               queried_ouname=queried_ouname,
+                                               queried_domain=queried_domain,
+                                               recurse=recurse)
+
+def find_gpolocation(domain_controller, domain, user, password=str(), lmhash=str(),
+                     nthash=str(), queried_username=str(), queried_groupname=str(),
+                     queried_localgroup=str(), queried_domain=str()):
+    requester = GPORequester(domain_controller, domain, user, password,
+                                 lmhash, nthash)
+    return requester.find_gpolocation(queried_username=queried_username,
+                                          queried_groupname=queried_groupname,
+                                          queried_localgroup=queried_localgroup,
+                                          queried_domain=queried_domain)
+
+def invoke_checklocaladminaccess(target_computername, domain, user, password=str(),
+                                 lmhash=str(), nthash=str()):
+    misc = Misc(target_computername, domain, user, password, lmhash, nthash)
+
+    return misc.invoke_checklocaladminaccess()
+
+def invoke_userhunter(domain_controller, domain, user, password=str(),
+                      lmhash=str(), nthash=str(), queried_computername=list(),
+                      queried_computerfile=None, queried_computerfilter=str(),
+                      queried_computeradspath=str(), unconstrained=False,
+                      queried_groupname=str(), target_server=str(),
+                      queried_username=str(), queried_useradspath=str(),
+                      queried_userfilter=str(), queried_userfile=None,
+                      threads=1, admin_count=False, allow_delegation=False,
+                      stop_on_success=False, check_access=False, queried_domain=str(),
+                      stealth=False, stealth_source=['dfs', 'dc', 'file'],
+                      show_all=False, foreign_users=False):
+    user_hunter = UserHunter(domain_controller, domain, user, password,
+                             lmhash, nthash)
+    
+    return user_hunter.invoke_userhunter(queried_computername=queried_computername,
+                                         queried_computerfile=queried_computerfile,
+                                         queried_computerfilter=queried_computerfilter,
+                                         queried_computeradspath=queried_computeradspath,
+                                         unconstrained=unconstrained, queried_groupname=queried_groupname,
+                                         target_server=target_server, queried_username=queried_username,
+                                         queried_userfilter=queried_userfilter,
+                                         queried_useradspath=queried_useradspath, queried_userfile=queried_userfile,
+                                         threads=threads, admin_count=admin_count,
+                                         allow_delegation=allow_delegation, stop_on_success=stop_on_success,
+                                         check_access=check_access, queried_domain=queried_domain, stealth=stealth,
+                                         stealth_source=stealth_source, show_all=show_all,
+                                         foreign_users=foreign_users)
+
+def invoke_processhunter(domain_controller, domain, user, password=str(),
+                         lmhash=str(), nthash=str(), queried_computername=list(),
+                         queried_computerfile=None, queried_computerfilter=str(),
+                         queried_computeradspath=str(), queried_processname=list(),
+                         queried_groupname=str(), target_server=str(),
+                         queried_username=str(), queried_useradspath=str(),
+                         queried_userfilter=str(), queried_userfile=None, threads=1,
+                         stop_on_success=False, queried_domain=str(), show_all=False):
+    process_hunter = ProcessHunter(domain_controller, domain, user, password,
+                                   lmhash, nthash)
+
+    return process_hunter.invoke_processhunter(queried_computername=queried_computername,
+                                               queried_computerfile=queried_computerfile,
+                                               queried_computerfilter=queried_computerfilter,
+                                               queried_computeradspath=queried_computeradspath,
+                                               queried_processname=queried_processname,
+                                               queried_groupname=queried_groupname,
+                                               target_server=target_server, queried_username=queried_username,
+                                               queried_userfilter=queried_userfilter,
+                                               queried_useradspath=queried_useradspath, queried_userfile=queried_userfile,
+                                               threads=threads, stop_on_success=stop_on_success,
+                                               queried_domain=queried_domain, show_all=show_all)
+
+def invoke_eventhunter(domain_controller, domain, user, password=str(),
+                       lmhash=str(), nthash=str(), queried_computername=list(),
+                       queried_computerfile=None, queried_computerfilter=str(),
+                       queried_computeradspath=str(), queried_groupname=str(),
+                       target_server=str(), queried_username=str(),
+                       queried_useradspath=str(), queried_userfilter=str(),
+                       queried_userfile=None, threads=1, queried_domain=str(),
+                       search_days=3):
+    event_hunter = EventHunter(domain_controller, domain, user, password,
+                                   lmhash, nthash)
+
+    return event_hunter.invoke_eventhunter(queried_computername=queried_computername,
+                                           queried_computerfile=queried_computerfile,
+                                           queried_computerfilter=queried_computerfilter,
+                                           queried_computeradspath=queried_computeradspath,
+                                           queried_groupname=queried_groupname,
+                                           target_server=target_server,
+                                           queried_userfilter=queried_userfilter,
+                                           queried_username=queried_username,
+                                           queried_useradspath=queried_useradspath,
+                                           queried_userfile=queried_userfile,
+                                           search_days=search_days,
+                                           threads=threads, queried_domain=queried_domain)
+
diff --git a/pywerview/cli/main.py b/pywerview/cli/main.py
new file mode 100644
index 0000000..0abe72a
--- /dev/null
+++ b/pywerview/cli/main.py
@@ -0,0 +1,476 @@
+#!/usr/bin/env python3
+#
+# This file is part of PywerView.
+
+# PywerView is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# PywerView is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with PywerView.  If not, see <http://www.gnu.org/licenses/>.
+
+# Yannick Méheut [yannick (at) meheut (dot) org] - Copyright © 2021
+
+import argparse
+from pywerview.cli.helpers import *
+from pywerview.functions.hunting import *
+
+def main():
+    # Main parser
+    parser = argparse.ArgumentParser(description='Rewriting of some PowerView\'s functionalities in Python')
+    subparsers = parser.add_subparsers(title='Subcommands', description='Available subcommands', dest='submodule')
+    
+    # hack for python < 3.9 : https://stackoverflow.com/questions/23349349/argparse-with-required-subparser
+    subparsers.required = True
+
+    # TODO: support keberos authentication
+    # Credentials parser
+    credentials_parser = argparse.ArgumentParser(add_help=False)
+    credentials_parser.add_argument('-w', '--workgroup', dest='domain',
+            default=str(), help='Name of the domain we authenticate with')
+    credentials_parser.add_argument('-u', '--user', required=True,
+            help='Username used to connect to the Domain Controller')
+    credentials_parser.add_argument('-p', '--password',
+            help='Password associated to the username')
+    credentials_parser.add_argument('--hashes', action='store', metavar = 'LMHASH:NTHASH',
+            help='NTLM hashes, format is [LMHASH:]NTHASH')
+
+    # AD parser, used for net* functions running against a domain controller
+    ad_parser = argparse.ArgumentParser(add_help=False, parents=[credentials_parser])
+    ad_parser.add_argument('-t', '--dc-ip', dest='domain_controller',
+            required=True, help='IP address of the Domain Controller to target')
+
+    # Target parser, used for net* functions running against a normal computer
+    target_parser = argparse.ArgumentParser(add_help=False, parents=[credentials_parser])
+    target_parser.add_argument('--computername', dest='target_computername',
+            required=True, help='IP address of the computer target')
+
+    # Hunter parser, used for hunting functions
+    hunter_parser = argparse.ArgumentParser(add_help=False)
+    hunter_parser.add_argument('--computername', dest='queried_computername',
+            nargs='+', default=list(), help='Host to enumerate against')
+    hunter_parser.add_argument('--computerfile', dest='queried_computerfile',
+            type=argparse.FileType('r'), help='File of hostnames/IPs to search')
+    hunter_parser.add_argument('--computer-filter', dest='queried_computerfilter',
+            type=str, default=str(), help='Custom filter used to search computers against the DC')
+    hunter_parser.add_argument('--computer-adspath', dest='queried_computeradspath',
+            type=str, default=str(), help='ADS path used to search computers against the DC')
+    hunter_parser.add_argument('--groupname', dest='queried_groupname',
+            help='Group name to query for target users')
+    hunter_parser.add_argument('--targetserver', dest='target_server',
+            help='Hunt for users who are effective local admins on this target server')
+    hunter_parser.add_argument('--username', dest='queried_username',
+            help='Hunt for a specific user name')
+    hunter_parser.add_argument('--user-filter', dest='queried_userfilter',
+            type=str, default=str(), help='Custom filter used to search users against the DC')
+    hunter_parser.add_argument('--user-adspath', dest='queried_useradspath',
+            type=str, default=str(), help='ADS path used to search users against the DC')
+    hunter_parser.add_argument('--userfile', dest='queried_userfile',
+            type=argparse.FileType('r'), help='File of user names to target')
+    hunter_parser.add_argument('--threads', type=int,
+            default=1, help='Number of threads to use (default: %(default)s)')
+    hunter_parser.add_argument('-d', '--domain', dest='queried_domain',
+            help='Domain to query for machines')
+
+    # Parser for the get-adobject command
+    get_adobject_parser = subparsers.add_parser('get-adobject', help='Takes a domain SID, '\
+        'samAccountName or name, and return the associated object', parents=[ad_parser])
+    get_adobject_parser.add_argument('--sid', dest='queried_sid',
+            help='SID to query (wildcards accepted)')
+    get_adobject_parser.add_argument('--sam-account-name', dest='queried_sam_account_name',
+            help='samAccountName to query (wildcards accepted)')
+    get_adobject_parser.add_argument('--name', dest='queried_name',
+            help='Name to query (wildcards accepted)')
+    get_adobject_parser.add_argument('-d', '--domain', dest='queried_domain',
+            help='Domain to query')
+    get_adobject_parser.add_argument('-a', '--ads-path',
+            help='Additional ADS path')
+    get_adobject_parser.set_defaults(func=get_adobject)
+
+    # Parser for the get-netuser command
+    get_netuser_parser = subparsers.add_parser('get-netuser', help='Queries information about '\
+        'a domain user', parents=[ad_parser])
+    get_netuser_parser.add_argument('--username', dest='queried_username',
+            help='Username to query (wildcards accepted)')
+    get_netuser_parser.add_argument('-d', '--domain', dest='queried_domain',
+            help='Domain to query')
+    get_netuser_parser.add_argument('-a', '--ads-path',
+            help='Additional ADS path')
+    get_netuser_parser.add_argument('--unconstrained', action='store_true',
+            help='Query only users with unconstrained delegation')
+    get_netuser_parser.add_argument('--admin-count', action='store_true',
+            help='Query only users with adminCount=1')
+    get_netuser_parser.add_argument('--allow-delegation', action='store_true',
+            help='Return user accounts that are not marked as \'sensitive and not allowed for delegation\'')
+    get_netuser_parser.add_argument('--preauth-notreq', action='store_true',
+            help='Search for users with the PREAUTH_NOT_REQUIRED account control')
+    get_netuser_parser.add_argument('--spn', action='store_true',
+            help='Query only users with not-null Service Principal Names')
+    get_netuser_parser.add_argument('--custom-filter', dest='custom_filter',
+            default=str(), help='Custom filter')
+    get_netuser_parser.add_argument('--attributes', nargs='+', dest='attributes',
+            default=[], help='Object attributes to return')
+    get_netuser_parser.set_defaults(func=get_netuser)
+
+    # Parser for the get-netgroup command
+    get_netgroup_parser = subparsers.add_parser('get-netgroup', help='Get a list of all current '\
+        'domain groups, or a list of groups a domain user is member of', parents=[ad_parser])
+    get_netgroup_parser.add_argument('--groupname', dest='queried_groupname',
+            default='*', help='Group to query (wildcards accepted)')
+    get_netgroup_parser.add_argument('--sid', dest='queried_sid',
+            help='Group SID to query')
+    get_netgroup_parser.add_argument('--username', dest='queried_username',
+            help='Username to query: will list the groups this user is a member of (wildcards accepted)')
+    get_netgroup_parser.add_argument('-d', '--domain', dest='queried_domain',
+            help='Domain to query')
+    get_netgroup_parser.add_argument('-a', '--ads-path', dest='ads_path',
+            help='Additional ADS path')
+    get_netgroup_parser.add_argument('--full-data', action='store_true',
+            help='If set, returns full information on the groups, otherwise, just the samAccountName')
+    get_netgroup_parser.add_argument('--admin-count', action='store_true',
+            help='Query only users with adminCount=1')
+    get_netgroup_parser.set_defaults(func=get_netgroup)
+
+    # Parser for the get-netcomputer command
+    get_netcomputer_parser = subparsers.add_parser('get-netcomputer', help='Queries informations about '\
+        'domain computers', parents=[ad_parser])
+    get_netcomputer_parser.add_argument('--computername', dest='queried_computername',
+            default='*', help='Computer name to query')
+    get_netcomputer_parser.add_argument('-os', '--operating-system', dest='queried_os',
+            help='Return computers with a specific operating system (wildcards accepted)')
+    get_netcomputer_parser.add_argument('-sp', '--service-pack', dest='queried_sp',
+            help='Return computers with a specific service pack (wildcards accepted)')
+    get_netcomputer_parser.add_argument('-spn', '--service-principal-name', dest='queried_spn',
+            help='Return computers with a specific service principal name (wildcards accepted)')
+    get_netcomputer_parser.add_argument('-d', '--domain', dest='queried_domain',
+            help='Domain to query')
+    get_netcomputer_parser.add_argument('-a', '--ads-path', dest='ads_path',
+            help='Additional ADS path')
+    get_netcomputer_parser.add_argument('--printers', action='store_true',
+            help='Query only printers')
+    get_netcomputer_parser.add_argument('--unconstrained', action='store_true',
+            help='Query only computers with unconstrained delegation')
+    get_netcomputer_parser.add_argument('--ping', action='store_true',
+            help='Ping computers (will only return up computers)')
+    get_netcomputer_parser.add_argument('--full-data', action='store_true',
+            help='If set, returns full information on the groups, otherwise, just the dnsHostName')
+    get_netcomputer_parser.add_argument('--attributes', nargs='+', dest='attributes',
+            default=[], help='Object attributes to return')
+    get_netcomputer_parser.set_defaults(func=get_netcomputer)
+
+    # Parser for the get-netdomaincontroller command
+    get_netdomaincontroller_parser = subparsers.add_parser('get-netdomaincontroller', help='Get a list of '\
+        'domain controllers for the given domain', parents=[ad_parser])
+    get_netdomaincontroller_parser.add_argument('-d', '--domain', dest='queried_domain',
+            help='Domain to query')
+    get_netdomaincontroller_parser.set_defaults(func=get_netdomaincontroller)
+
+    # Parser for the get-netfileserver command
+    get_netfileserver_parser = subparsers.add_parser('get-netfileserver', help='Return a list of '\
+        'file servers, extracted from the domain users\' homeDirectory, scriptPath, and profilePath fields', parents=[ad_parser])
+    get_netfileserver_parser.add_argument('--target-users', nargs='+',
+            metavar='TARGET_USER', help='A list of users to target to find file servers (wildcards accepted)')
+    get_netfileserver_parser.add_argument('-d', '--domain', dest='queried_domain',
+            help='Domain to query')
+    get_netfileserver_parser.set_defaults(func=get_netfileserver)
+
+    # Parser for the get-dfsshare command
+    get_dfsshare_parser = subparsers.add_parser('get-dfsshare', help='Return a list of '\
+        'all fault tolerant distributed file systems for a given domain', parents=[ad_parser])
+    get_dfsshare_parser.add_argument('-d', '--domain', dest='queried_domain',
+            help='Domain to query')
+    get_dfsshare_parser.add_argument('-v', '--version', nargs='+', choices=['v1', 'v2'],
+            default=['v1', 'v2'], help='The version of DFS to query for servers: v1, v2 or all (default: all)')
+    get_dfsshare_parser.add_argument('-a', '--ads-path', dest='ads_path',
+            help='Additional ADS path')
+    get_dfsshare_parser.set_defaults(func=get_dfsshare)
+
+    # Parser for the get-netou command
+    get_netou_parser = subparsers.add_parser('get-netou', help='Get a list of all current '\
+        'OUs in the domain', parents=[ad_parser])
+    get_netou_parser.add_argument('--ouname', dest='queried_ouname',
+            default='*', help='OU name to query (wildcards accepted)')
+    get_netou_parser.add_argument('--guid', dest='queried_guid',
+            help='Only return OUs with the specified GUID in their gplink property.')
+    get_netou_parser.add_argument('-d', '--domain', dest='queried_domain',
+            help='Domain to query')
+    get_netou_parser.add_argument('-a', '--ads-path',
+            help='Additional ADS path')
+    get_netou_parser.add_argument('--full-data', action='store_true',
+            help='If set, returns full information on the OUs, otherwise, just the adspath')
+    get_netou_parser.set_defaults(func=get_netou)
+
+    # Parser for the get-netsite command
+    get_netsite_parser = subparsers.add_parser('get-netsite', help='Get a list of all current '\
+        'sites in the domain', parents=[ad_parser])
+    get_netsite_parser.add_argument('--sitename', dest='queried_sitename',
+            help='Site name to query (wildcards accepted)')
+    get_netsite_parser.add_argument('--guid', dest='queried_guid',
+            help='Only return sites with the specified GUID in their gplink property.')
+    get_netsite_parser.add_argument('-d', '--domain', dest='queried_domain',
+            help='Domain to query')
+    get_netsite_parser.add_argument('-a', '--ads-path',
+            help='Additional ADS path')
+    get_netsite_parser.add_argument('--full-data', action='store_true',
+            help='If set, returns full information on the sites, otherwise, just the name')
+    get_netsite_parser.set_defaults(func=get_netsite)
+
+    # Parser for the get-netsubnet command
+    get_netsubnet_parser = subparsers.add_parser('get-netsubnet', help='Get a list of all current '\
+        'subnets in the domain', parents=[ad_parser])
+    get_netsubnet_parser.add_argument('--sitename', dest='queried_sitename',
+            help='Only return subnets for the specified site name (wildcards accepted)')
+    get_netsubnet_parser.add_argument('-d', '--domain', dest='queried_domain',
+            help='Domain to query')
+    get_netsubnet_parser.add_argument('-a', '--ads-path',
+            help='Additional ADS path')
+    get_netsubnet_parser.add_argument('--full-data', action='store_true',
+            help='If set, returns full information on the subnets, otherwise, just the name')
+    get_netsubnet_parser.set_defaults(func=get_netsubnet)
+
+    # Parser for the get-netdomaintrust command
+    get_netdomaintrust_parser = subparsers.add_parser('get-netdomaintrust', help='Returns a list of all the '\
+        'trusts of the specified domain', parents=[ad_parser])
+    get_netdomaintrust_parser.add_argument('-d', '--domain', dest='queried_domain',
+            help='Domain to query')
+    get_netdomaintrust_parser.set_defaults(func=get_netdomaintrust)
+
+    # Parser for the get-netgpo command
+    get_netgpo_parser = subparsers.add_parser('get-netgpo', help='Get a list of all current '\
+        'GPOs in the domain', parents=[ad_parser])
+    get_netgpo_parser.add_argument('--gponame', dest='queried_gponame',
+            default='*', help='GPO name to query for (wildcards accepted)')
+    get_netgpo_parser.add_argument('--displayname', dest='queried_displayname',
+            help='Display name to query for (wildcards accepted)')
+    get_netgpo_parser.add_argument('-d', '--domain', dest='queried_domain',
+            help='Domain to query')
+    get_netgpo_parser.add_argument('-a', '--ads-path',
+            help='Additional ADS path')
+    get_netgpo_parser.set_defaults(func=get_netgpo)
+
+    # Parser for the get-domainpolicy command
+    get_domainpolicy_parser = subparsers.add_parser('get-domainpolicy', help='Returns the default domain or DC '\
+        'policy for the queried domain or DC', parents=[ad_parser])
+    get_domainpolicy_parser.add_argument('--source', dest='source', default='domain',
+            choices=['domain', 'dc'], help='Extract domain or DC policy (default: %(default)s)')
+    get_domainpolicy_parser.add_argument('-d', '--domain', dest='queried_domain',
+            help='Domain to query')
+    get_domainpolicy_parser.add_argument('--resolve-sids', dest='resolve_sids',
+            action='store_true', help='Resolve SIDs when querying a DC policy')
+    get_domainpolicy_parser.set_defaults(func=get_domainpolicy)
+
+    # Parser for the get-gpttmpl command
+    get_gpttmpl_parser = subparsers.add_parser('get-gpttmpl', help='Helper to parse a GptTmpl.inf policy '\
+            'file path into a custom object', parents=[ad_parser])
+    get_gpttmpl_parser.add_argument('--gpt-tmpl-path', type=str, required=True,
+            dest='gpttmpl_path', help='The GptTmpl.inf file path name to parse')
+    get_gpttmpl_parser.set_defaults(func=get_gpttmpl)
+
+    # Parser for the get-netgpogroup command
+    get_netgpogroup_parser = subparsers.add_parser('get-netgpogroup', help='Parses all GPOs in the domain '\
+        'that set "Restricted Group" or "Groups.xml"', parents=[ad_parser])
+    get_netgpogroup_parser.add_argument('--gponame', dest='queried_gponame',
+            default='*', help='GPO name to query for (wildcards accepted)')
+    get_netgpogroup_parser.add_argument('--displayname', dest='queried_displayname',
+            help='Display name to query for (wildcards accepted)')
+    get_netgpogroup_parser.add_argument('-d', '--domain', dest='queried_domain',
+            help='Domain to query')
+    get_netgpogroup_parser.add_argument('-a', '--ads-path',
+            help='Additional ADS path')
+    get_netgpogroup_parser.add_argument('--resolve-sids', dest='resolve_sids',
+            action='store_true', help='Resolve SIDs of the members and the target groups')
+    get_netgpogroup_parser.set_defaults(func=get_netgpogroup)
+
+    # Parser for the find-gpocomputeradmin command
+    find_gpocomputeradmin_parser = subparsers.add_parser('find-gpocomputeradmin', help='Takes a computer (or OU) and determine '\
+        'who has administrative access to it via GPO', parents=[ad_parser])
+    find_gpocomputeradmin_parser.add_argument('--computername', dest='queried_computername',
+            default=str(), help='The computer to determine who has administrative access to it')
+    find_gpocomputeradmin_parser.add_argument('--ouname', dest='queried_ouname',
+            default=str(), help='OU name to determine who has administrative access to computers within it')
+    find_gpocomputeradmin_parser.add_argument('-d', '--domain', dest='queried_domain',
+            help='Domain to query')
+    find_gpocomputeradmin_parser.add_argument('-r', '--recurse', dest='recurse',
+            action='store_true', help='If one of the returned members is a group, '\
+                    'recurse and get all members')
+    find_gpocomputeradmin_parser.set_defaults(func=find_gpocomputeradmin)
+
+    # Parser for the find-gpolocation command
+    find_gpolocation_parser = subparsers.add_parser('find-gpolocation', help='Takes a username or a group name and determine '\
+        'the computers it has administrative access to via GPO', parents=[ad_parser])
+    find_gpolocation_parser.add_argument('--username', dest='queried_username',
+            default=str(), help='The username to query for access (no wildcard)')
+    find_gpolocation_parser.add_argument('--groupname', dest='queried_groupname',
+            default=str(), help='The group name to query for access (no wildcard)')
+    find_gpolocation_parser.add_argument('-d', '--domain', dest='queried_domain',
+            help='Domain to query')
+    find_gpolocation_parser.add_argument('--local-group', dest='queried_localgroup',
+            default='S-1-5-32-544', help='The local group to check access against. It can be ' \
+                    '\'Administrators\', \'RDP\', or a \'S-1-5-X\' SID type')
+    find_gpolocation_parser.set_defaults(func=find_gpolocation)
+
+    # Parser for the get-netgroup command
+    get_netgroupmember_parser = subparsers.add_parser('get-netgroupmember', help='Return a list of members of a domain group', parents=[ad_parser])
+    get_netgroupmember_parser.add_argument('--groupname', dest='queried_groupname',
+            help='Group to query, defaults to the \'Domain Admins\' group (wildcards accepted)')
+    get_netgroupmember_parser.add_argument('--sid', dest='queried_sid',
+            help='SID to query')
+    get_netgroupmember_parser.add_argument('-d', '--domain', dest='queried_domain',
+            help='Domain to query')
+    get_netgroupmember_parser.add_argument('-a', '--ads-path', dest='ads_path',
+            help='Additional ADS path')
+    get_netgroupmember_parser.add_argument('-r', '--recurse', action='store_true',
+            help='If the group member is a group, try to resolve its members as well')
+    get_netgroupmember_parser.add_argument('--use-matching-rule', action='store_true',
+            help='Use LDAP_MATCHING_RULE_IN_CHAIN in the LDAP search query when -Recurse is specified.\n' \
+        'Much faster than manual recursion, but doesn\'t reveal cross-domain groups')
+    get_netgroupmember_parser.add_argument('--full-data', action='store_true',
+            help='If set, returns full information on the members')
+    get_netgroupmember_parser.set_defaults(func=get_netgroupmember)
+
+    # Parser for the get-netsession command
+    get_netsession_parser = subparsers.add_parser('get-netsession', help='Queries a host to return a '\
+        'list of active sessions on the host (you can use local credentials instead of domain credentials)', parents=[target_parser])
+    get_netsession_parser.set_defaults(func=get_netsession)
+
+    #Parser for the get-localdisks command
+    get_localdisks_parser = subparsers.add_parser('get-localdisks', help='Queries a host to return a '\
+        'list of active disks on the host (you can use local credentials instead of domain credentials)', parents=[target_parser])
+    get_localdisks_parser.set_defaults(func=get_localdisks)
+
+    #Parser for the get-netdomain command
+    get_netdomain_parser = subparsers.add_parser('get-netdomain', help='Queries a host for available domains',
+        parents=[ad_parser])
+    get_netdomain_parser.set_defaults(func=get_netdomain)
+
+    # Parser for the get-netshare command
+    get_netshare_parser = subparsers.add_parser('get-netshare', help='Queries a host to return a '\
+        'list of available shares on the host (you can use local credentials instead of domain credentials)', parents=[target_parser])
+    get_netshare_parser.set_defaults(func=get_netshare)
+
+    # Parser for the get-netloggedon command
+    get_netloggedon_parser = subparsers.add_parser('get-netloggedon', help='This function will '\
+        'execute the NetWkstaUserEnum RPC call to query a given host for actively logged on '\
+        'users', parents=[target_parser])
+    get_netloggedon_parser.set_defaults(func=get_netloggedon)
+
+    # Parser for the get-netlocalgroup command
+    get_netlocalgroup_parser = subparsers.add_parser('get-netlocalgroup', help='Gets a list of '\
+        'members of a local group on a machine, or returns every local group. You can use local '\
+        'credentials instead of domain credentials, however, domain credentials are needed to '\
+        'resolve domain SIDs.', parents=[target_parser])
+    get_netlocalgroup_parser.add_argument('--groupname', dest='queried_groupname',
+            help='Group to list the members of (defaults to the local \'Administrators\' group')
+    get_netlocalgroup_parser.add_argument('--list-groups', action='store_true',
+            help='If set, returns a list of the local groups on the targets')
+    get_netlocalgroup_parser.add_argument('-t', '--dc-ip', dest='domain_controller',
+            default=str(), help='IP address of the Domain Controller (used to resolve domain SIDs)')
+    get_netlocalgroup_parser.add_argument('-r', '--recurse', action='store_true',
+            help='If the group member is a domain group, try to resolve its members as well')
+    get_netlocalgroup_parser.set_defaults(func=get_netlocalgroup)
+
+    # Parser for the invoke-checklocaladminaccess command
+    invoke_checklocaladminaccess_parser = subparsers.add_parser('invoke-checklocaladminaccess', help='Checks '\
+            'if the given user has local admin access on the given host', parents=[target_parser])
+    invoke_checklocaladminaccess_parser.set_defaults(func=invoke_checklocaladminaccess)
+
+    # Parser for the get-netprocess command
+    get_netprocess_parser = subparsers.add_parser('get-netprocess', help='This function will '\
+        'execute the \'Select * from Win32_Process\' WMI query to a given host for a list of '\
+        'executed process', parents=[target_parser])
+    get_netprocess_parser.set_defaults(func=get_netprocess)
+
+    # Parser for the get-userevent command
+    get_userevent_parser = subparsers.add_parser('get-userevent', help='This function will '\
+        'execute the \'Select * from Win32_Process\' WMI query to a given host for a list of '\
+        'executed process', parents=[target_parser])
+    get_userevent_parser.add_argument('--event-type', nargs='+', choices=['logon', 'tgt'],
+            default=['logon', 'tgt'], help='The type of event to search for: logon, tgt, or all (default: all)')
+    get_userevent_parser.add_argument('--date-start', type=int,
+            default=5, help='(Filter out events before this date (in days) default: %(default)s)')
+    get_userevent_parser.set_defaults(func=get_userevent)
+
+    # Parser for the invoke-userhunter command
+    invoke_userhunter_parser = subparsers.add_parser('invoke-userhunter', help='Finds '\
+            'which machines domain users are logged into', parents=[ad_parser, hunter_parser])
+    invoke_userhunter_parser.add_argument('--unconstrained', action='store_true',
+            help='Query only computers with unconstrained delegation')
+    invoke_userhunter_parser.add_argument('--admin-count', action='store_true',
+            help='Query only users with adminCount=1')
+    invoke_userhunter_parser.add_argument('--allow-delegation', action='store_true',
+            help='Return user accounts that are not marked as \'sensitive and '\
+                    'not allowed for delegation\'')
+    invoke_userhunter_parser.add_argument('--check-access', action='store_true',
+            help='Check if the current user has local admin access to the target servers')
+    invoke_userhunter_parser.add_argument('--stealth', action='store_true',
+            help='Only enumerate sessions from commonly used target servers')
+    invoke_userhunter_parser.add_argument('--stealth-source', nargs='+', choices=['dfs', 'dc', 'file'],
+            default=['dfs', 'dc', 'file'], help='The source of target servers to use, '\
+                    '\'dfs\' (distributed file server), \'dc\' (domain controller), '\
+                    'or \'file\' (file server) (default: all)')
+    invoke_userhunter_parser.add_argument('--foreign-users', action='store_true',
+            help='Only return users that are not part of the searched domain')
+    invoke_userhunter_parser.add_argument('--stop-on-success', action='store_true',
+            help='Stop hunting after finding target')
+    invoke_userhunter_parser.add_argument('--show-all', action='store_true',
+            help='Return all results')
+    invoke_userhunter_parser.set_defaults(func=invoke_userhunter)
+
+    # Parser for the invoke-processhunter command
+    invoke_processhunter_parser = subparsers.add_parser('invoke-processhunter', help='Searches machines '\
+            'for processes with specific name, or ran by specific users', parents=[ad_parser, hunter_parser])
+    invoke_processhunter_parser.add_argument('--processname', dest='queried_processname',
+            nargs='+', default=list(), help='Names of the process to hunt')
+    invoke_processhunter_parser.add_argument('--stop-on-success', action='store_true',
+            help='Stop hunting after finding target')
+    invoke_processhunter_parser.add_argument('--show-all', action='store_true',
+            help='Return all results')
+    invoke_processhunter_parser.set_defaults(func=invoke_processhunter)
+
+    # Parser for the invoke-eventhunter command
+    invoke_eventhunter_parser = subparsers.add_parser('invoke-eventhunter', help='Searches machines '\
+            'for events with specific name, or ran by specific users', parents=[ad_parser, hunter_parser])
+    invoke_eventhunter_parser.add_argument('--search-days', dest='search_days',
+            type=int, default=3, help='Number of days back to search logs for (default: %(default)s)')
+    invoke_eventhunter_parser.set_defaults(func=invoke_eventhunter)
+
+    args = parser.parse_args()
+    if args.hashes:
+        try:
+            args.lmhash, args.nthash = args.hashes.split(':')
+        except ValueError:
+            args.lmhash, args.nthash = 'aad3b435b51404eeaad3b435b51404ee', args.hashes
+        finally:
+            args.password = str()
+    else:
+        args.lmhash = args.nthash = str()
+
+    if args.password is None and not args.hashes:
+        from getpass import getpass
+        args.password = getpass('Password:')
+
+    parsed_args = dict()
+    for k, v in vars(args).items():
+        if k not in ('func', 'hashes', 'submodule'):
+            parsed_args[k] = v
+
+    #try:
+    results = args.func(**parsed_args)
+    #except Exception, e:
+        #print >>sys.stderr, repr(e)
+        #sys.exit(-1)
+
+    if results is not None:
+        try:
+            for x in results:
+                    print(x)
+        # for example, invoke_checklocaladminaccess returns a bool 
+        except TypeError:
+            print(results)
+
diff --git a/pywerview/functions/__init__.py b/pywerview/functions/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/pywerview/functions/gpo.py b/pywerview/functions/gpo.py
new file mode 100644
index 0000000..c805332
--- /dev/null
+++ b/pywerview/functions/gpo.py
@@ -0,0 +1,471 @@
+# This file is part of PywerView.
+
+# PywerView is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# PywerView is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with PywerView.  If not, see <http://www.gnu.org/licenses/>.
+
+# Yannick Méheut [yannick (at) meheut (dot) org] - Copyright © 2021
+
+import codecs
+from bs4 import BeautifulSoup
+from io import BytesIO
+
+from impacket.smbconnection import SMBConnection, SessionError
+
+from pywerview.objects.adobjects import *
+from pywerview.requester import LDAPRequester
+from pywerview.functions.net import NetRequester
+
+class GPORequester(LDAPRequester):
+
+    @LDAPRequester._ldap_connection_init
+    def get_netgpo(self, queried_gponame='*', queried_displayname=str(),
+                   queried_domain=str(), ads_path=str()):
+
+        gpo_search_filter = '(objectCategory=groupPolicyContainer)'
+
+        if queried_displayname:
+            gpo_search_filter += '(displayname={})'.format(queried_displayname)
+        else:
+            gpo_search_filter += '(name={})'.format(queried_gponame)
+
+        gpo_search_filter = '(&{})'.format(gpo_search_filter)
+
+        return self._ldap_search(gpo_search_filter, GPO)
+
+    def get_gpttmpl(self, gpttmpl_path):
+        content_io = BytesIO()
+
+        gpttmpl_path_split = gpttmpl_path.split('\\')
+        target = self._domain_controller
+        share = gpttmpl_path_split[3]
+        file_name = '\\'.join(gpttmpl_path_split[4:])
+
+        smb_connection = SMBConnection(remoteName=target, remoteHost=target)
+        # TODO: kerberos login
+        smb_connection.login(self._user, self._password, self._domain,
+                             self._lmhash, self._nthash)
+
+        smb_connection.connectTree(share)
+        smb_connection.getFile(share, file_name, content_io.write)
+        try:
+            content = codecs.decode(content_io.getvalue(), 'utf-16le')[1:].replace('\r', '')
+        except UnicodeDecodeError:
+            content = str(content_io.getvalue()).replace('\r', '')
+
+        gpttmpl_final = GptTmpl(list())
+        for l in content.split('\n'):
+            if l.startswith('['):
+                section_name = l.strip('[]').replace(' ', '').lower()
+                setattr(gpttmpl_final, section_name, Policy(list()))
+            elif '=' in l:
+                property_name, property_values = [x.strip() for x in l.split('=')]
+                if ',' in property_values:
+                    property_values = property_values.split(',')
+                try:
+                    setattr(getattr(gpttmpl_final, section_name), property_name, property_values)
+                except UnicodeEncodeError:
+                    property_name = property_name.encode('utf-8')
+                    setattr(getattr(gpttmpl_final, section_name), property_name, property_values)
+
+        return gpttmpl_final
+
+    def get_domainpolicy(self, source='domain', queried_domain=str(),
+                         resolve_sids=False):
+        if source == 'domain':
+            queried_gponame = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
+        elif source == 'dc':
+            queried_gponame = '{6AC1786C-016F-11D2-945F-00C04FB984F9}'
+        gpo = self.get_netgpo(queried_domain=queried_domain, queried_gponame=queried_gponame)[0]
+
+        gpttmpl_path = '{}\\MACHINE\\Microsoft\\Windows NT\\SecEdit\\GptTmpl.inf'.format(gpo.gpcfilesyspath)
+        gpttmpl = self.get_gpttmpl(gpttmpl_path)
+
+        if source == 'domain':
+            return gpttmpl
+        elif source == 'dc':
+            if not resolve_sids:
+                return gpttmpl
+            else:
+                import inspect
+                try:
+                    privilege_rights_policy = gpttmpl.privilegerights
+                except AttributeError:
+                    return gpttmpl
+
+                members = inspect.getmembers(privilege_rights_policy, lambda x: not(inspect.isroutine(x)))
+                with NetRequester(self._domain_controller, self._domain, self._user,
+                                  self._password, self._lmhash, self._nthash) as net_requester:
+                    for member in members:
+                        if member[0].startswith('_'):
+                            continue
+                        if not isinstance(member[1], list):
+                            sids = [member[1]]
+                        else:
+                            sids = member[1]
+                        resolved_sids = list()
+                        for sid in sids:
+                            if not sid:
+                                continue
+                            try:
+                                resolved_sid = net_requester.get_adobject(queried_sid=sid, queried_domain=queried_domain)[0]
+                            except IndexError:
+                                resolved_sid = sid
+                            else:
+                                resolved_sid = resolved_sid.distinguishedname.split(',')[:2]
+                                resolved_sid = '{}\\{}'.format(resolved_sid[1], resolved_sid[0])
+                                resolved_sid = resolved_sid.replace('CN=', '')
+                                resolved_sids.append(resolved_sid)
+                        if len(resolved_sids) == 1:
+                            resolved_sids = resolved_sids[0]
+                        setattr(privilege_rights_policy, member[0], resolved_sids)
+
+                gpttmpl.privilegerights = privilege_rights_policy
+
+                return gpttmpl
+
+    def _get_groupsxml(self, groupsxml_path, gpo_display_name):
+        gpo_groups = list()
+
+        content_io = StringIO()
+
+        groupsxml_path_split = groupsxml_path.split('\\')
+        gpo_name = groupsxml_path_split[6]
+        target = self._domain_controller
+        share = groupsxml_path_split[3]
+        file_name = '\\'.join(groupsxml_path_split[4:])
+
+        smb_connection = SMBConnection(remoteName=target, remoteHost=target)
+        # TODO: kerberos login
+        smb_connection.login(self._user, self._password, self._domain,
+                             self._lmhash, self._nthash)
+
+        smb_connection.connectTree(share)
+        try:
+            smb_connection.getFile(share, file_name, content_io.write)
+        except SessionError:
+            return list()
+
+        content = content_io.getvalue().replace('\r', '')
+        groupsxml_soup = BeautifulSoup(content, 'xml')
+
+        for group in groupsxml_soup.find_all('Group'):
+            members = list()
+            memberof = list()
+            local_sid = group.Properties.get('groupSid', str())
+            if not local_sid:
+                if 'administrators' in group.Properties['groupName'].lower():
+                    local_sid = 'S-1-5-32-544'
+                elif 'remote desktop' in group.Properties['groupName'].lower():
+                    local_sid = 'S-1-5-32-555'
+                else:
+                    local_sid = group.Properties['groupName']
+            memberof.append(local_sid)
+
+            for member in group.Properties.find_all('Member'):
+                if not member['action'].lower() == 'add':
+                    continue
+                if member['sid']:
+                    members.append(member['sid'])
+                else:
+                    members.append(member['name'])
+
+            if members or memberof:
+                # TODO: implement filter support (seems like a pain in the ass,
+                # I'll do it if the feature is asked). PowerView also seems to
+                # have the barest support for filters, so ¯\_(ツ)_/¯
+
+                gpo_group = GPOGroup(list())
+                setattr(gpo_group, 'gpodisplayname', gpo_display_name)
+                setattr(gpo_group, 'gponame', gpo_name)
+                setattr(gpo_group, 'gpopath', groupsxml_path)
+                setattr(gpo_group, 'members', members)
+                setattr(gpo_group, 'memberof', memberof)
+
+                gpo_groups.append(gpo_group)
+
+        return gpo_groups
+
+    def _get_groupsgpttmpl(self, gpttmpl_path, gpo_display_name):
+        import inspect
+        gpo_groups = list()
+
+        gpt_tmpl = self.get_gpttmpl(gpttmpl_path)
+        gpo_name = gpttmpl_path.split('\\')[6]
+
+        try:
+            group_membership = gpt_tmpl.groupmembership
+        except AttributeError:
+            return list()
+
+        membership = inspect.getmembers(group_membership, lambda x: not(inspect.isroutine(x)))
+        for m in membership:
+            if not m[1]:
+                continue
+            members = list()
+            memberof = list()
+            if m[0].lower().endswith('__memberof'):
+                members.append(m[0].upper().lstrip('*').replace('__MEMBEROF', ''))
+                if not isinstance(m[1], list):
+                    memberof_list = [m[1]]
+                else:
+                    memberof_list = m[1]
+                memberof += [x.lstrip('*') for x in memberof_list]
+            elif m[0].lower().endswith('__members'):
+                memberof.append(m[0].upper().lstrip('*').replace('__MEMBERS', ''))
+                if not isinstance(m[1], list):
+                    members_list = [m[1]]
+                else:
+                    members_list = m[1]
+                members += [x.lstrip('*') for x in members_list]
+
+            if members and memberof:
+                gpo_group = GPOGroup(list())
+                setattr(gpo_group, 'gpodisplayname', gpo_display_name)
+                setattr(gpo_group, 'gponame', gpo_name)
+                setattr(gpo_group, 'gpopath', gpttmpl_path)
+                setattr(gpo_group, 'members', members)
+                setattr(gpo_group, 'memberof', memberof)
+
+                gpo_groups.append(gpo_group)
+
+        return gpo_groups
+
+    def get_netgpogroup(self, queried_gponame='*', queried_displayname=str(),
+                        queried_domain=str(), ads_path=str(), resolve_sids=False):
+        results = list()
+        gpos = self.get_netgpo(queried_gponame=queried_gponame,
+                               queried_displayname=queried_displayname,
+                               queried_domain=queried_domain,
+                               ads_path=ads_path)
+
+        for gpo in gpos:
+            gpo_display_name = gpo.displayname
+
+            groupsxml_path = '{}\\MACHINE\\Preferences\\Groups\\Groups.xml'.format(gpo.gpcfilesyspath)
+            gpttmpl_path = '{}\\MACHINE\\Microsoft\\Windows NT\\SecEdit\\GptTmpl.inf'.format(gpo.gpcfilesyspath)
+
+            results += self._get_groupsxml(groupsxml_path, gpo_display_name)
+            try:
+                results += self._get_groupsgpttmpl(gpttmpl_path, gpo_display_name)
+            except SessionError:
+                # If the GptTmpl file doesn't exist, we skip this
+                pass
+
+        if resolve_sids:
+            for gpo_group in results:
+                members = gpo_group.members
+                memberof = gpo_group.memberof
+
+                resolved_members = list()
+                resolved_memberof = list()
+                with NetRequester(self._domain_controller, self._domain, self._user,
+                                  self._password, self._lmhash, self._nthash) as net_requester:
+                    for member in members:
+                        try:
+                            resolved_member = net_requester.get_adobject(queried_sid=member, queried_domain=queried_domain)[0]
+                            resolved_member = resolved_member.distinguishedname.split(',')
+                            resolved_member_domain = '.'.join(resolved_member[1:])
+                            resolved_member = '{}\\{}'.format(resolved_member_domain, resolved_member[0])
+                            resolved_member = resolved_member.replace('CN=', '').replace('DC=', '')
+                        except IndexError:
+                            resolved_member = member
+                        finally:
+                            resolved_members.append(resolved_member)
+                    gpo_group.members = resolved_members
+
+                    for member in memberof:
+                        try:
+                            resolved_member = net_requester.get_adobject(queried_sid=member, queried_domain=queried_domain)[0]
+                            resolved_member = resolved_member.distinguishedname.split(',')[:2]
+                            resolved_member = '{}\\{}'.format(resolved_member[1], resolved_member[0])
+                            resolved_member = resolved_member.replace('CN=', '').replace('DC=', '')
+                        except IndexError:
+                            resolved_member = member
+                        finally:
+                            resolved_memberof.append(resolved_member)
+                    gpo_group.memberof = memberof = resolved_memberof
+
+        return results
+
+    def find_gpocomputeradmin(self, queried_computername=str(),
+                                 queried_ouname=str(), queried_domain=str(),
+                                 recurse=False):
+
+        results = list()
+        if (not queried_computername) and (not queried_ouname):
+            raise ValueError('You must specify either a computer name or an OU name')
+
+        net_requester = NetRequester(self._domain_controller, self._domain, self._user,
+                                     self._password, self._lmhash, self._nthash)
+        if queried_computername:
+            computers = net_requester.get_netcomputer(queried_computername=queried_computername,
+                                                      queried_domain=queried_domain,
+                                                      full_data=True)
+            if not computers:
+                raise ValueError('Computer {} not found'.format(queried_computername))
+
+            target_ous = list()
+            for computer in computers:
+                dn = computer.distinguishedname
+                for x in dn.split(','):
+                    if x.startswith('OU='):
+                        target_ous.append(dn[dn.find(x):])
+        else:
+            target_ous = [queried_ouname]
+
+        gpo_groups = list()
+        for target_ou in target_ous:
+            ous = net_requester.get_netou(ads_path=target_ou, queried_domain=queried_domain,
+                                          full_data=True)
+
+            for ou in ous:
+                for gplink in ou.gplink.strip('[]').split(']['):
+                    gplink = gplink.split(';')[0]
+                    gpo_groups = self.get_netgpogroup(queried_domain=queried_domain,
+                                                      ads_path=gplink)
+                    for gpo_group in gpo_groups:
+                        for member in gpo_group.members:
+                            obj = net_requester.get_adobject(queried_sid=member,
+                                                             queried_domain=queried_domain)[0]
+                            gpo_computer_admin = GPOComputerAdmin(list())
+                            setattr(gpo_computer_admin, 'computername', queried_computername)
+                            setattr(gpo_computer_admin, 'ou', target_ou)
+                            setattr(gpo_computer_admin, 'gpodisplayname', gpo_group.gpodisplayname)
+                            setattr(gpo_computer_admin, 'gpopath', gpo_group.gpopath)
+                            setattr(gpo_computer_admin, 'objectname', obj.name)
+                            setattr(gpo_computer_admin, 'objectdn', obj.distinguishedname)
+                            setattr(gpo_computer_admin, 'objectsid', member)
+                            setattr(gpo_computer_admin, 'isgroup', (obj.samaccounttype != '805306368'))
+
+                            results.append(gpo_computer_admin)
+
+                            if recurse and gpo_computer_admin.isgroup:
+                                groups_to_resolve = [gpo_computer_admin.objectsid]
+                                while groups_to_resolve:
+                                    group_to_resolve = groups_to_resolve.pop(0)
+                                    group_members = net_requester.get_netgroupmember(queried_sid=group_to_resolve,
+                                                                                     queried_domain=queried_domain,
+                                                                                     full_data=True)
+                                    for group_member in group_members:
+                                        gpo_computer_admin = GPOComputerAdmin(list())
+                                        setattr(gpo_computer_admin, 'computername', queried_computername)
+                                        setattr(gpo_computer_admin, 'ou', target_ou)
+                                        setattr(gpo_computer_admin, 'gpodisplayname', gpo_group.gpodisplayname)
+                                        setattr(gpo_computer_admin, 'gpopath', gpo_group.gpopath)
+                                        setattr(gpo_computer_admin, 'objectname', group_member.samaccountname)
+                                        setattr(gpo_computer_admin, 'objectdn', group_member.distinguishedname)
+                                        setattr(gpo_computer_admin, 'objectsid', member)
+                                        setattr(gpo_computer_admin, 'isgroup', (group_member.samaccounttype != '805306368'))
+
+                                        results.append(gpo_computer_admin)
+
+                                        if gpo_computer_admin.isgroup:
+                                            groups_to_resolve.append(group_member.objectsid)
+
+        return results
+
+    def find_gpolocation(self, queried_username=str(), queried_groupname=str(),
+                         queried_localgroup=str(), queried_domain=str()):
+        results = list()
+        net_requester = NetRequester(self._domain_controller, self._domain, self._user,
+                                     self._password, self._lmhash, self._nthash)
+        if queried_username:
+                try:
+                    user = net_requester.get_netuser(queried_username=queried_username,
+                                                     queried_domain=queried_domain)[0]
+                except IndexError:
+                    raise ValueError('Username \'{}\' was not found'.format(queried_username))
+                else:
+                    target_sid = [user.objectsid]
+                    object_sam_account_name = user.samaccountname
+                    object_distinguished_name = user.distinguishedname
+        elif queried_groupname:
+                try:
+                    group = net_requester.get_netgroup(queried_groupname=queried_groupname,
+                                                       queried_domain=queried_domain,
+                                                       full_data=True)[0]
+                except IndexError:
+                    raise ValueError('Group name \'{}\' was not found'.format(queried_groupname))
+                else:
+                    target_sid = [group.objectsid]
+                    object_sam_account_name = group.samaccountname
+                    object_distinguished_name = group.distinguishedname
+        else:
+            raise ValueError('You must specify either a username or a group name')
+
+        if 'admin' in queried_localgroup.lower():
+            local_sid = 'S-1-5-32-544'
+        elif 'rdp' in queried_localgroup.lower():
+            local_sid = 'S-1-5-32-555'
+        elif queried_localgroup.upper().startswith('S-1-5'):
+            local_sid = queried_localgroup
+        else:
+            raise ValueError('The queried local group must be in \'Administrators\', ' \
+                    '\'RDP\', or a \'S-1-5\' type SID')
+
+        object_groups = net_requester.get_netgroup(queried_username=object_sam_account_name,
+                                                   queried_domain=queried_domain)
+        for object_group in object_groups:
+            try:
+                object_group_sid = net_requester.get_adobject(queried_sam_account_name=object_group.samaccountname,
+                                                              queried_domain=queried_domain)[0].objectsid
+            except IndexError:
+                # We may have the name of the group, but not its sam account name
+                try:
+                    object_group_sid = net_requester.get_adobject(queried_name=object_group.samaccountname,
+                                                                  queried_domain=queried_domain)[0].objectsid
+                except IndexError:
+                    # Freak accident when someone is a member of a group, but
+                    # we can't find the group in the AD
+                    continue
+
+            target_sid.append(object_group_sid)
+
+        gpo_groups = list()
+        for gpo_group in self.get_netgpogroup(queried_domain=queried_domain):
+            try:
+                for member in gpo_group.members:
+                    if not member.upper().startswith('S-1-5'):
+                        try:
+                            member = net_requester.get_adobject(queried_sam_account_name=member,
+                                                                queried_domain=queried_domain)[0].objectsid
+                        except (IndexError, AttributeError):
+                            continue
+                    if (member.upper() in target_sid) or (member.lower() in target_sid):
+                        if (local_sid.upper() in gpo_group.memberof) or \
+                                (local_sid.lower() in gpo_group.memberof):
+                            gpo_groups.append(gpo_group)
+                            break
+            except AttributeError:
+                continue
+
+        for gpo_group in gpo_groups:
+            gpo_guid = gpo_group.gponame
+            ous = net_requester.get_netou(queried_domain=queried_domain,
+                                          queried_guid=gpo_guid, full_data=True)
+            for ou in ous:
+                # TODO: support filters for GPO
+                ou_computers = [x.dnshostname for x in \
+                        net_requester.get_netcomputer(queried_domain=queried_domain,
+                                                      ads_path=ou.distinguishedname)]
+                gpo_location = GPOLocation(list())
+                setattr(gpo_location, 'objectname', object_distinguished_name)
+                setattr(gpo_location, 'gponame', gpo_group.gpodisplayname)
+                setattr(gpo_location, 'gpoguid', gpo_guid)
+                setattr(gpo_location, 'containername', ou.distinguishedname)
+                setattr(gpo_location, 'computers', ou_computers)
+
+                results.append(gpo_location)
+
+        return results
+
diff --git a/pywerview/functions/hunting.py b/pywerview/functions/hunting.py
new file mode 100644
index 0000000..d1393c4
--- /dev/null
+++ b/pywerview/functions/hunting.py
@@ -0,0 +1,267 @@
+# This file is part of PywerView.
+
+# PywerView is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# PywerView is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with PywerView.  If not, see <http://www.gnu.org/licenses/>.
+
+# Yannick Méheut [yannick (at) meheut (dot) org] - Copyright © 2021
+
+import random
+import multiprocessing
+import select
+
+import pywerview.objects.rpcobjects as rpcobj
+from pywerview.functions.net import NetRequester
+from pywerview.functions.misc import Misc
+from pywerview.worker.hunting import UserHunterWorker, ProcessHunterWorker, EventHunterWorker
+
+class Hunter(NetRequester):
+    def __init__(self, target_computer, domain=str(), user=(), password=str(),
+                 lmhash=str(), nthash=str(), domain_controller=str(), queried_domain=str()):
+        NetRequester.__init__(self, target_computer, domain, user, password,
+                              lmhash, nthash, domain_controller)
+        self._target_domains = list()
+        self._target_computers = list()
+        self._target_users = list()
+        self._parent_pipes = list()
+        self._workers = list()
+
+    def _build_target_domains(self, queried_domain=str()):
+        # TODO: implement forest search
+        if not queried_domain:
+            queried_domain = self._domain
+        self._queried_domain = queried_domain
+        self._target_domains = [self._queried_domain]
+
+    def _build_target_computers(self, queried_computername=list(), queried_computerfile=None,
+                                queried_computerfilter=str(), queried_computeradspath=str(),
+                                unconstrained=False, stealth=False,
+                                stealth_source=['dfs', 'dc', 'file']):
+        if queried_computername:
+            self._target_computers = queried_computername
+
+        if not self._target_computers:
+            if queried_computerfile:
+                with queried_computerfile as _:
+                    self._target_computers = [x.rstrip('\n') for x in queried_computerfile.readlines()]
+
+            elif stealth:
+                for target_domain in self._target_domains:
+                    for source in stealth_source:
+                        if source == 'dfs':
+                            self._target_computers += [x.remoteservername \
+                                    for x in self.get_dfsshare(queried_domain=target_domain)]
+                        elif source == 'dc':
+                            self._target_computers += [x.dnshostname \
+                                    for x in self.get_netdomaincontroller(queried_domain=target_domain)]
+                        elif source == 'file':
+                            self._target_computers += [x.dnshostname \
+                                    for x in self.get_netfileserver(queried_domain=target_domain)]
+            else:
+                for target_domain in self._target_domains:
+                    self._target_computers = [x.dnshostname for x in self.get_netcomputer(
+                        queried_domain=target_domain, unconstrained=unconstrained,
+                        ads_path=queried_computeradspath, custom_filter=queried_computerfilter)]
+
+        # TODO: automatically convert server names to IP address (DNS, LLMNR, NBT-NS, etc.)
+        self._target_computers = list(set(self._target_computers))
+        random.shuffle(self._target_computers)
+
+        if not self._target_computer:
+            raise ValueError('No computers to search against')
+
+    def _build_target_users(self, queried_groupname=str(), target_server=str(),
+                            queried_username=str(), queried_userfilter=str(),
+                            queried_useradspath=str(), queried_userfile=None,
+                            admin_count=False, allow_delegation=False,
+                            show_all=False, foreign_users=False):
+        if show_all or foreign_users:
+            attributes = {'memberdomain': str(), 'membername': str()}
+            self._target_users.append(rpcobj.TargetUser(attributes))
+        elif target_server:
+            with NetRequester(target_server, domain, user, password, lmhash,
+                              nthash, domain_controller) as target_server_requester:
+                for x in target_server_requester.get_netlocalgroup(recurse=True):
+                    if x.isdomain and not x.isgroup:
+                        attributes = {'memberdomain': x.name.split('/')[0].lower(),
+                                      'membername': x.name.split('/')[1].lower()}
+
+                        self._target_users.append(rpcobj.TargetUser(attributes))
+        elif queried_userfile:
+            with queried_userfile as _:
+                for x in queried_userfile.readlines():
+                    attributes = dict()
+                    attributes['membername'] = x.rstrip('\n')
+                    attributes['memberdomain'] = self._target_domains[0]
+
+                    self._target_users.append(rpcobj.TargetUser(attributes))
+        elif queried_username:
+            attributes = dict()
+            attributes['membername'] = queried_username.lower()
+            attributes['memberdomain'] = self._target_domains[0]
+
+            self._target_users.append(rpcobj.TargetUser(attributes))
+        elif queried_useradspath or queried_userfilter or admin_count or allow_delegation:
+            for target_domain in self._target_domains:
+                for x in self.get_netuser(ads_path=queried_useradspath,
+                                          custom_filter=queried_userfilter,
+                                          admin_count=admin_count,
+                                          allow_delegation=allow_delegation,
+                                          queried_domain=target_domain):
+                            attributes = dict()
+                            attributes['memberdomain'] = target_domain
+                            attributes['membername'] = x.samaccountname
+
+                            self._target_users.append(rpcobj.TargetUser(attributes))
+        else:
+            for target_domain in self._target_domains:
+                self._target_users += self.get_netgroupmember(queried_domain=target_domain,
+                                                              queried_groupname=queried_groupname,
+                                                              recurse=True)
+
+        self._target_users = list(set(self._target_users))
+
+        if (not show_all) and (not foreign_users) and (not self._target_users):
+            raise ValueError('No users to search for')
+
+    def _build_workers(self, threads, worker_class, worker_args):
+        for i in range(threads):
+            parent_pipe, worker_pipe = multiprocessing.Pipe()
+            self._parent_pipes.append(parent_pipe)
+            worker = worker_class(worker_pipe, self._domain, self._user,
+                                            self._password, self._lmhash, self._nthash,
+                                            *worker_args)
+
+            worker.start()
+            self._workers.append(worker)
+
+    def _process_workers(self):
+        jobs_done, total_jobs = 0, len(self._target_computers)
+        try:
+            while jobs_done < total_jobs:
+                if self._target_computers:
+                    write_watch_list = self._parent_pipes
+                else:
+                    write_watch_list = list()
+                rlist, wlist, _ = select.select(self._parent_pipes, write_watch_list, list())
+
+                for readable in rlist:
+                    jobs_done += 1 
+                    results = readable.recv()
+                    for result in results:
+                        yield result
+                for writable in wlist:
+                    try:
+                        target_computer = self._target_computers.pop(0)
+                        writable.send(target_computer)
+                    except IndexError:
+                        pass
+        except KeyboardInterrupt:
+            pass
+        finally:
+            for worker in self._workers:
+                worker.terminate()
+
+class UserHunter(Hunter):
+    def invoke_userhunter(self, queried_computername=list(), queried_computerfile=None,
+            queried_computerfilter=str(), queried_computeradspath=str(),
+            unconstrained=False, queried_groupname=str(), target_server=str(),
+            queried_username=str(), queried_userfilter=str(), queried_useradspath=str(),
+            queried_userfile=None, threads=1, admin_count=False, allow_delegation=False,
+            stop_on_success=False, check_access=False, queried_domain=str(), stealth=False,
+            stealth_source=['dfs', 'dc', 'file'], show_all=False, foreign_users=False):
+
+        self._build_target_domains(queried_domain)
+
+        self._build_target_computers(queried_computername=queried_computername,
+                                     queried_computerfile=queried_computerfile,
+                                     queried_computerfilter=queried_computerfilter,
+                                     queried_computeradspath=queried_computeradspath,
+                                     unconstrained=unconstrained, stealth=stealth,
+                                     stealth_source=stealth_source)
+
+        self._build_target_users(queried_groupname=queried_groupname,
+                                 target_server=target_server,
+                                 queried_username=queried_username,
+                                 queried_userfilter=queried_userfilter,
+                                 queried_useradspath=queried_useradspath,
+                                 queried_userfile=queried_userfile,
+                                 admin_count=admin_count, allow_delegation=allow_delegation,
+                                 show_all=show_all, foreign_users=foreign_users)
+
+        if foreign_users:
+            with Misc(self._domain_controller, self._domain, self._user,
+                      self._password, self._lmhash, self._nthash) as misc_requester:
+                domain_sid = misc_requester.get_domainsid(queried_domain)
+                domain_short_name = misc_requester.convert_sidtont4(domain_sid).split('\\')[0]
+        else:
+            domain_short_name = None
+
+        self._build_workers(threads, UserHunterWorker, (foreign_users, stealth,
+                                                        self._target_users,
+                                                        domain_short_name, check_access))
+        return self._process_workers()
+
+class ProcessHunter(Hunter):
+    def invoke_processhunter(self, queried_computername=list(), queried_computerfile=None,
+            queried_computerfilter=str(), queried_computeradspath=str(),
+            queried_processname=list(), queried_groupname=str(), target_server=str(),
+            queried_username=str(), queried_userfilter=str(), queried_useradspath=str(),
+            queried_userfile=None, threads=1, stop_on_success=False, queried_domain=str(),
+            show_all=False):
+
+        self._build_target_domains(queried_domain)
+
+        self._build_target_computers(queried_computername=queried_computername,
+                                     queried_computerfile=queried_computerfile,
+                                     queried_computerfilter=queried_computerfilter,
+                                     queried_computeradspath=queried_computeradspath)
+
+        self._build_target_users(queried_groupname=queried_groupname,
+                                 target_server=target_server,
+                                 queried_username=queried_username,
+                                 queried_userfilter=queried_userfilter,
+                                 queried_useradspath=queried_useradspath,
+                                 queried_userfile=queried_userfile,
+                                 show_all=show_all)
+
+        self._build_workers(threads, ProcessHunterWorker, (queried_processname,
+                                                           self._target_users))
+
+        return self._process_workers()
+
+class EventHunter(Hunter):
+    def invoke_eventhunter(self, queried_computername=list(), queried_computerfile=None,
+                           queried_computerfilter=str(), queried_computeradspath=str(),
+                           queried_groupname=str(), target_server=str(), queried_username=str(),
+                           queried_useradspath=str(), queried_userfilter=str(),
+                           queried_userfile=None, threads=1, queried_domain=str(),
+                           search_days=3):
+
+        self._build_target_domains(queried_domain)
+
+        self._build_target_computers(queried_computername=queried_computername,
+                                     queried_computerfile=queried_computerfile,
+                                     queried_computerfilter=queried_computerfilter,
+                                     queried_computeradspath=queried_computeradspath)
+
+        self._build_target_users(queried_groupname=queried_groupname,
+                                 target_server=target_server,
+                                 queried_username=queried_username,
+                                 queried_userfilter=queried_userfilter,
+                                 queried_useradspath=queried_useradspath,
+                                 queried_userfile=queried_userfile)
+
+        self._build_workers(threads, EventHunterWorker, (search_days,
+                                                         self._target_users))
+
+        return self._process_workers()
diff --git a/pywerview/functions/misc.py b/pywerview/functions/misc.py
new file mode 100644
index 0000000..8b772ec
--- /dev/null
+++ b/pywerview/functions/misc.py
@@ -0,0 +1,77 @@
+# This file is part of PywerView.
+
+# PywerView is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# PywerView is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with PywerView.  If not, see <http://www.gnu.org/licenses/>.
+
+# Yannick Méheut [yannick (at) meheut (dot) org] - Copyright © 2021
+
+from impacket.dcerpc.v5.rpcrt import DCERPCException
+from impacket.dcerpc.v5 import scmr, drsuapi
+
+from pywerview.requester import LDAPRPCRequester
+import pywerview.functions.net
+
+class Misc(LDAPRPCRequester):
+    @LDAPRPCRequester._rpc_connection_init(r'\drsuapi')
+    def convert_sidtont4(self, sid):
+
+        # We get a DRS handle, shamelessly stolen from secretsdump.py
+        request = drsuapi.DRSBind()
+        request['puuidClientDsa'] = drsuapi.NTDSAPI_CLIENT_GUID
+        drs = drsuapi.DRS_EXTENSIONS_INT()
+        drs['cb'] = len(drs) #- 4
+        drs['dwFlags'] = drsuapi.DRS_EXT_GETCHGREQ_V6 | drsuapi.DRS_EXT_GETCHGREPLY_V6 | drsuapi.DRS_EXT_GETCHGREQ_V8 | \
+                         drsuapi.DRS_EXT_STRONG_ENCRYPTION
+        drs['SiteObjGuid'] = drsuapi.NULLGUID
+        drs['Pid'] = 0
+        drs['dwReplEpoch'] = 0
+        drs['dwFlagsExt'] = 0
+        drs['ConfigObjGUID'] = drsuapi.NULLGUID
+        drs['dwExtCaps'] = 0xffffffff
+        request['pextClient']['cb'] = len(drs)
+        request['pextClient']['rgb'] = list(str(drs))
+
+        hdrs = self._rpc_connection.request(request)['phDrs']
+
+        resp = drsuapi.hDRSCrackNames(self._rpc_connection, hdrs, 0x0, 11, 2, (sid,))
+
+        return resp['pmsgOut']['V1']['pResult']['rItems'][0]['pName']
+
+    def get_domainsid(self, queried_domain=str()):
+
+        with pywerview.functions.net.NetRequester(self._domain_controller, self._domain, self._user,
+                                                  self._password, self._lmhash, self._nthash) as r:
+            domain_controllers = r.get_netdomaincontroller(queried_domain=queried_domain)
+
+        if domain_controllers:
+            primary_dc = domain_controllers[0]
+            domain_sid = '-'.join(primary_dc.objectsid.split('-')[:-1])
+        else:
+            domain_sid = None
+
+        return domain_sid
+
+    @LDAPRPCRequester._rpc_connection_init(r'\svcctl')
+    def invoke_checklocaladminaccess(self):
+
+        try:
+            # 0xF003F - SC_MANAGER_ALL_ACCESS
+            # http://msdn.microsoft.com/en-us/library/windows/desktop/ms685981(v=vs.85).aspx
+            ans = scmr.hROpenSCManagerW(self._rpc_connection,
+                                        '{}\x00'.format(self._target_computer),
+                                        'ServicesActive\x00', 0xF003F)
+        except DCERPCException:
+            return False
+
+        return True
+
diff --git a/pywerview/functions/net.py b/pywerview/functions/net.py
new file mode 100644
index 0000000..8c996fc
--- /dev/null
+++ b/pywerview/functions/net.py
@@ -0,0 +1,743 @@
+# This file is part of PywerView.
+
+# PywerView is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# PywerView is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with PywerView.  If not, see <http://www.gnu.org/licenses/>.
+
+# Yannick Méheut [yannick (at) meheut (dot) org] - Copyright © 2021
+
+import socket
+import datetime
+from impacket.dcerpc.v5.ndr import NULL
+from impacket.dcerpc.v5 import wkst, srvs, samr
+from impacket.dcerpc.v5.samr import DCERPCSessionError
+from impacket.dcerpc.v5.rpcrt import DCERPCException
+from impacket.dcerpc.v5.dcom.wmi import WBEM_FLAG_FORWARD_ONLY
+from bs4 import BeautifulSoup
+from ldap3.utils.conv import escape_filter_chars
+
+from pywerview.requester import LDAPRPCRequester
+import pywerview.objects.adobjects as adobj
+import pywerview.objects.rpcobjects as rpcobj
+import pywerview.functions.misc
+
+class NetRequester(LDAPRPCRequester):
+    @LDAPRPCRequester._ldap_connection_init
+    def get_adobject(self, queried_domain=str(), queried_sid=str(),
+                     queried_name=str(), queried_sam_account_name=str(),
+                     ads_path=str(), custom_filter=str()):
+
+        for attr_desc, attr_value in (('objectSid', queried_sid), ('name', queried_name),
+                                      ('samAccountName', queried_sam_account_name)):
+            if attr_value:
+                object_filter = '(&({}={}){})'.format(attr_desc, attr_value, custom_filter)
+                break
+
+        return self._ldap_search(object_filter, adobj.ADObject)
+
+    @LDAPRPCRequester._ldap_connection_init
+    def get_netuser(self, queried_username=str(), queried_domain=str(),
+                    ads_path=str(), admin_count=False, spn=False,
+                    unconstrained=False, allow_delegation=False,
+                    preauth_notreq=False,
+                    custom_filter=str(), attributes=[]):
+
+        if unconstrained:
+            custom_filter += '(userAccountControl:1.2.840.113556.1.4.803:=524288)'
+
+        if allow_delegation:
+            custom_filter += '(!(userAccountControl:1.2.840.113556.1.4.803:=1048574))'
+
+        if admin_count:
+            custom_filter += '(admincount=1)'
+        # LDAP filter from https://www.harmj0y.net/blog/activedirectory/roasting-as-reps/
+        if preauth_notreq:
+            custom_filter += '(userAccountControl:1.2.840.113556.1.4.803:=4194304)'
+        user_search_filter = '(samAccountType=805306368){}'.format(custom_filter)
+        if queried_username:
+            user_search_filter += '(samAccountName={})'.format(queried_username)
+        elif spn:
+            user_search_filter += '(servicePrincipalName=*)'
+
+        user_search_filter = '(&{})'.format(user_search_filter)
+
+        return self._ldap_search(user_search_filter, adobj.User, attributes=attributes)
+
+    @LDAPRPCRequester._ldap_connection_init
+    def get_netgroup(self, queried_groupname='*', queried_sid=str(),
+                     queried_username=str(), queried_domain=str(),
+                     ads_path=str(), admin_count=False, full_data=False,
+                     custom_filter=str()):
+
+        # RFC 4515, section 3
+        # However if we escape *, we can no longer use wildcard within `--groupname`
+        # Maybe we can raise a warning here ? 
+        if not '*' in queried_groupname:
+            queried_groupname = escape_filter_chars(queried_groupname)
+
+        if queried_username:
+            results = list()
+            sam_account_name_to_resolve = [queried_username]
+            first_run = True
+            while sam_account_name_to_resolve:
+                sam_account_name = escape_filter_chars(sam_account_name_to_resolve.pop(0))
+                if first_run:
+                    first_run = False
+                    if admin_count:
+                        custom_filter = '(&{}(admincount=1))'.format(custom_filter)
+                    objects = self.get_adobject(queried_sam_account_name=sam_account_name,
+                                                queried_domain=queried_domain,
+                                                ads_path=ads_path, custom_filter=custom_filter)
+                    objects += self.get_adobject(queried_name=sam_account_name,
+                                                 queried_domain=queried_domain,
+                                                 ads_path=ads_path, custom_filter=custom_filter)
+                else:
+                    objects = self.get_adobject(queried_sam_account_name=sam_account_name,
+                                                queried_domain=queried_domain)
+                    objects += self.get_adobject(queried_name=sam_account_name,
+                                                 queried_domain=queried_domain)
+
+                for obj in objects:
+                    try:
+                        if not isinstance(obj.memberof, list):
+                            obj.memberof = [obj.memberof]
+                    except AttributeError:
+                        continue
+                    for group_dn in obj.memberof:
+                        group_sam_account_name = group_dn.split(',')[0].split('=')[1]
+                        if not group_sam_account_name in results:
+                            results.append(group_sam_account_name)
+                            sam_account_name_to_resolve.append(group_sam_account_name)
+            final_results = list()
+            for group_sam_account_name in results:
+                obj_member_of = adobj.Group(list())
+                setattr(obj_member_of, 'samaccountname', group_sam_account_name)
+                final_results.append(obj_member_of)
+            return final_results
+        else:
+            if admin_count:
+                custom_filter += '(admincount=1)'
+
+            group_search_filter = custom_filter
+            group_search_filter += '(objectCategory=group)'
+
+            if queried_sid:
+                group_search_filter += '(objectSid={})'.format(queried_sid)
+            elif queried_groupname:
+                group_search_filter += '(name={})'.format(queried_groupname)
+
+            if full_data:
+                attributes=list()
+            else:
+                attributes=['samaccountname']
+
+            group_search_filter = '(&{})'.format(group_search_filter)
+            return self._ldap_search(group_search_filter, adobj.Group, attributes=attributes)
+
+    @LDAPRPCRequester._ldap_connection_init
+    def get_netcomputer(self, queried_computername='*', queried_spn=str(),
+                        queried_os=str(), queried_sp=str(), queried_domain=str(),
+                        ads_path=str(), printers=False, unconstrained=False,
+                        ping=False, full_data=False, custom_filter=str(), attributes=[]):
+
+        if unconstrained:
+            custom_filter += '(userAccountControl:1.2.840.113556.1.4.803:=524288)'
+
+        if printers:
+            custom_filter += '(objectCategory=printQueue)'
+
+        computer_search_filter = '(samAccountType=805306369){}'.format(custom_filter)
+        for (attr_desc, attr_value) in (('servicePrincipalName', queried_spn),
+                ('operatingSystem', queried_os), ('operatingsystemservicepack', queried_sp),
+                ('dnsHostName', queried_computername)):
+            if attr_value:
+                computer_search_filter += '({}={})'.format(attr_desc, attr_value)
+
+        if full_data:
+            attributes=list()
+        else:
+            if not attributes:
+                attributes=['dnsHostName']
+
+        computer_search_filter = '(&{})'.format(computer_search_filter)
+
+        return self._ldap_search(computer_search_filter, adobj.Computer, attributes=attributes)
+
+    @LDAPRPCRequester._ldap_connection_init
+    def get_netdomaincontroller(self, queried_domain=str()):
+
+        domain_controller_filter = '(userAccountControl:1.2.840.113556.1.4.803:=8192)'
+
+        return self.get_netcomputer(queried_domain=queried_domain, full_data=True,
+                                    custom_filter=domain_controller_filter)
+
+    @LDAPRPCRequester._ldap_connection_init
+    def get_netfileserver(self, queried_domain=str(), target_users=list()):
+
+        def split_path(path):
+            split_path = path.split('\\')
+            if len(split_path) >= 3:
+                return split_path[2]
+
+        file_server_attributes = ['homedirectory', 'scriptpath', 'profilepath']
+        results = set()
+        if target_users:
+            users = list()
+            for target_user in target_users:
+                users += self.get_netuser(target_user, queried_domain,
+                        attributes=file_server_attributes)
+        else:
+            users = self.get_netuser(queried_domain=queried_domain,
+                    attributes=file_server_attributes)
+
+        for user in users:
+            for full_path in (user.homedirectory, user.scriptpath, user.profilepath):
+                if not full_path:
+                    continue
+                path = split_path(full_path)
+                if path:
+                    results.add(path)
+
+        final_results = list()
+        for file_server_name in results:
+            attributes = list()
+            attributes.append({'type': 'dnshostname', 'vals': [file_server_name]})
+            final_results.append(adobj.FileServer(attributes))
+
+        return final_results
+
+    @LDAPRPCRequester._ldap_connection_init
+    def get_dfsshare(self, version=['v1', 'v2'], queried_domain=str(), ads_path=str()):
+
+        def _get_dfssharev1():
+            dfs_search_filter = '(objectClass=fTDfs)'
+
+            intermediate_results = self._ldap_search(dfs_search_filter, adobj.ADObject,
+                                                attributes=['remoteservername', 'name'])
+            results = list()
+            for dfs in intermediate_results:
+                for remote_server in dfs.remoteservername:
+                    remote_server = str(remote_server)
+                    if '\\' in remote_server:
+                        attributes = list()
+                        attributes.append({'type': 'name', 'vals': [dfs.name]})
+                        attributes.append({'type': 'remoteservername', 'vals': [remote_server.split('\\')[2]]})
+                        results.append(adobj.DFS(attributes))
+
+            return results
+
+        def _get_dfssharev2():
+            dfs_search_filter = '(objectClass=msDFS-Linkv2)'
+
+            intermediate_results = self._ldap_search(dfs_search_filter, adobj.ADObject,
+                                                attributes=['msdfs-linkpathv2','msDFS-TargetListv2'])
+            results = list()
+            for dfs in intermediate_results:
+                attributes = list()
+
+                share_name = getattr(dfs, 'msdfs-linkpathv2')
+
+                xml_target_list = getattr(dfs, 'msdfs-targetlistv2')[2:].decode('utf-16le')
+                soup_target_list = BeautifulSoup(xml_target_list, 'xml')
+                for target in soup_target_list.targets.contents:
+                    if '\\' in target.string:
+                        server_name, dfs_root = target.string.split('\\')[2:4]
+                        attributes.append({'type': 'remoteservername',
+                                          'vals': [server_name]})
+                        attributes.append({'type': 'name',
+                                           'vals': ['{}{}'.format(dfs_root, share_name)]})
+
+                results.append(adobj.DFS(attributes))
+
+            return results
+
+        version_to_function = {'v1': _get_dfssharev1, 'v2': _get_dfssharev2}
+        results = list()
+
+        for v in version:
+            results += version_to_function[v]()
+
+        return results
+
+    @LDAPRPCRequester._ldap_connection_init
+    def get_netou(self, queried_domain=str(), queried_ouname='*',
+                  queried_guid=str(), ads_path=str(), full_data=False):
+
+        ou_search_filter = '(objectCategory=organizationalUnit)'
+
+        if queried_ouname:
+            ou_search_filter += '(name={})'.format(queried_ouname)
+
+        if queried_guid:
+            ou_search_filter += '(gplink=*{}*)'.format(queried_guid)
+
+        if full_data:
+            attributes = list()
+        else:
+            attributes = ['distinguishedName']
+
+        ou_search_filter = '(&{})'.format(ou_search_filter)
+
+        return self._ldap_search(ou_search_filter, adobj.OU, attributes=attributes)
+
+    @LDAPRPCRequester._ldap_connection_init
+    def get_netsite(self, queried_domain=str(), queried_sitename=str(),
+                    queried_guid=str(), ads_path=str(), ads_prefix=str(),
+                    full_data=False):
+
+        site_search_filter = '(objectCategory=site)'
+
+        if queried_sitename:
+            site_search_filter += '(name={})'.format(queried_sitename)
+
+        if queried_guid:
+            site_search_filter += '(gplink=*{}*)'.format(queried_guid)
+
+        if full_data:
+            attributes = list()
+        else:
+            attributes = ['name']
+
+        site_search_filter = '(&{})'.format(site_search_filter)
+
+        return self._ldap_search(site_search_filter, adobj.Site, attributes=attributes)
+
+    @LDAPRPCRequester._ldap_connection_init
+    def get_netsubnet(self, queried_domain=str(), queried_sitename=str(),
+                      ads_path=str(), ads_prefix=str(), full_data=False):
+
+        subnet_search_filter = '(objectCategory=subnet)'
+
+        if queried_sitename:
+            if not queried_sitename.endswith('*'):
+                queried_sitename += '*'
+            subnet_search_filter += '(siteobject=*CN={})'.format(queried_sitename)
+
+        if full_data:
+            attributes = list()
+        else:
+            attributes = ['name', 'siteobject']
+
+        subnet_search_filter = '(&{})'.format(subnet_search_filter)
+
+        return self._ldap_search(subnet_search_filter, adobj.Subnet, attributes=attributes)
+
+    @LDAPRPCRequester._ldap_connection_init
+    def get_netgroupmember(self, queried_groupname=str(), queried_sid=str(),
+                           queried_domain=str(), ads_path=str(), recurse=False,
+                           use_matching_rule=False, full_data=False,
+                           custom_filter=str()):
+
+        def _get_members(_groupname=str(), _sid=str()):
+            try:
+                # `--groupname` option is supplied
+                if _groupname:
+                    groups = self.get_netgroup(queried_groupname=_groupname,
+                                               queried_domain=queried_domain,
+                                               full_data=True)
+
+                # `--groupname` option is missing, falling back to the "Domain Admins"
+                else:
+                    if _sid:
+                        queried_sid = _sid
+                    else:
+                        with pywerview.functions.misc.Misc(self._domain_controller,
+                                                           self._domain, self._user,
+                                                           self._password, self._lmhash,
+                                                           self._nthash) as misc_requester:
+                            queried_sid = misc_requester.get_domainsid(queried_domain) + '-512'
+                    groups = self.get_netgroup(queried_sid=queried_sid,
+                                               queried_domain=queried_domain,
+                                               full_data=True)
+            except IndexError:
+                raise ValueError('The group {} was not found'.format(_groupname))
+
+            final_members = list()
+
+            for group in groups:
+                members = list()
+                if recurse and use_matching_rule:
+                    group_memberof_filter = '(&(samAccountType=805306368)(memberof:1.2.840.113556.1.4.1941:={}){})'.format(group.distinguishedname, custom_filter)
+
+                    members = self.get_netuser(custom_filter=group_memberof_filter,
+                                               queried_domain=queried_domain)
+                else:
+                    # TODO: range cycling
+                    try:
+                        for member in group.member:
+                            # RFC 4515, section 3
+                            member = escape_filter_chars(member, encoding='utf-8')
+                            dn_filter = '(distinguishedname={}){}'.format(member, custom_filter)
+                            members += self.get_netuser(custom_filter=dn_filter, queried_domain=queried_domain)
+                            members += self.get_netgroup(custom_filter=dn_filter, queried_domain=queried_domain, full_data=True)
+                    # The group doesn't have any members
+                    except AttributeError:
+                        continue
+
+                for member in members:
+                    if full_data:
+                        final_member = member
+                    else:
+                        final_member = adobj.ADObject(list())
+
+                    member_dn = member.distinguishedname
+                    try:
+                        member_domain = member_dn[member_dn.index('DC='):].replace('DC=', '').replace(',', '.')
+                    except IndexError:
+                        member_domain = str()
+                    is_group = (member.samaccounttype != '805306368')
+
+                    attributes = dict()
+                    if queried_domain:
+                        attributes['groupdomain'] = queried_domain
+                    else:
+                        attributes['groupdomain'] = self._domain
+                    attributes['groupname'] = group.name
+                    attributes['membername'] = member.samaccountname
+                    attributes['memberdomain'] = member_domain
+                    attributes['isgroup'] = is_group
+                    attributes['memberdn'] = member_dn
+                    attributes['membersid'] = member.objectsid
+
+                    final_member.add_attributes(attributes)
+
+                    final_members.append(final_member)
+
+            return final_members
+
+        results = list()
+        groups_to_process = [(queried_groupname, queried_sid)]
+
+        while groups_to_process:
+            groupname, sid = groups_to_process.pop(0)
+            members = _get_members(groupname, sid)
+
+            for member in members:
+                results.append(member)
+                if (recurse and (not use_matching_rule) and member.isgroup and member.membername):
+                    groups_to_process.append((member.membername, str()))
+
+        return results
+
+    @LDAPRPCRequester._ldap_connection_init
+    def get_netdomaintrust(self, queried_domain):
+        trust_search_filter = '(&(objectClass=trustedDomain))'
+
+        return self._ldap_search(trust_search_filter, adobj.Trust)
+
+    @LDAPRPCRequester._rpc_connection_init(r'\srvsvc')
+    def get_netsession(self):
+
+        try:
+            resp = srvs.hNetrSessionEnum(self._rpc_connection, '\x00', NULL, 10)
+        except DCERPCException:
+            return list()
+
+        results = list()
+        for session in resp['InfoStruct']['SessionInfo']['Level10']['Buffer']:
+            results.append(rpcobj.Session(session))
+
+        return results
+
+    @LDAPRPCRequester._rpc_connection_init(r'\srvsvc')
+    def get_netshare(self):
+
+        resp = srvs.hNetrShareEnum(self._rpc_connection, 1)
+
+        results = list()
+        for share in resp['InfoStruct']['ShareInfo']['Level1']['Buffer']:
+            results.append(rpcobj.Share(share))
+
+        return results
+
+    @LDAPRPCRequester._rpc_connection_init(r'\srvsvc')
+    def get_localdisks(self):
+
+        resp = srvs.hNetrServerDiskEnum(self._rpc_connection, 0)
+
+        results = list()
+        for disk in resp['DiskInfoStruct']['Buffer']:
+            if disk['Disk'] != '\x00':
+                results.append(rpcobj.Disk(disk))
+
+        return results
+
+    @LDAPRPCRequester._rpc_connection_init(r'\samr')
+    def get_netdomain(self):
+
+        resp = samr.hSamrConnect(self._rpc_connection)
+        server_handle = resp['ServerHandle']
+
+        # We first list every domain in the SAM
+        resp = samr.hSamrEnumerateDomainsInSamServer(self._rpc_connection, server_handle)
+
+        results = list()
+        for domain in resp['Buffer']['Buffer']:
+            results.append(domain['Name'])
+
+        return results
+
+    @LDAPRPCRequester._rpc_connection_init(r'\wkssvc')
+    def get_netloggedon(self):
+
+        try:
+            resp = wkst.hNetrWkstaUserEnum(self._rpc_connection, 1)
+        except DCERPCException:
+            return list()
+
+        results = list()
+        for wksta_user in resp['UserInfo']['WkstaUserInfo']['Level1']['Buffer']:
+            results.append(rpcobj.WkstaUser(wksta_user))
+
+        return results
+
+    # TODO: if self._target_computer == self._domain_controller, check that
+    # self._domain_controller is indeed a domain controller
+    @LDAPRPCRequester._ldap_connection_init
+    @LDAPRPCRequester._rpc_connection_init(r'\samr')
+    def get_netlocalgroup(self, queried_groupname=str(), list_groups=False,
+                          recurse=False):
+        from impacket.nt_errors import STATUS_MORE_ENTRIES
+        results = list()
+
+        resp = samr.hSamrConnect(self._rpc_connection)
+        server_handle = resp['ServerHandle']
+
+        # We first list every domain in the SAM
+        resp = samr.hSamrEnumerateDomainsInSamServer(self._rpc_connection, server_handle)
+        domains = resp['Buffer']['Buffer']
+        domain_handles = dict()
+        for local_domain in domains:
+            resp = samr.hSamrLookupDomainInSamServer(self._rpc_connection, server_handle, local_domain['Name'])
+            domain_sid = 'S-1-5-{}'.format('-'.join(str(x) for x in resp['DomainId']['SubAuthority']))
+            resp = samr.hSamrOpenDomain(self._rpc_connection, serverHandle=server_handle, domainId=resp['DomainId'])
+            domain_handles[domain_sid] = resp['DomainHandle']
+
+        # If we list the groups
+        if list_groups:
+            # We browse every domain
+            for domain_sid, domain_handle in domain_handles.items():
+                # We enumerate local groups in every domain
+                enumeration_context = 0
+                groups = list()
+                while True:
+                    resp = samr.hSamrEnumerateAliasesInDomain(self._rpc_connection, domain_handle,
+                            enumerationContext=enumeration_context)
+                    groups += resp['Buffer']['Buffer']
+
+                    enumeration_context = resp['EnumerationContext']
+                    if resp['ErrorCode'] != STATUS_MORE_ENTRIES:
+                        break
+
+                # We get information on every group
+                for group in groups:
+                    resp = samr.hSamrRidToSid(self._rpc_connection, domain_handle, rid=group['RelativeId'])
+                    sid = 'S-1-5-{}'.format('-'.join(str(x) for x in resp['Sid']['SubAuthority']))
+
+                    resp = samr.hSamrOpenAlias(self._rpc_connection, domain_handle, aliasId=group['RelativeId'])
+                    alias_handle = resp['AliasHandle']
+                    resp = samr.hSamrQueryInformationAlias(self._rpc_connection, alias_handle)
+
+                    final_group = rpcobj.Group(resp['Buffer']['General'])
+                    final_group.add_attributes({'server': self._target_computer, 'sid': sid})
+
+                    results.append(final_group)
+
+                    samr.hSamrCloseHandle(self._rpc_connection, alias_handle)
+
+                samr.hSamrCloseHandle(self._rpc_connection, domain_handle)
+        # If we query a group
+        else:
+            queried_group_rid = None
+            queried_group_domain_handle = None
+
+            # If the user is looking for a particular group
+            if queried_groupname:
+                # We look for it in every domain
+                for _, domain_handle in domain_handles.items():
+                    try:
+                        resp = samr.hSamrLookupNamesInDomain(self._rpc_connection, domain_handle, [queried_groupname])
+                        queried_group_rid = resp['RelativeIds']['Element'][0]['Data']
+                        queried_group_domain_handle = domain_handle
+                        break
+                    except (DCERPCSessionError, KeyError, IndexError):
+                        continue
+                else:
+                    raise ValueError('The group \'{}\' was not found on the target server'.format(queried_groupname))
+            # Otherwise, we look for the local Administrators group
+            else:
+                queried_group_rid = 544
+                resp = samr.hSamrLookupDomainInSamServer(self._rpc_connection, server_handle, 'BUILTIN')
+                resp = samr.hSamrOpenDomain(self._rpc_connection, serverHandle=server_handle, domainId=resp['DomainId'])
+                queried_group_domain_handle = resp['DomainHandle']
+
+            # We get a handle on the group, and list its members
+            try:
+                group = samr.hSamrOpenAlias(self._rpc_connection, queried_group_domain_handle, aliasId=queried_group_rid)
+                resp = samr.hSamrGetMembersInAlias(self._rpc_connection, group['AliasHandle'])
+            except DCERPCSessionError:
+                raise ValueError('The name \'{}\' is not a valid group on the target server'.format(queried_groupname))
+
+            # For every user, we look for information in every local domain
+            for member in resp['Members']['Sids']:
+                attributes = dict()
+                member_rid = member['SidPointer']['SubAuthority'][-1]
+                member_sid = 'S-1-5-{}'.format('-'.join(str(x) for x in member['SidPointer']['SubAuthority']))
+
+                attributes['server'] = self._target_computer
+                attributes['sid'] = member_sid
+
+                for domain_sid, domain_handle in domain_handles.items():
+                    # We've found a local member
+                    if member_sid.startswith(domain_sid):
+                        attributes['isdomain'] = False
+                        resp = samr.hSamrQueryInformationDomain(self._rpc_connection, domain_handle)
+                        member_domain = resp['Buffer']['General2']['I1']['DomainName']
+                        try:
+                            resp = samr.hSamrOpenUser(self._rpc_connection, domain_handle, userId=member_rid)
+                            member_handle = resp['UserHandle']
+                            attributes['isgroup'] = False
+                            resp = samr.hSamrQueryInformationUser(self._rpc_connection, member_handle)
+                            attributes['name'] = '{}/{}'.format(member_domain, resp['Buffer']['General']['UserName'])
+                        except DCERPCSessionError:
+                            resp = samr.hSamrOpenAlias(self._rpc_connection, domain_handle, aliasId=member_rid)
+                            member_handle = resp['AliasHandle']
+                            attributes['isgroup'] = True
+                            resp = samr.hSamrQueryInformationAlias(self._rpc_connection, member_handle)
+                            attributes['name'] = '{}/{}'.format(member_domain, resp['Buffer']['General']['Name'])
+                        attributes['lastlogin'] = str()
+                        break
+                # It's a domain member
+                else:
+                    attributes['isdomain'] = True
+                    if self._ldap_connection is not None:
+                        try:
+                            ad_object = self.get_adobject(queried_sid=member_sid)[0]
+                            member_dn = ad_object.distinguishedname
+                            member_domain = member_dn[member_dn.index('DC='):].replace('DC=', '').replace(',', '.')
+                            try:
+                                attributes['name'] = '{}/{}'.format(member_domain, ad_object.samaccountname)
+                            except AttributeError:
+                                # Here, the member is a foreign security principal
+                                # TODO: resolve it properly
+                                attributes['name'] = '{}/{}'.format(member_domain, ad_object.objectsid)
+                            attributes['isgroup'] = ad_object.isgroup
+                            try:
+                                attributes['lastlogin'] = ad_object.lastlogon
+                            except AttributeError:
+                                attributes['lastlogin'] = str()
+                        except IndexError:
+                            # We did not manage to resolve this SID against the DC
+                            attributes['isdomain'] = False
+                            attributes['isgroup'] = False
+                            attributes['name'] = attributes['sid']
+                            attributes['lastlogin'] = str()
+                    else:
+                        attributes['isgroup'] = False
+                        attributes['name'] = str()
+                        attributes['lastlogin'] = str()
+
+                results.append(rpcobj.RPCObject(attributes))
+
+                # If we recurse and the member is a domain group, we query every member
+                # TODO: implement check on self._domain_controller here?
+                if self._ldap_connection and self._domain_controller and recurse and attributes['isdomain'] and attributes['isgroup']:
+                    for domain_member in self.get_netgroupmember(full_data=True, recurse=True, queried_sid=attributes['sid']):
+                        domain_member_attributes = dict()
+                        domain_member_attributes['isdomain'] = True
+                        member_dn = domain_member.distinguishedname
+                        member_domain = member_dn[member_dn.index('DC='):].replace('DC=', '').replace(',', '.')
+                        domain_member_attributes['name'] = '{}/{}'.format(member_domain, domain_member.samaccountname)
+                        domain_member_attributes['isgroup'] = domain_member.isgroup
+                        domain_member_attributes['isdomain'] = True
+                        domain_member_attributes['server'] = attributes['name']
+                        domain_member_attributes['sid'] = domain_member.objectsid
+                        try:
+                            domain_member_attributes['lastlogin'] = ad_object.lastlogon
+                        except AttributeError:
+                            domain_member_attributes['lastlogin'] = str()
+                        results.append(rpcobj.RPCObject(domain_member_attributes))
+
+        return results
+
+    @LDAPRPCRequester._wmi_connection_init()
+    def get_netprocess(self):
+        wmi_enum_process = self._wmi_connection.ExecQuery('SELECT * from Win32_Process',
+                                                          lFlags=WBEM_FLAG_FORWARD_ONLY)
+        while True:
+            try:
+                # TODO: do we have to get them one by one?
+                wmi_process = wmi_enum_process.Next(0xffffffff, 1)[0]
+                wmi_process_owner = wmi_process.GetOwner()
+                attributes = {'computername': self._target_computer,
+                              'processname': wmi_process.Name,
+                              'processid': wmi_process.ProcessId,
+                              'user': wmi_process_owner.User,
+                              'domain': wmi_process_owner.Domain}
+
+                result_process = rpcobj.Process(attributes)
+                yield result_process
+            except Exception as e:
+                if str(e).find('S_FALSE') < 0:
+                    raise e
+                else:
+                    break
+
+    @LDAPRPCRequester._wmi_connection_init()
+    def get_userevent(self, event_type=['logon', 'tgt'], date_start=5):
+        limit_date = (datetime.datetime.today() - datetime.timedelta(days=date_start)).strftime('%Y%m%d%H%M%S.%f-000')
+        if event_type == ['logon']:
+            where_clause = 'EventCode=4624'
+        elif event_type == ['tgt']:
+            where_clause = 'EventCode=4768'
+        else:
+            where_clause = '(EventCode=4624 OR EventCode=4768)'
+
+        wmi_enum_event = self._wmi_connection.ExecQuery('SELECT * from Win32_NTLogEvent where {}'\
+                                                        'and TimeGenerated >= \'{}\''.format(where_clause, limit_date),
+                                                        lFlags=WBEM_FLAG_FORWARD_ONLY)
+        while True:
+            try:
+                # TODO: do we have to get them one by one?
+                wmi_event = wmi_enum_event.Next(0xffffffff, 1)[0]
+                wmi_event_type = wmi_event.EventIdentifier
+                wmi_event_info = wmi_event.InsertionStrings
+                time = datetime.datetime.strptime(wmi_event.TimeGenerated, '%Y%m%d%H%M%S.%f-000')
+                if wmi_event_type == 4624:
+                    logon_type = int(wmi_event_info[8])
+                    user = wmi_event_info[5]
+                    domain = wmi_event_info[6]
+                    address = wmi_event_info[18]
+                    if logon_type not in [2, 3] or user.endswith('$') \
+                       or (user.lower == 'anonymous logon'):
+                        continue
+                else:
+                    logon_type = str()
+                    user = wmi_event_info[0]
+                    domain = wmi_event_info[1]
+                    address = wmi_event_info[9].replace('::ffff:', '')
+
+                attributes = {'computername': self._target_computer,
+                              'logontype': logon_type,
+                              'username': user,
+                              'domain': domain,
+                              'address': address,
+                              'time': time,
+                              'id': wmi_event_type}
+                result_event = rpcobj.Event(attributes)
+                yield result_event
+            except Exception as e:
+                if str(e).find('S_FALSE') < 0:
+                    raise e
+                else:
+                    break
+
diff --git a/pywerview/objects/__init__.py b/pywerview/objects/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/pywerview/objects/adobjects.py b/pywerview/objects/adobjects.py
new file mode 100644
index 0000000..908fee8
--- /dev/null
+++ b/pywerview/objects/adobjects.py
@@ -0,0 +1,265 @@
+# This file is part of PywerView.
+
+# PywerView is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# PywerView is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with PywerView.  If not, see <http://www.gnu.org/licenses/>.
+
+# Yannick Méheut [yannick (at) meheut (dot) org] - Copyright © 2021
+
+from datetime import datetime, timedelta
+import inspect
+import struct
+import pyasn1
+import codecs
+
+class ADObject:
+    __uac_flags = {0x0000001: 'SCRIPT',
+                   0x0000002: 'ACCOUNTDISABLE',
+                   0x0000008: 'HOMEDIR_REQUIRED',
+                   0x0000010: 'LOCKOUT',
+                   0x0000020: 'PASSWD_NOTREQD',
+                   0x0000040: 'PASSWD_CANT_CHANGE',
+                   0x0000080: 'ENCRYPTED_TEXT_PWD_ALLOWED',
+                   0x0000100: 'TEMP_DUPLICATE_ACCOUNT',
+                   0x0000200: 'NORMAL_ACCOUNT',
+                   0x0000800: 'INTERDOMAIN_TRUST_ACCOUNT',
+                   0x0001000: 'WORKSTATION_TRUST_ACCOUNT',
+                   0x0002000: 'SERVER_TRUST_ACCOUNT',
+                   0x0010000: 'DONT_EXPIRE_PASSWORD',
+                   0x0020000: 'MNS_LOGON_ACCOUNT',
+                   0x0040000: 'SMARTCARD_REQUIRED',
+                   0x0080000: 'TRUSTED_FOR_DELEGATION',
+                   0x0100000: 'NOT_DELEGATED',
+                   0x0200000: 'USE_DES_KEY_ONLY',
+                   0x0400000: 'DONT_REQ_PREAUTH',
+                   0x0800000: 'PASSWORD_EXPIRED',
+                   0x1000000: 'TRUSTED_TO_AUTH_FOR_DELEGATION',
+                   0x4000000: 'PARTIAL_SECRETS_ACCOUNT'}
+
+    def __init__(self, attributes):
+        self.add_attributes(attributes)
+
+    def add_attributes(self, attributes):
+        for attr in attributes:
+            #print(attr)
+            #print(attributes[attr], attr)
+            t = str(attr).lower()
+            if t in ('logonhours', 'msds-generationid'):
+                value = bytes(attributes[attr][0])
+                value = [x for x in value]
+            elif t in ('trustattributes', 'trustdirection', 'trusttype'):
+                value = int(attributes[attr][0])
+            elif t in ('objectsid', 'ms-ds-creatorsid'):
+                value = codecs.encode(bytes(attributes[attr][0]),'hex')
+                init_value = bytes(attributes[attr][0])
+                value = 'S-{0}-{1}'.format(init_value[0], init_value[1])
+                for i in range(8, len(init_value), 4):
+                    value += '-{}'.format(str(struct.unpack('<I', init_value[i:i+4])[0]))
+            elif t == 'objectguid':
+                init_value = bytes(attributes[attr][0])
+                value = str()
+                value += '{}-'.format(hex(struct.unpack('<I', init_value[0:4])[0])[2:].zfill(8))
+                value += '{}-'.format(hex(struct.unpack('<H', init_value[4:6])[0])[2:].zfill(4))
+                value += '{}-'.format(hex(struct.unpack('<H', init_value[6:8])[0])[2:].zfill(4))
+                value += '{}-'.format((codecs.encode(init_value,'hex')[16:20]).decode('utf-8'))
+                value += init_value.hex()[20:]
+            elif t in ('dscorepropagationdata', 'whenchanged', 'whencreated'):
+                value = list()
+                for val in attributes[attr]:
+                    value.append(str(datetime.strptime(str(val.decode('utf-8')), '%Y%m%d%H%M%S.0Z')))
+            elif t in ('accountexpires', 'pwdlastset', 'badpasswordtime', 'lastlogontimestamp', 'lastlogon', 'lastlogoff'):
+                try:
+                    filetimestamp = int(attributes[attr][0].decode('utf-8'))
+                    if filetimestamp != 9223372036854775807:
+                        timestamp = (filetimestamp - 116444736000000000)/10000000
+                        value = datetime.fromtimestamp(0) + timedelta(seconds=timestamp)
+                    else:
+                        value = 'never'
+                except IndexError:
+                    value = 'empty'
+            elif t == 'isgroup':
+                value = attributes[attr]
+            elif t == 'objectclass':
+                value = [x.decode('utf-8') for x in attributes[attr]]
+                setattr(self, 'isgroup', ('group' in value))
+            elif len(attributes[attr]) > 1:
+                try:
+                    value = [x.decode('utf-8') for x in attributes[attr]]
+                except (UnicodeDecodeError):
+                    value = [x for x in attributes[attr]]
+                except (AttributeError):
+                    value = attributes[attr]
+            else:
+                try:
+                    value = attributes[attr][0].decode('utf-8')
+                except (IndexError):
+                    value = str()
+                except (UnicodeDecodeError):
+                    value = attributes[attr][0]
+
+            setattr(self, t, value)
+
+    def __str__(self):
+        s = str()
+        members = inspect.getmembers(self, lambda x: not(inspect.isroutine(x)))
+        max_length = 0
+        for member in members:
+            if not member[0].startswith('_'):
+                if len(member[0]) > max_length:
+                    max_length = len(member[0])
+        for member in members:
+            if not member[0].startswith('_'):
+                if member[0] == 'msmqdigests':
+                    member_value = (',\n' + ' ' * (max_length + 2)).join(x.hex() for x in member[1])
+                elif member[0] == 'useraccountcontrol':
+                    member_value = list()
+                    for uac_flag, uac_label in ADObject.__uac_flags.items():
+                        if int(member[1]) & uac_flag == uac_flag:
+                            member_value.append(uac_label)
+                elif isinstance(member[1], list):
+                    if member[0] in ('logonhours',):
+                        member_value = member[1]
+                    elif member[0] in ('usercertificate',
+                                       'protocom-sso-entries', 'protocom-sso-security-prefs',):
+                        member_value = (',\n' + ' ' * (max_length + 2)).join(
+                                '{}...'.format(x.hex()[:100]) for x in member[1])
+                    else:
+                        member_value = (',\n' + ' ' * (max_length + 2)).join(str(x) for x in member[1])
+                elif member[0] in('msmqsigncertificates', 'userparameters',
+                                  'jpegphoto', 'thumbnailphoto', 'usercertificate',
+                                  'msexchmailboxguid', 'msexchmailboxsecuritydescriptor',
+                                  'msrtcsip-userroutinggroupid', 'msexchumpinchecksum',
+                                  'protocom-sso-auth-data', 'protocom-sso-entries-checksum',
+                                  'protocom-sso-security-prefs-checksum', ):
+                    # Attribut exists but it is empty
+                    try:
+                        member_value = '{}...'.format(member[1].hex()[:100])
+                    except AttributeError:
+                        member_value = ''
+                else:
+                    member_value = member[1]
+                s += '{}: {}{}\n'.format(member[0], ' ' * (max_length - len(member[0])), member_value)
+
+        s = s[:-1]
+        return s
+
+    def __repr__(self):
+        return str(self)
+
+class User(ADObject):
+    def __init__(self, attributes):
+        ADObject.__init__(self, attributes)
+        for attr in filter(lambda _: _ in attributes, ('homedirectory',
+                                                       'scriptpath',
+                                                       'profilepath')):
+            if not hasattr(self, attr):
+                setattr(self, attr, str())
+
+class Group(ADObject):
+    def __init__(self, attributes):
+        ADObject.__init__(self, attributes)
+        try:
+            if not isinstance(self.member, list):
+                self.member = [self.member]
+        except AttributeError:
+            pass
+
+class Computer(ADObject):
+    pass
+
+class FileServer(ADObject):
+    pass
+
+class DFS(ADObject):
+    pass
+
+class OU(ADObject):
+    def __init__(self, attributes):
+        ADObject.__init__(self, attributes)
+        self.distinguishedname = 'LDAP://{}'.format(self.distinguishedname)
+
+class Site(ADObject):
+    pass
+
+class Subnet(ADObject):
+    pass
+
+class Trust(ADObject):
+    __trust_attrib = {0x1: 'non_transitive', 0x2: 'uplevel_only',
+                      0x4: 'filter_sids', 0x8: 'forest_transitive',
+                      0x10: 'cross_organization', 0x20: 'within_forest',
+                      0x40: 'treat_as_external',
+                      0x80: 'trust_uses_rc4_encryption',
+                      0x100: 'trust_uses_aes_keys',
+                      0X200: 'cross_organization_no_tgt_delegation',
+                      0x400: 'pim_trust'}
+
+    __trust_direction = {0: 'disabled', 1: 'inbound',
+                         2: 'outbound', 3: 'bidirectional'}
+
+    __trust_type = {1: 'windows_non_active_directory',
+                    2: 'windows_active_directory', 3: 'mit'}
+
+    def __init__(self, attributes):
+        ad_obj = ADObject(attributes)
+        self.targetname = ad_obj.name
+
+        self.trustdirection = Trust.__trust_direction.get(ad_obj.trustdirection, 'unknown')
+        self.trusttype = Trust.__trust_type.get(ad_obj.trusttype, 'unknown')
+        self.whencreated = ad_obj.whencreated
+        self.whenchanged = ad_obj.whenchanged
+
+        self.trustattributes = list()
+        for attrib_flag, attrib_label in Trust.__trust_attrib.items():
+            if ad_obj.trustattributes & attrib_flag:
+                self.trustattributes.append(attrib_label)
+
+        # If the filter SIDs attribute is not manually set, we check if we're
+        # not in a use case where SIDs are implicitly filtered
+        # Based on https://github.com/vletoux/pingcastle/blob/master/Healthcheck/TrustAnalyzer.cs
+        if 'filter_sids' not in self.trustattributes:
+            if not (self.trustdirection == 'disabled' or \
+                    self.trustdirection == 'inbound' or \
+                    'within_forest' in self.trustattributes or \
+                    'pim_trust' in self.trustattributes):
+                if 'forest_transitive' in self.trustattributes and 'treat_as_external' not in self.trustattributes:
+                    self.trustattributes.append('filter_sids')
+
+class GPO(ADObject):
+    pass
+
+class GptTmpl(ADObject):
+    def __str__(self):
+        s = str()
+        members = inspect.getmembers(self, lambda x: not(inspect.isroutine(x)))
+        for member in members:
+            if not member[0].startswith('_'):
+                s += '{}:\n'.format(member[0])
+                member_value_str = str(member[1])
+                for line in member_value_str.split('\n'):
+                    s += '\t{}\n'.format(line)
+
+        s = s[:-1]
+        return s
+
+class GPOGroup(ADObject):
+    pass
+
+class Policy(ADObject):
+    pass
+
+class GPOComputerAdmin(ADObject):
+    pass
+
+class GPOLocation(ADObject):
+    pass
+
diff --git a/pywerview/objects/rpcobjects.py b/pywerview/objects/rpcobjects.py
new file mode 100644
index 0000000..67bbb43
--- /dev/null
+++ b/pywerview/objects/rpcobjects.py
@@ -0,0 +1,86 @@
+# This file is part of PywerView.
+
+# PywerView is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# PywerView is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with PywerView.  If not, see <http://www.gnu.org/licenses/>.
+
+# Yannick Méheut [yannick (at) meheut (dot) org] - Copyright © 2021
+
+from __future__ import unicode_literals
+
+import inspect
+
+class RPCObject:
+    def __init__(self, obj):
+        attributes = dict()
+        try:
+            for key in obj.fields.keys():
+                attributes[key] = obj[key]
+        except AttributeError:
+            attributes = obj
+        self.add_attributes(attributes)
+
+    def add_attributes(self, attributes):
+        for key, value in attributes.items():
+            key = key.lower()
+            if key in ('wkui1_logon_domain', 'wkui1_logon_server',
+                       'wkui1_oth_domains', 'wkui1_username',
+                       'sesi10_cname', 'sesi10_username'):
+                value = value.rstrip('\x00')
+            
+            setattr(self, key.lower(), value)
+
+    def __str__(self):
+        s = str()
+        members = inspect.getmembers(self, lambda x: not(inspect.isroutine(x)))
+        max_length = 0
+        for member in members:
+            if not member[0].startswith('_'):
+                if len(member[0]) > max_length:
+                    max_length = len(member[0])
+        for member in members:
+            if not member[0].startswith('_'):
+                s += '{}: {}{}\n'.format(member[0], ' ' * (max_length - len(member[0])), member[1])
+
+        s = s[:-1]
+        return s
+
+    def __repr__(self):
+        return str(self)
+
+class TargetUser(RPCObject):
+    pass
+
+class Session(RPCObject):
+    pass
+
+class Share(RPCObject):
+    pass
+
+class WkstaUser(RPCObject):
+    pass
+
+class Group(RPCObject):
+    pass
+
+class Disk(RPCObject):
+    pass
+
+class Process(RPCObject):
+    def __init__(self, obj):
+        RPCObject.__init__(self, obj)
+        self.user = str(self.user)
+        self.domain = str(self.domain)
+
+class Event(RPCObject):
+    pass
+
diff --git a/pywerview/requester.py b/pywerview/requester.py
new file mode 100644
index 0000000..715f299
--- /dev/null
+++ b/pywerview/requester.py
@@ -0,0 +1,310 @@
+# This file is part of PywerView.
+
+# PywerView is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# PywerView is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with PywerView.  If not, see <http://www.gnu.org/licenses/>.
+
+# Yannick Méheut [yannick (at) meheut (dot) org] - Copyright © 2021
+
+import socket
+import ntpath
+import ldap3
+
+from impacket.smbconnection import SMBConnection
+from impacket.dcerpc.v5.rpcrt import RPC_C_AUTHN_LEVEL_PKT_PRIVACY
+from impacket.dcerpc.v5 import transport, wkst, srvs, samr, scmr, drsuapi, epm
+from impacket.dcerpc.v5.dcom import wmi
+from impacket.dcerpc.v5.dtypes import NULL
+from impacket.dcerpc.v5.dcomrt import DCOMConnection
+from impacket.dcerpc.v5.rpcrt import DCERPCException
+
+class LDAPRequester():
+    def __init__(self, domain_controller, domain=str(), user=(), password=str(),
+                 lmhash=str(), nthash=str()):
+        self._domain_controller = domain_controller
+        self._domain = domain
+        self._user = user
+        self._password = password
+        self._lmhash = lmhash
+        self._nthash = nthash
+        self._queried_domain = None
+        self._ads_path = None
+        self._ads_prefix = None
+        self._ldap_connection = None
+        self._base_dn = None
+
+    def _get_netfqdn(self):
+        try:
+            smb = SMBConnection(self._domain_controller, self._domain_controller)
+        except socket.error:
+            return str()
+
+        smb.login(self._user, self._password, domain=self._domain,
+                lmhash=self._lmhash, nthash=self._nthash)
+        fqdn = smb.getServerDNSDomainName()
+        smb.logoff()
+
+        return fqdn
+
+    def _create_ldap_connection(self, queried_domain=str(), ads_path=str(),
+                                ads_prefix=str()):
+        if not self._domain:
+            self._domain = self._get_netfqdn()
+
+        if not queried_domain:
+            queried_domain = self._get_netfqdn()
+        self._queried_domain = queried_domain
+
+        base_dn = str()
+
+        if ads_prefix:
+            self._ads_prefix = ads_prefix
+            base_dn = '{},'.format(self._ads_prefix)
+
+        if ads_path:
+            # TODO: manage ADS path starting with 'GC://'
+            if ads_path.upper().startswith('LDAP://'):
+                ads_path = ads_path[7:]
+            self._ads_path = ads_path
+            base_dn += self._ads_path
+        else:
+            base_dn += ','.join('dc={}'.format(x) for x in self._queried_domain.split('.'))
+
+        # base_dn is no longer used within `_create_ldap_connection()`, but I don't want to break
+        # the function call. So we store it in an attriute and use it in `_ldap_search()`
+        self._base_dn = base_dn
+        
+        # Format the username and the domain
+        # ldap3 seems not compatible with USER@DOMAIN format
+        user = '{}\\{}'.format(self._domain, self._user)
+        
+        # Choose between password or pth  
+        # TODO: Test the SSL fallbck, is cert verification disabled ?  
+        if self._lmhash and self._nthash:
+            lm_nt_hash  = '{}:{}'.format(self._lmhash, self._nthash)
+            
+            ldap_server = ldap3.Server('ldap://{}'.format(self._domain_controller))
+            
+            try:
+                ldap_connection = ldap3.Connection(ldap_server, user, lm_nt_hash, 
+                                                   authentication = ldap3.NTLM)
+            except ldap3.core.exceptions.LDAPStrongerAuthRequiredResult as e:
+                # We need to try SSL (pth version)
+                if str(e).find('strongerAuthRequired') >= 0:
+                    ldap_server = ldap3.Server('ldaps://{}'.format(self._domain_controller))
+                    ldap_connection = ldap3.Connection(ldap_server, user, lm_nt_hash, 
+                                                       authentication = ldap3.NTLM)
+                
+        else:
+            ldap_server = ldap3.Server('ldap://{}'.format(self._domain_controller))
+            try:
+                ldap_connection = ldap3.Connection(ldap_server, user, self._password,
+                                                   authentication = ldap3.NTLM)
+            except ldap3.core.exceptions.LDAPStrongerAuthRequiredResult as e:
+                # We nedd to try SSL (password version)
+                if str(e).find('strongerAuthRequired') >= 0:
+                    ldap_server = ldap3.Server('ldaps://{}'.format(self._domain_controller))
+                    ldap_connection = ldap3.Connection(ldap_server, user, self._password,
+                                                       authentication = ldap3.NTLM)        
+
+        # TODO: exit on error ?
+        if not ldap_connection.bind():
+            print('error in bind', ldap_connection.result())
+            return
+
+        self._ldap_connection = ldap_connection
+
+    def _ldap_search(self, search_filter, class_result, attributes=list()):
+        results = list()
+       
+        # if no attribute name specified, we return all attributes 
+        if not attributes:
+            attributes =  ldap3.ALL_ATTRIBUTES 
+
+        try: 
+            # Microsoft Active Directory set an hard limit of 1000 entries returned by any search
+            search_results=self._ldap_connection.extend.standard.paged_search(search_base=self._base_dn,
+                    search_filter=search_filter, attributes=attributes,
+                    paged_size=1000, generator=True)
+        # TODO: for debug only
+        except Exception as e:
+            import sys
+            print('Except: ', sys.exc_info()[0])
+
+        # Skip searchResRef
+        for result in search_results:
+            if result['type'] is not 'searchResEntry':
+                continue
+            results.append(class_result(result['raw_attributes']))
+
+        return results
+
+    @staticmethod
+    def _ldap_connection_init(f):
+        def wrapper(*args, **kwargs):
+            instance = args[0]
+            queried_domain = kwargs.get('queried_domain', None)
+            ads_path = kwargs.get('ads_path', None)
+            ads_prefix = kwargs.get('ads_prefix', None)
+            if (not instance._ldap_connection) or \
+               (queried_domain != instance._queried_domain) or \
+               (ads_path != instance._ads_path) or \
+               (ads_prefix != instance._ads_prefix):
+                if instance._ldap_connection:
+                    instance._ldap_connection.unbind()
+                instance._create_ldap_connection(queried_domain=queried_domain,
+                                                 ads_path=ads_path, ads_prefix=ads_prefix)
+            return f(*args, **kwargs)
+        return wrapper
+
+    def __enter__(self):
+        self._create_ldap_connection()
+        return self
+
+    def __exit__(self, type, value, traceback):
+        try:
+            self._ldap_connection.unbind()
+        except AttributeError:
+            pass
+        self._ldap_connection = None
+
+class RPCRequester():
+    def __init__(self, target_computer, domain=str(), user=(), password=str(),
+                 lmhash=str(), nthash=str()):
+        self._target_computer = target_computer
+        self._domain = domain
+        self._user = user
+        self._password = password
+        self._lmhash = lmhash
+        self._nthash = nthash
+        self._pipe = None
+        self._rpc_connection = None
+        self._dcom = None
+        self._wmi_connection = None
+
+    def _create_rpc_connection(self, pipe):
+        # Here we build the DCE/RPC connection
+        self._pipe = pipe
+
+        binding_strings = dict()
+        binding_strings['srvsvc'] = srvs.MSRPC_UUID_SRVS
+        binding_strings['wkssvc'] = wkst.MSRPC_UUID_WKST
+        binding_strings['samr'] = samr.MSRPC_UUID_SAMR
+        binding_strings['svcctl'] = scmr.MSRPC_UUID_SCMR
+        binding_strings['drsuapi'] = drsuapi.MSRPC_UUID_DRSUAPI
+
+        # TODO: try to fallback to TCP/139 if tcp/445 is closed
+        if self._pipe == r'\drsuapi':
+            string_binding = epm.hept_map(self._target_computer, drsuapi.MSRPC_UUID_DRSUAPI,
+                                          protocol='ncacn_ip_tcp')
+            rpctransport = transport.DCERPCTransportFactory(string_binding)
+            rpctransport.set_credentials(username=self._user, password=self._password,
+                                         domain=self._domain, lmhash=self._lmhash,
+                                         nthash=self._nthash)
+        else:
+            rpctransport = transport.SMBTransport(self._target_computer, 445, self._pipe,
+                                                  username=self._user, password=self._password,
+                                                  domain=self._domain, lmhash=self._lmhash,
+                                                  nthash=self._nthash)
+
+        rpctransport.set_connect_timeout(10)
+        dce = rpctransport.get_dce_rpc()
+
+        if self._pipe == r'\drsuapi':
+            dce.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_PRIVACY)
+
+        try:
+            dce.connect()
+        except socket.error:
+            self._rpc_connection = None
+        else:
+            dce.bind(binding_strings[self._pipe[1:]])
+            self._rpc_connection = dce
+
+    def _create_wmi_connection(self, namespace='root\\cimv2'):
+        try:
+            self._dcom = DCOMConnection(self._target_computer, self._user, self._password,
+                                        self._domain, self._lmhash, self._nthash)
+        except DCERPCException:
+            self._dcom = None
+        else:
+            i_interface = self._dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,
+                                                        wmi.IID_IWbemLevel1Login)
+            i_wbem_level1_login = wmi.IWbemLevel1Login(i_interface)
+            self._wmi_connection = i_wbem_level1_login.NTLMLogin(ntpath.join('\\\\{}\\'.format(self._target_computer), namespace),
+                                                                 NULL, NULL)
+
+    @staticmethod
+    def _rpc_connection_init(pipe=r'\srvsvc'):
+        def decorator(f):
+            def wrapper(*args, **kwargs):
+                instance = args[0]
+                if (not instance._rpc_connection) or (pipe != instance._pipe):
+                    if instance._rpc_connection:
+                        instance._rpc_connection.disconnect()
+                    instance._create_rpc_connection(pipe=pipe)
+                if instance._rpc_connection is None:
+                    return None
+                return f(*args, **kwargs)
+            return wrapper
+        return decorator
+
+    @staticmethod
+    def _wmi_connection_init():
+        def decorator(f):
+            def wrapper(*args, **kwargs):
+                instance = args[0]
+                if not instance._wmi_connection:
+                    instance._create_wmi_connection()
+                if instance._dcom is None:
+                    return None
+                return f(*args, **kwargs)
+            return wrapper
+        return decorator
+
+    def __enter__(self):
+        # Picked because it's the most used by the net* functions
+        self._create_rpc_connection(r'\srvsvc')
+        return self
+
+    def __exit__(self, type, value, traceback):
+        try:
+            self._rpc_connection.disconnect()
+        except AttributeError:
+            pass
+        self._rpc_connection = None
+
+class LDAPRPCRequester(LDAPRequester, RPCRequester):
+    def __init__(self, target_computer, domain=str(), user=(), password=str(),
+                 lmhash=str(), nthash=str(), domain_controller=str()):
+        # If no domain controller was given, we assume that the user wants to
+        # target a domain controller to perform LDAP requests against
+        if not domain_controller:
+            domain_controller = target_computer
+        LDAPRequester.__init__(self, domain_controller, domain, user, password,
+                               lmhash, nthash)
+        RPCRequester.__init__(self, target_computer, domain, user, password,
+                               lmhash, nthash)
+    def __enter__(self):
+        try:
+            LDAPRequester.__enter__(self)
+        except (socket.error, IndexError):
+            pass
+        # This should work every time
+        RPCRequester.__enter__(self)
+
+        return self
+
+    def __exit__(self, type, value, traceback):
+        LDAPRequester.__exit__(self, type, value, traceback)
+        RPCRequester.__exit__(self, type, value, traceback)
+
diff --git a/pywerview/worker/__init__.py b/pywerview/worker/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/pywerview/worker/hunting.py b/pywerview/worker/hunting.py
new file mode 100644
index 0000000..e052204
--- /dev/null
+++ b/pywerview/worker/hunting.py
@@ -0,0 +1,159 @@
+# This file is part of PywerView.
+
+# PywerView is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# PywerView is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with PywerView.  If not, see <http://www.gnu.org/licenses/>.
+
+# Yannick Méheut [yannick (at) meheut (dot) org] - Copyright © 2021
+
+from multiprocessing import Process, Pipe
+
+from pywerview.functions.net import NetRequester
+from pywerview.functions.misc import Misc
+import pywerview.objects.rpcobjects as rpcobj
+
+class HunterWorker(Process):
+    def __init__(self, pipe, domain, user, password, lmhash, nthash):
+        Process.__init__(self)
+        self._pipe = pipe
+        self._domain = domain
+        self._user = user
+        self._password = password
+        self._lmhash = lmhash
+        self._nthash = nthash
+
+    def terminate(self):
+        self._pipe.close()
+        Process.terminate(self)
+
+    def run(self):
+        while True:
+            target_computer = self._pipe.recv()
+            result = self._hunt(target_computer)
+            self._pipe.send(result)
+
+class UserHunterWorker(HunterWorker):
+    def __init__(self, pipe, domain, user, password, lmhash, nthash, foreign_users,
+                 stealth, target_users, domain_short_name, check_access):
+        HunterWorker.__init__(self, pipe, domain, user, password, lmhash, nthash)
+        self._foreign_users = foreign_users
+        self._stealth = stealth
+        self._target_users = target_users
+        self._domain_short_name = domain_short_name
+        self._check_access = check_access
+
+    # TODO: test foreign user hunting
+    def _hunt(self, target_computer):
+        # TODO: implement ping of target
+        results = list()
+        # First, we get every distant session on the target computer
+        distant_sessions = list()
+        with NetRequester(target_computer, self._domain, self._user, self._password,
+                          self._lmhash, self._nthash) as net_requester:
+            if not self._foreign_users:
+                distant_sessions += net_requester.get_netsession()
+            if not self._stealth:
+                distant_sessions += net_requester.get_netloggedon()
+
+        # For every session, we get information on the remote user
+        for session in distant_sessions:
+            try:
+                username = session.sesi10_username
+                userdomain = str()
+                session_from = session.sesi10_cname
+                if session_from.startswith('\\'):
+                    session_from = session_from.lstrip('\\')
+            except AttributeError:
+                username = session.wkui1_username
+                userdomain = session.wkui1_logon_domain
+                session_from = str()
+
+            # If we found a user
+            if username:
+                # We see if it's in our target user group
+                for target_user in self._target_users:
+                    if target_user.membername.lower() in username.lower():
+
+                        # If we fall in this branch, we're looking for foreign users
+                        # and found a user in the same domain
+                        if self._domain_short_name and self._domain_short_name.lower() == userdomain.lower():
+                            continue
+
+                        attributes = dict()
+                        if userdomain:
+                            attributes['userdomain'] = userdomain
+                        else:
+                            attributes['userdomain'] = target_user.memberdomain
+                        attributes['username'] = username
+                        attributes['computername'] = target_computer
+                        attributes['sessionfrom'] = session_from
+
+                        if self._check_access:
+                            with Misc(target_computer, self._domain, self._user, self._password,
+                                              self._lmhash, self._nthash) as misc_requester:
+                                attributes['localadmin'] = misc_requester.invoke_checklocaladminaccess()
+                        else:
+                            attributes['localadmin'] = str()
+
+                        results.append(rpcobj.RPCObject(attributes))
+
+        return results
+
+class ProcessHunterWorker(HunterWorker):
+    def __init__(self, pipe, domain, user, password, lmhash, nthash, process_name,
+                 target_users):
+        HunterWorker.__init__(self, pipe, domain, user, password, lmhash, nthash)
+        self._process_name = process_name
+        self._target_users = target_users
+
+    def _hunt(self, target_computer):
+        results = list()
+
+        distant_processes = list()
+        with NetRequester(target_computer, self._domain, self._user, self._password,
+                          self._lmhash, self._nthash) as net_requester:
+            distant_processes = net_requester.get_netprocess()
+
+        for process in distant_processes:
+            if self._process_name:
+                for process_name in self._process_name:
+                    if process_name.lower() in process.processname.lower():
+                        results.append(process)
+            elif self._target_users:
+                for target_user in self._target_users:
+                    if target_user.membername.lower() in process.user.lower():
+                        results.append(process)
+
+        return results
+
+class EventHunterWorker(HunterWorker):
+    def __init__(self, pipe, domain, user, password, lmhash, nthash, search_days,
+                 target_users):
+        HunterWorker.__init__(self, pipe, domain, user, password, lmhash, nthash)
+        self._target_users = target_users
+        self._search_days = search_days
+
+    def _hunt(self, target_computer):
+        results = list()
+
+        distant_processes = list()
+        with NetRequester(target_computer, self._domain, self._user, self._password,
+                          self._lmhash, self._nthash) as net_requester:
+            distant_events = net_requester.get_userevent(date_start=self._search_days)
+
+        for event in distant_events:
+            if self._target_users:
+                for target_user in self._target_users:
+                    if target_user.membername.lower() in event.username.lower():
+                        results.append(event)
+
+        return results
diff --git a/requirements.txt b/requirements.txt
new file mode 100644
index 0000000..fbf5fbe
--- /dev/null
+++ b/requirements.txt
@@ -0,0 +1,2 @@
+impacket>=0.9.22
+bs4
diff --git a/setup.cfg b/setup.cfg
new file mode 100644
index 0000000..b88034e
--- /dev/null
+++ b/setup.cfg
@@ -0,0 +1,2 @@
+[metadata]
+description-file = README.md
diff --git a/setup.py b/setup.py
new file mode 100644
index 0000000..641b78e
--- /dev/null
+++ b/setup.py
@@ -0,0 +1,42 @@
+#!/usr/bin/env python3
+
+from setuptools import setup, find_packages
+
+try:
+    import pypandoc
+    long_description = pypandoc.convert('README.md', 'rst')
+except(IOError, ImportError):
+    long_description = open('README.md').read()
+
+setup(name='pywerview',
+    version='0.3.1',
+    description='A Python port of PowerSploit\'s PowerView',
+    long_description=long_description,
+    dependency_links = ['https://github.com/SecureAuthCorp/impacket/tarball/master#egg=impacket-0.9.22'],
+    classifiers=[
+        'Environment :: Console',
+        'License :: OSI Approved :: GNU General Public License v3 or later (GPLv3+)',
+        'Programming Language :: Python :: 3.6',
+        'Topic :: Security',
+    ],
+    keywords='python powersploit pentesting recon active directory windows',
+    url='https://github.com/the-useless-one/pywerview',
+    author='Yannick Méheut',
+    author_email='yannick@meheut.org',
+    license='GNU GPLv3',
+    packages=find_packages(include=[
+        "pywerview", "pywerview.*"
+    ]),
+    install_requires=[
+        'impacket>=0.9.22',
+        'pyasn1',
+        'pycrypto',
+        'pyopenssl',
+        'bs4',
+        'ldap3>=2.8.1'
+    ],
+    entry_points = {
+        'console_scripts': ['pywerview=pywerview.cli.main:main'],
+    },
+    zip_safe=False)
+