# List all tables and their columns
r4t query --list
# Query all credential records
r4t query --table credentials
# Show only specific columns
r4t query --table users --columns sam,dn,enabled,last_logon
# Filter with a WHERE clause
r4t query --table users --query "sam LIKE '%admin%'"
# Filter for non-null passwords
r4t query --table credentials --not-null password
# Combine filters
r4t query --table credentials --not-null password,hash --limit 20
# Export to JSON
r4t query --table adcs_vulnerabilities --out vulns.json
# Export credentials to CSV
r4t query --table credentials --columns sam,domain,password,hash --out creds.csv
# Raw SQL query
r4t query --raw "SELECT sam, dn FROM users WHERE enabled = 1 AND admin_count = 1"
# Raw SQL with export
r4t query --raw "SELECT * FROM adcs_vulnerabilities WHERE esc_type = 'ESC1'" --out esc1.csv
# No row limit
r4t query --table users --limit 0 --out all-users.csv
