Cowboy
TRUSTED VENDOR
- Joined
- Apr 18, 2024
- Messages
- 285
A fast and flexible NTLM reconnaissance tool without external dependencies. Useful to find out information about NTLM endpoints when working with a large set of potential IP addresses and domains.
NTLMRecon is built with flexibilty in mind. Need to run recon on a single URL, an IP address, an entire CIDR range or combination of all of it all put in a single input file? No problem! NTLMRecon got you covered. Read on.
Internal wordlists are from the awesome nyxgeek/lyncsmash repo
Overview
NTLMRecon looks for NTLM enabled web endpoints, sends a fake authentication request and enumerates the following information from the NTLMSSP response:
Installation
Arch
If you're on Arch Linux or any Arch linux based distribution, you can grab the latest build from AUR
Generic Installation
NTLMRecon is built with flexibilty in mind. Need to run recon on a single URL, an IP address, an entire CIDR range or combination of all of it all put in a single input file? No problem! NTLMRecon got you covered. Read on.
Internal wordlists are from the awesome nyxgeek/lyncsmash repo
Overview
NTLMRecon looks for NTLM enabled web endpoints, sends a fake authentication request and enumerates the following information from the NTLMSSP response:
- AD Domain Name
- Server name
- DNS Domain Name
- FQDN
- Parent DNS Domain
Installation
Arch
If you're on Arch Linux or any Arch linux based distribution, you can grab the latest build from AUR
Generic Installation
- Clone the repository - git clone https://github.com/sachinkamath/ntlmrecon/
- RECOMMENDED - Install virtualenv pip install virtualenv
- Start a new virtual environment - virtualenv venv and activate it with source venv/bin/activate
- Run the setup file - python setup.py install
- Run ntlmrecon - ntlmrecon --help
