Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/nyxgeek/ntlmscan
scan for NTLM directories
https://github.com/nyxgeek/ntlmscan
hacking ntlm ntlm-authentication pentest scanner windows
Last synced: about 1 month ago
JSON representation
scan for NTLM directories
- Host: GitHub
- URL: https://github.com/nyxgeek/ntlmscan
- Owner: nyxgeek
- Created: 2019-10-23T06:02:56.000Z (almost 5 years ago)
- Default Branch: master
- Last Pushed: 2023-05-24T05:11:27.000Z (over 1 year ago)
- Last Synced: 2024-04-12T23:54:58.400Z (5 months ago)
- Topics: hacking, ntlm, ntlm-authentication, pentest, scanner, windows
- Language: Python
- Size: 30.3 KB
- Stars: 340
- Watchers: 12
- Forks: 56
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - nyxgeek/ntlmscan - scan for NTLM directories (Python)
README
# ntlmscan
scan for NTLM directories
reliable targets are:
* OWA servers
* Skype for Business/Lync servers
* Autodiscover servers (autodiscover.domain.com and lyncdiscover.domain.com)
* ADFS servers
once identified, use nmap and the [http-ntlm-info](https://nmap.org/nsedoc/scripts/http-ntlm-info.html) script to extract internal domain/server information
```
usage: ntlmscan.py [-h] [--url URL] [--host HOST] [--hostfile HOSTFILE]
[--outfile OUTFILE] [--dictionary DICTIONARY]
optional arguments:
-h, --help show this help message and exit
--url URL full url path to test
--host HOST a single host to search for ntlm dirs on
--hostfile HOSTFILE file containing ips or hostnames to test
--outfile OUTFILE file to write results to
--dictionary DICTIONARY list of paths to test, default: paths.dict
--nmap run nmap with http-ntlm-info after testing (requires nmap)
--debug show request headers
```
Examples:
```
python3 ntlmscan.py --url https://autodiscover.domain.com/autodiscover
python3 ntlmscan.py --host autodiscover.domain.com
python3 ntlmscan.py --hostfile hosts.txt --dictionary big.txt
```
