Need help with ntlmscan?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

nyxgeek
132 Stars 34 Forks 32 Commits 2 Opened issues

Description

scan for NTLM directories

Services available

!
?

Need anything else?

Contributors list

# 166,046
office3...
Shell
Python
brute-f...
22 commits
# 79,960
Python
Shell
Perl
entropy
5 commits
# 123,839
C
blackar...
kali-li...
web-app...
1 commit

ntlmscan

scan for NTLM directories

reliable targets are: * OWA servers * Skype for Business/Lync servers * Autodiscover servers (autodiscover.domain.com and lyncdiscover.domain.com) * ADFS servers

once identified, use nmap and the http-ntlm-info script to extract internal domain/server information

usage: ntlmscan.py [-h] [--url URL] [--host HOST] [--hostfile HOSTFILE]
                   [--outfile OUTFILE] [--dictionary DICTIONARY]

optional arguments: -h, --help show this help message and exit --url URL full url path to test --host HOST a single host to search for ntlm dirs on --hostfile HOSTFILE file containing ips or hostnames to test --outfile OUTFILE file to write results to --dictionary DICTIONARY list of paths to test, default: paths.dict --nmap run nmap with http-ntlm-info after testing (requires nmap) --debug show request headers

Examples: ``` python3 ntlmscan.py --url https://autodiscover.domain.com/autodiscover

python3 ntlmscan.py --host autodiscover.domain.com

python3 ntlmscan.py --hostfile hosts.txt --dictionary big.txt ```

Screenshot of usage

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.