Skip to content
Related Articles

Related Articles

NTLMRecon – Tool To Enumerate Information From NTLM Authentication Enabled Web Endpoints

Improve Article
Save Article
Like Article
  • Last Updated : 28 Nov, 2021

NTLMRecon is a free and open-source tool available on GitHub. This tool is used for the NTLM reconnaissance tool without the installation of dependencies. This tool is very useful for security researchers while reconnaissance about NTLM endpoints. The tool needs potential IP addresses and domains.  The tool can be used to run on a single URL, an IP address. We can put the entire CIDR range and also we can put it in a single file. While running NTLMRecon start finding NTLM enabled web endpoints after that it sends an unreal authentication request and start enumerating the following information –

  • NTLMRecon
  • FQDN
  • AD Domain Name
  • Server name
  • DNS Domain Name


Step 1: Use the following command to install the tool from GitHub. Use the second command to move into the directory of the tool.

git clone
cd ntlmrecon

Step 2: Now use the following command to install the dependencies of the tool.

python3 install

Step 3: Now use the following command to run the tool.

ntlmrecon -help

The tool is running successfully. Now we will see examples.


Example 1: Use the ntlmrecon tool to Recon on a single URL to find endpoints.

ntlmrecon --input --outfile ntlmrecon.csv

Example 2: Use the ntlmrecon tool to Recon on a CIDR range or IP address. 

ntlmrecon --input --outfile ntlmrecon-ranges.csv

My Personal Notes arrow_drop_up
Recommended Articles
Page :

Start Your Coding Journey Now!