NTLMRecon – Tool To Enumerate Information From NTLM Authentication Enabled Web Endpoints

NTLMRecon is a free and open-source tool available on GitHub. This tool is used for the NTLM reconnaissance tool without the installation of dependencies. This tool is very useful for security researchers while reconnaissance about NTLM endpoints. The tool needs potential IP addresses and domains.  The tool can be used to run on a single URL, an IP address. We can put the entire CIDR range and also we can put it in a single file. While running NTLMRecon start finding NTLM enabled web endpoints after that it sends an unreal authentication request and start enumerating the following information –

• NTLMRecon
• FQDN
• AD Domain Name
• Server name
• DNS Domain Name

Installation

Step 1: Use the following command to install the tool from GitHub. Use the second command to move into the directory of the tool.

git clone https://github.com/sachinkamath/ntlmrecon/
cd ntlmrecon

Step 2: Now use the following command to install the dependencies of the tool.

python3 setup.py install

Step 3: Now use the following command to run the tool.

ntlmrecon -help

The tool is running successfully. Now we will see examples.

Usage

Example 1: Use the ntlmrecon tool to Recon on a single URL to find endpoints.

ntlmrecon --input https://mail.contoso.com --outfile ntlmrecon.csv

Example 2: Use the ntlmrecon tool to Recon on a CIDR range or IP address. 

ntlmrecon --input 192.168.1.1/24 --outfile ntlmrecon-ranges.csv