
NTLMRecon is built with flexibility in mind. Need to run recon on a single URL, an IP address, an entire CIDR range or combination of all of it all put in a single input file? No problem! NTLMRecon got you covered. Read on. A fast and flexible NTLM reconnaissance tool without external dependencies. Useful to find out information about NTLM endpoints when working with a large set of potential IP addresses and domains. TODO Implement aiohttp based solution for sending requests Integrate a spraying library Add other authentication schemes found to the output Automatic detection of autodiscover domains if the domain Overview of NTLMRecon NTLMRecon looks for NTLM enabled web endpoints, sends a fake authentication request and enumerates the following information from the NTLMSSP response: AD Domain Name Server name DNS Domain Name FQDN Parent DNS Domain Since NTLMRecon leverages a python implementation of NTLMSSP, it eliminates the overhead of....