Ntlmscan
scan for NTLM directories
Install / Use
/learn @nyxgeek/NtlmscanREADME
ntlmscan
scan for NTLM directories
reliable targets are:
- OWA servers
- Skype for Business/Lync servers
- Autodiscover servers (autodiscover.domain.com and lyncdiscover.domain.com)
- ADFS servers
once identified, use nmap and the http-ntlm-info script to extract internal domain/server information
usage: ntlmscan.py [-h] [--url URL] [--host HOST] [--hostfile HOSTFILE]
[--outfile OUTFILE] [--dictionary DICTIONARY]
optional arguments:
-h, --help show this help message and exit
--url URL full url path to test
--host HOST a single host to search for ntlm dirs on
--hostfile HOSTFILE file containing ips or hostnames to test
--outfile OUTFILE file to write results to
--dictionary DICTIONARY list of paths to test, default: paths.dict
--nmap run nmap with http-ntlm-info after testing (requires nmap)
--debug show request headers
Examples:
python3 ntlmscan.py --url https://autodiscover.domain.com/autodiscover
python3 ntlmscan.py --host autodiscover.domain.com
python3 ntlmscan.py --hostfile hosts.txt --dictionary big.txt
Related Skills
node-connect
342.5kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
frontend-design
85.3kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
openai-whisper-api
342.5kTranscribe audio via OpenAI Audio Transcriptions API (Whisper).
qqbot-media
342.5kQQBot 富媒体收发能力。使用 <qqmedia> 标签,系统根据文件扩展名自动识别类型(图片/语音/视频/文件)。
