pwnfoo / ntlmrecon Goto Github PK

The tool currently can't handle wildcard and will continue to enumerate old endpoints. An ideal solution would be to make a request to an endpoint which does not exist and check if auth is enabled.

In iptools.IpRangeList, I can initialize the IpRange in the following way by providing a CIDR:
internalIP = iptools.IpRangeList('127.0.0.1/8')

But when I need to append a single IP in the IpRangeList, I'm unable to.
Is there some way I can fix this, cuz the module that I'm designing, works on a single IP.
As a result, it would be meaningless to send you a pull request without fixing this.

Hi,

I came across your work on GitHub and was impressed with your experience in blockchain projects. I'm reaching out about a potential collaboration opportunity for an NFT minting and staking project. If you're interested, I'd love to discuss further.

Best regards,
Aaron

Please contact me on:

Discord: terrasync
Skype: live:.cid.eb87d7833c0d9fa1
Email: [email protected]

Improve code cleanup and overall readability.

Some functions are a mess right now.

Connection breaks after enumeration of the endpoints, I guess this is related to the authentication attempt

Find below the error log:

Traceback (most recent call last):
File "/usr/local/lib/python3.8/dist-packages/urllib3/connectionpool.py", line 600, in urlopen
httplib_response = self._make_request(conn, method, url,
File "/usr/local/lib/python3.8/dist-packages/urllib3/connectionpool.py", line 387, in _make_request
six.raise_from(e, None)
File "", line 2, in raise_from
File "/usr/local/lib/python3.8/dist-packages/urllib3/connectionpool.py", line 383, in _make_request
httplib_response = conn.getresponse()
File "/usr/lib/python3.8/http/client.py", line 1322, in getresponse
response.begin()
File "/usr/lib/python3.8/http/client.py", line 303, in begin
version, status, reason = self._read_status()
File "/usr/lib/python3.8/http/client.py", line 264, in _read_status
line = str(self.fp.readline(_MAXLINE + 1), "iso-8859-1")
File "/usr/lib/python3.8/socket.py", line 669, in readinto
return self._sock.recv_into(b)
File "/usr/local/lib/python3.8/dist-packages/urllib3/contrib/pyopenssl.py", line 309, in recv_into
raise SocketError(str(e))
OSError: (104, 'ECONNRESET')

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/local/lib/python3.8/dist-packages/requests/adapters.py", line 439, in send
resp = conn.urlopen(
File "/usr/local/lib/python3.8/dist-packages/urllib3/connectionpool.py", line 666, in urlopen
return self.urlopen(method, url, body, headers, retries,
File "/usr/local/lib/python3.8/dist-packages/urllib3/connectionpool.py", line 666, in urlopen
return self.urlopen(method, url, body, headers, retries,
File "/usr/local/lib/python3.8/dist-packages/urllib3/connectionpool.py", line 666, in urlopen
return self.urlopen(method, url, body, headers, retries,
File "/usr/local/lib/python3.8/dist-packages/urllib3/connectionpool.py", line 640, in urlopen
retries = retries.increment(method, url, error=e, _pool=self,
File "/usr/local/lib/python3.8/dist-packages/urllib3/util/retry.py", line 399, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='xxx.xxx.xxx.xxx', port=443): Max retries exceeded with url: /Exchange/ (Caused by ProtocolError('Connection aborted.', OSError("(104, 'ECONNRESET')")))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/local/bin/ntlmrecon", line 8, in
sys.exit(main())
File "/usr/local/lib/python3.8/dist-packages/ntlmrecon/init.py", line 114, in main
results = pool.map(gather_ntlm_info, all_combos)
File "/usr/lib/python3.8/multiprocessing/pool.py", line 364, in map
return self._map_async(func, iterable, mapstar, chunksize).get()
File "/usr/lib/python3.8/multiprocessing/pool.py", line 768, in get
raise self._value
File "/usr/lib/python3.8/multiprocessing/pool.py", line 125, in worker
result = (True, func(*args, **kwds))
File "/usr/lib/python3.8/multiprocessing/pool.py", line 48, in mapstar
return list(map(*args))
File "/usr/local/lib/python3.8/dist-packages/ntlmrecon/ntlmutil.py", line 223, in gather_ntlm_info
auth_response = requests_retry_session().get(url, verify=False, headers=headers)
File "/usr/local/lib/python3.8/dist-packages/requests/sessions.py", line 543, in get
return self.request('GET', url, **kwargs)
File "/usr/local/lib/python3.8/dist-packages/requests/sessions.py", line 530, in request
resp = self.send(prep, **send_kwargs)
File "/usr/local/lib/python3.8/dist-packages/requests/sessions.py", line 643, in send
r = adapter.send(request, **kwargs)
File "/usr/local/lib/python3.8/dist-packages/requests/adapters.py", line 516, in send
raise ConnectionError(e, request=request)
requests.exceptions.ConnectionError: HTTPSConnectionPool(host='IPAddress:xxx.xxx.xxx.xxx', port=443): Max retries exceeded with url: /Exchange/ (Caused by ProtocolError('Connection aborted.', OSError("(104, 'ECONNRESET')")))

The tool currently send synchronous requests. This is obviously not the best solution and it waits for the response before proceeds to the next set of URLs.

asyncio based solution will be a good feature to have.

The tool currently can't detect the presence of a WAF and will end up blocking your IP. Running a tool such as wafw00f should help warn the user.

Can also work on a flag like --skip-waf to skip all hosts where a WAF is detected

The tool currently has the timestamp hardcoded. Will be good to add a flag to set a custom timeout, jitter, etc.