Security for everyone

NTLM Directories Scanner

Detect NTLM Directories using this tool.


Short Info



Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one




During an offensive security engagement it may not be a major vulnerability that leads to your end-goal, but a combination of lower severity findings compounded to make a larger impact. During a penetration test this can be used to identify internal naming conventions, determine end-of-life operating systems, and discover internal DNS names. To describe one potential use-case for this data, the domain suffix, found in the decoded response, is often required for password spraying attacks against Outlook web applications. Targeting OWA is a common technique used by hackers to identify valid domain credentials, and made possible through this exposure.

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture