Description
NTLM-enabled web endpoints can be enumerated to gather authentication and server details during authorized assessments. This helps defenders understand exposed Windows-integrated authentication surfaces before attackers do.
Use only against systems you are allowed to test. Enumeration can reveal domain, host, or authentication details and may trigger security monitoring.