Enumeration tools

This is a selection of enumeration tools you may wish to install in your MIS Lab  VM machine in order to do the course assignments. Some of these tools are NOT safe to install in your home PCs. You should be very careful in using these tools outside of the VM and Lab. Network administrators do not take lightly the probing of their networks and may respond aggressively to your attempts to gain information about them by using some of these tools. Please note that I am emphasizing Windows tools, but we will see Linux/UNIX tools later.

I suggest you create a directory C:\security  and install your tools there. Some are graphical, while others only run at the command prompt with admin privileges.

  1. DumpSec

    Download DumpSec from its web site. Extract it using Explorer and install it  and place a shotcut in the desktop. Right-click on the shortcut and select run as admin. DumpSec is a graphical tool which allows you to dump the permissions (DACLs) and audit settings (SACLs) for the file system, registry, printers and shares in a concise, readable listbox format, so that holes in system security are readily apparent. DumpSec also dumps user, group and replication information. You click on the Report tab, Select Computer (enter IP number) and select what items you want in the report. You receive an output as in this example. Right-click 

  2. GetAcct

    Download GetAcct from wthis site. Extract it using Explorer and install it . GetAcct sidesteps "RestrictAnonymous=1" and acquires account information on Windows. See this page for more information.

  3. NBTscan

    Start by downloading NBTscan from this Web site. Create a directory to extract NBTscan, e.g. security\nbtscan and extract the files as shown in this example. This tool is used at the command prompt. The uses of NBTscan are shown here.

  4. Nat

    Download Nat from its ftp location. Create a directory to extract Nat, e.g. security\nat and extract the files in this directory. This tool is used at the command prompt, as shown in class. More detail on its use is available here.

  5. NBTDump

    Download NBTDump from here.  Create a directory to extract nbtdump, e.g. security\nbtdump and save the file in this directory (it is uncompressed). NBTdump lists NetBIOS information from Windows and *NIX Samba servers such as shares, user accounts with comments etc and the password policy as shown in this example.

  6. ShareEnum

    Download ShareEnum  from Microsoft SysInternals  here  .  ShareEnum  uses NetBIOS enumeration to scan all the computers within the domains accessible to it, showing file and print shares and their security settings as sown in this example.

  7. NBTEnum

    Download NBTEnum from here. Create a directory to extract Enum, e.g. security\NBTEnum and extract the files in this directory. NBTEnum is a command prompt Win32 information enumeration utility. Using null sessions, NBTEnum can retrieve userlists, machine lists, sharelists, namelists, group and member lists, password and LSA policy information. This tool is used at the command prompt and the output is an HTML file. Information on its use is shown here.

  8. Sid2user and user2sid

    Download these tools from this site. User2sid and Sid2user are two small utilities for Windows  that allow the administrator to query the SAM to find out a SID value for a given account name and vice versa. User2sid.exe can retrieve a SID from the SAM (Security Accounts Manager) from the local or a remote machine and Sid2user.exe can then be used to retrieve the names of all the user accounts and more. See their sintax here.  For more details read this page.

  9. Cain and Abel

    Download Cain and Abel  from its home page. You will need to download  Winpcap 4.1.3 for Windows 10 and select DNS, DNS suffix for it to work. You may wish to see this youtube video to install and basic usage. Please use their detailed User Manual to learn how to do  Network enumeration and too many other functions to list here. We will see and use  it again as a penetration tool, including password cracking, etc, in a future class.  

  10. Netcat

    Download Netcat from this location. Create a directory to extract Netcat, e.g. security\netcat and extract the files in this directory. The password is nc. In the simplest usage, "nc host port" creates a TCP connection to the given port on the given target host. Your standard input is then sent to the host, and anything that comes back across the connection is sent to your standard output. This tool is used at the command prompt, and more detail on its use is shown here.

This page is maintained by Al Bento who can be reached at abento@ubalt.edu. This page was last updated on August 20, 2017. Although we will attempt to keep this information accurate, we can not guarantee the accuracy of the information provided.