Enumeration tools

This is a selection of enumeration tools you may wish to install in your MIS Lab machine in order to do the course assignments. You should be very careful in using these tools outside of the Lab. Network administrators do not take lightly the probing of their networks and may respond aggressively to your attempts to gain information about them by using some of these tools. Please note that I am emphasizing Windows NT/2K tools, but we will see Linux/UNIX tools later.


  1. NBTscan

    Start by downloading NBTscan from this Web site. Create a directory to extract NBTscan, e.g. security\nbtscan and extract the files as shown in this example. This tools is used at the command prompt. The uses of NBTscan are shown here.

  2. DumpSec

    Download DumpSec from its web site. Create a directory to extract DumpSec, e.g. security\dumpsec and extract the files in this directory. DumpSec is a graphical tool which allows you to dump the permissions (DACLs) and audit settings (SACLs) for the file system, registry, printers and shares in a concise, readable listbox format, so that holes in system security are readily apparent. DumpSec also dumps user, group and replication information. You click on the Report tab, Select Computer (enter IP number) and select what items you want in the report. You receive an output as in this example.

  3. Legion

    Download Legion from its archive location and install it (it has a Windows install/setup program). Legion let you scan IP ranges or lists for shares, as shown in class. Once you obtain the IP block of the target organization, you use Legion to look for shared resources: files, directories, printers, etc.
  4. Nat

    Download Nat from its ftp location. Create a directory to extract Nat, e.g. security\nat and extract the files in this directory. This tool is used at the command prompt, as shown in class. More detail on its use is available here.
  5. SMBScanner

    Download SMBScanner from this Web site. Create a directory to extract SMBScanner, e.g. security\SMBScanner and extract the files in this directory. SMBScanner allows you to check for Microsoft SMB (SAMBA) shares in a range of IP addresses. It is a graphical tool and has an on-line help.
  6. NBTDump

    Download NBTDump from its Web site. Create a directory to extract nbtdump, e.g. security\nbtdump and save the file in this directory (it is uncompressed). NBTdump lists NetBIOS information from Windows NT, Windows 2000 and *NIX Samba servers such as shares, user accounts with comments etc and the password policy as shown in this example.

  7. Enum

    Download Enum from its Web site. Create a directory to extract Enum, e.g. security\enum and extract the files in this directory. In the download rename the file from enum.tar.gz (a valid name in UNIX but not in Windows) to enumtar.gz and uncompress it. You are not done yet: you will have a file enumtar which you should rename to enum.tar and uncompress it a second time, when enum.exe and other files will be created. Enum is a console-based Win32 information enumeration utility. Using null sessions, enum can retrieve userlists, machine lists, sharelists, namelists, group and member lists, password and LSA policy information. enum is also capable of a rudimentary brute force dictionary attack on individual accounts. This tool is used at the command prompt, and more detail on its use is shown here.

  8. Netcat

    Download Netcat from its Web site. Create a directory to extract Netcat, e.g. security\netcat and extract the files in this directory. In the simplest usage, "nc host port" creates a TCP connection to the given port on the given target host. Your standard input is then sent to the host, and anything that comes back across the connection is sent to your standard output. This tool is used at the command prompt, and more detail on its use is shown here.


This page is maintained by Al Bento who can be reached at abento@ubalt.edu. This page was last updated on February 8 , 2005. Although we will attempt to keep this information accurate, we can not guarantee the accuracy of the information provided.