RelayInformer

A tool to check if Extended Protection for Authentication (EPA) is configured to protect the target service against NTLM relays.

Install RelayInformer

# Install uv
curl -LsSf https://astral.sh/uv/install.sh | sh

# Install RelayInformer
git clone https://github.com/zyn3rgy/RelayInformer
cd RelayInformer/Python
uv sync

LDAP(S)

# For LDAP implementations without encryption
uv run relayinformer ldap --dc-ip <DC-IP> -u <USERNAME> -p '<PASSWORD>'

# For LDAPS
uv run relayinformer ldap --method LDAPS --dc-ip <DC-IP> -u <USERNAME> -p '<PASSWORD>'

MSSQL

# With a password
uv run relayinformer mssql --target <MSSQL-server> --user '<FQDN>/<USERNAME>' --password <PASSWORD>

# With an NTLM hash
uv run relayinformer mssql --target <MSSQL-server> --user '<FQDN>/<USERNAME>' --hashes :<NTLM-HASH>

HTTP(S) ADCS Web Enrollment Service

uv run relayinformer http --url http(s)://<CA-FQDN/certsrv/ --user '<FQDN>/<USERNAME>' --password <PASSWORD>

PreviousWebDAV WebClient NextSCCM

Last updated 23 days ago