Packages and Binaries:

cntlm

Cntlm is a fast and efficient NTLM proxy, with support for TCP/IP tunneling, authenticated connection caching, ACLs, proper daemon logging and behaviour and much more. It has up to ten times faster responses than similar NTLM proxies, while using by orders or magnitude less RAM and CPU. Manual page contains detailed information.

Installed size: 695 KB
How to install: sudo apt install cntlm

Dependencies:
  • adduser
  • init-system-helpers
  • libc6
cntlm

Authenticating HTTP(S) proxy with TCP/IP tunneling and acceleration

root@kali:~# cntlm -h
CNTLM - Accelerating NTLM Authentication Proxy version 0.94.0
Copyright (c) 2oo7-2o1o David Kubicek

This program comes with NO WARRANTY, to the extent permitted by law. You
may redistribute copies of it under the terms of the GNU GPL Version 2 or
newer. For more information about these matters, see the file LICENSE.
For copyright holders of included encryption routines see headers.

Usage: cntlm [-AaBcDdFfGgHhILlMNOPpqRrSsTUuvwXx] <proxy_host>[:]<proxy_port> ...
	-A  <address>[/<net>]
	    ACL allow rule. IP or hostname, net must be a number (CIDR notation)
	-a  ntlm | nt | lm
	    Authentication type - combined NTLM, just LM, or just NT. Default NTLM.
	    NTLM is the most versatile setting and likely to work for you.
	-B  Enable NTLM-to-basic authentication.
	-c  <config_file>
	    Configuration file. Other arguments can be used as well, overriding
	    config file settings.
	-D  <address>[/<net>]
	    ACL deny rule. Syntax same as -A.
	-d  <domain>
	    Domain/workgroup can be set separately.
	-F  <flags>
	    NTLM authentication flags.
	-f  Run in foreground, do not fork into daemon mode.
	-G  <pattern>
	    User-Agent matching for the trans-isa-scan plugin.
	-g  Gateway mode - listen on all interfaces, not only loopback.
	-H  Print password hashes for use in config file (NTLMv2 needs -u and -d).
	-h  Print this help info along with version number.
	-I  Prompt for the password interactively.
	-L  [<saddr>:]<lport>:<rhost>:<rport>
	    Forwarding/tunneling a la OpenSSH. Same syntax - listen on lport
	    and forward all connections through the proxy to rhost:rport.
	    Can be used for direct tunneling without corkscrew, etc.
	-l  [<saddr>:]<lport>
	    Main listening port for the NTLM proxy.
	-M  <testurl>
	    Magic autodetection of proxy's NTLM dialect.
	-N  "<hostname_wildcard1>[, <hostname_wildcardN>"
	    List of URL's to serve directly as stand-alone proxy (e.g. '*.local')
	-O  [<saddr>:]<lport>
	    Enable SOCKS5 proxy on port lport (binding to address saddr)
	-P  <pidfile>
	    Create a PID file upon successful start.
	-p  <password>
	    Account password. Will not be visible in "ps", /proc, etc.
	-q  Sets the Syslog logging level to DEBUG (default level is INFO).
	-R  <username>:<password>
	    Enable authorization for SOCKS5 proxy, when enabled.
	    It can be used several times, to create a whole list of accounts.
	-r  "HeaderName: value"
	    Add a header substitution. All such headers will be added/replaced
	    in the client's requests.
	-S  <size_in_kb>
	    Enable automation of GFI WebMonitor ISA scanner for files < size_in_kb.
	-s  Do not use threads, serialize all requests - for debugging only.
	-T  <file.log>
	    Redirect all debug information into a trace file for support upload.
	    MUST be the first argument on the command line, implies -v.
	-U  <uid>
	    Run as uid. It is an important security measure not to run as root.
	-u  <user>[@<domain]
	    Domain/workgroup can be set separately.
	-v  Print debugging information.
	-w  <workstation>
	    Some proxies require correct NetBIOS hostname.
	-x  <PAC_file>
	    Specify a PAC file to load.
	-X  <sspi_handle_type>
	    Use SSPI with specified handle type. Works only under Windows.
	    Default is negotiate.


Updated on: 2025-Nov-18