Documentation Index
Fetch the complete documentation index at: https://mintlify.com/the-useless-one/pywerview/llms.txt
Use this file to discover all available pages before exploring further.
get-netdomain connects to the target Domain Controller over the \samr RPC pipe and enumerates the domain names registered in its SAM database. This gives you a fast, lightweight view of the domain names visible from the targeted DC — useful as an orientation step at the start of an engagement before diving into deeper LDAP enumeration. Because this command uses an RPC call rather than LDAP, it does not support certificate or simple-auth options; authenticate with a username/password, NTLM hash, or Kerberos ticket instead.
Global Flags
IP address of the Domain Controller to target.
Name of the domain used for authentication (e.g.
contoso.com).Username to authenticate with against the Domain Controller.
Password associated with the specified username.
NTLM hashes for pass-the-hash authentication. Format:
[LMHASH:]NTHASH.Use Kerberos authentication. Credentials are read from the
KRB5CCNAME ccache file; falls back to command-line credentials if no valid ticket is found.Force a TLS-encrypted connection to the Domain Controller.
Logging verbosity. Choices:
CRITICAL (default), WARNING, DEBUG, ULTRA.Print results in JSON format instead of the default tabular output.