Documentation Index
Fetch the complete documentation index at: https://mintlify.com/the-useless-one/pywerview/llms.txt
Use this file to discover all available pages before exploring further.
get-netloggedon issues a NetWkstaUserEnum RPC call to a target Windows machine to enumerate all users who are currently logged on interactively or via network sessions. The output includes the username and logon domain for each active session, covering both domain accounts and local accounts. This complements get-netsession — while get-netsession reveals remote SMB connections, get-netloggedon reveals interactive and locally-initiated sessions, making it invaluable for identifying high-value targets such as administrators working directly on a machine.
NetWkstaUserEnum requires at least a standard domain user account on the target; anonymous or unauthenticated access is not sufficient. On older Windows versions this call may be available to any authenticated user, but on hardened or modern systems it typically requires local administrator rights.Flags
IP address or hostname of the target Windows host to query for logged-on users.
Name of the domain to authenticate with. Can be omitted when using local credentials.
Username for authentication. Accepts both domain and local accounts.
Password associated with the specified username.
NTLM hashes for pass-the-hash authentication. Format:
[LMHASH:]NTHASH. The LM portion can be omitted or replaced with the empty LM hash.Use Kerberos authentication. Reads credentials from the ccache file pointed to by
KRB5CCNAME. Falls back to the provided username and password if no valid ticket is found.Logging verbosity sent to stderr. Choices:
CRITICAL (default), WARNING, DEBUG, ULTRA.Print results as JSON instead of the default human-readable format.