Documentation Index
Fetch the complete documentation index at: https://mintlify.com/the-useless-one/pywerview/llms.txt
Use this file to discover all available pages before exploring further.
get-netsession queries a target Windows machine via the NetSessionEnum RPC call to retrieve a list of all currently active SMB sessions. The results include the username of each connected client, the client’s IP address or hostname, session time, and idle time. This is particularly useful during lateral movement reconnaissance to discover which users are currently interacting with a specific host, potentially revealing privileged sessions worth targeting. Local credentials can be used in place of domain credentials.
Flags
IP address or hostname of the target Windows host to query for active sessions.
Name of the domain to authenticate with. Can be omitted when using local credentials.
Username for authentication. Accepts both domain and local accounts.
Password associated with the specified username.
NTLM hashes for pass-the-hash authentication. Format:
[LMHASH:]NTHASH. The LM portion can be omitted or replaced with the empty LM hash.Use Kerberos authentication. Reads credentials from the ccache file pointed to by
KRB5CCNAME. Falls back to the provided username and password if no valid ticket is found.Logging verbosity sent to stderr. Choices:
CRITICAL (default), WARNING, DEBUG, ULTRA.Print results as JSON instead of the default human-readable format.