NBTscan is an open source tool that has been used by state groups to conduct internal reconnaissance within a compromised network.[1][2][3][4]

ID: S0590
Type: TOOL
Platforms: Windows, Linux, macOS
Contributors: Daniyal Naeem, BT Security
Version: 1.0
Created: 17 March 2021
Last Modified: 24 April 2021

Techniques Used

Domain ID Name Use
Enterprise T1046 Network Service Discovery

NBTscan can be used to scan IP networks.[1][2]

Enterprise T1040 Network Sniffing

NBTscan can dump and print whole packet content.[1][2]

Enterprise T1018 Remote System Discovery

NBTscan can list NetBIOS computer names.[1][2]

Enterprise T1016 System Network Configuration Discovery

NBTscan can be used to collect MAC addresses.[1][2]

Enterprise T1033 System Owner/User Discovery

NBTscan can list active users on the system.[1][2]

Groups That Use This Software