I made some small changes to the kerberos-get-realm script and have uploaded a version 0.2 of it. It’s available from the nmap-scripts page.
I created a new Nmap script today that attempts to discover the Kerberos realm and the server time. It does this by sending an incorrect AS-REQ request to the server. The Microsoft implementation of Kerberos responds with an error packet containing the correct Realm name. On systems with other implementation, the server time alone is returned. The script works against both TCP and UDP. It’s available for download at the dedicated nmap-scripts page over here.
I have just posted a new tool to the website called krbpwguess. It does exactly what the name suggests, guesses passwords against the Kerberos service. Visit the krbpwguess web page for more information.
I’ve just released a new security testing tool for Kerberos that allows you to guess valid user accounts against the KDC. More information is available under the KrbGuess page which can be found here.