Skip to content
This repository has been archived by the owner. It is now read-only.
No description or website provided.
Branch: master
Clone or download
Latest commit cf23bd1 Nov 30, 2018
Type Name Latest commit message Commit time
Failed to load latest commit information.
ntlm Fix errors in test failure messages. Jun 4, 2018
utils utils: make repo safe for "go build ./..." May 25, 2018
.gitignore Fix accidentally committed merge conflict May 31, 2018
License Changed license to BSD license Jul 26, 2013 Update Nov 30, 2018
go.mod go-ntlm: add go.mod May 25, 2018


This repository will be removed on December 14th and will no longer be maintained and ownership will also not be transferred. Please fork this repositiory if you wish to continue to use it.

NTLM Implementation for Go

This is a native implementation of NTLM for Go that was implemented using the Microsoft MS-NLMP documentation available at The library is currently in use and has been tested with connectionless NTLMv1 and v2 with and without extended session security.

Usage Notes

Currently the implementation only supports connectionless (datagram) oriented NTLM. We did not need connection oriented NTLM for our usage and so it is not implemented. However it should be extremely straightforward to implement connection oriented NTLM as all the operations required are present in the library. The major missing piece is the negotiation of capabilities between the client and the server, for our use we hardcoded a supported set of negotiation flags.

Sample Usage as NTLM Client

import ""

session, err = ntlm.CreateClientSession(ntlm.Version2, ntlm.ConnectionlessMode)

negotiate := session.GenerateNegotiateMessage()

<send negotiate to server>

challenge, err := ntlm.ParseChallengeMessage(challengeBytes)

authenticate := session.GenerateAuthenticateMessage()

<send authenticate message to server>

Sample Usage as NTLM Server

session, err := ntlm.CreateServerSession(ntlm.Version1, ntlm.ConnectionlessMode)

challenge := session.GenerateChallengeMessage()

<send challenge to client>

<receive authentication bytes>

auth, err := ntlm.ParseAuthenticateMessage(authenticateBytes)

Generating a message MAC

Once a session is created you can generate the Mac for a message using:

message := "this is some message to sign"
sequenceNumber := 100
signature, err := session.Mac([]byte(message), sequenceNumber)


Copyright Thomson Reuters Global Resources 2013 Apache License

You can’t perform that action at this time.