Skip to content

blue0x1/nimrm

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
nimrm.nim
nimrm.nim
 
 
nimrm.nimble
nimrm.nimble
 
 

Repository files navigation

nimrm

Release Downloads

Native WinRM shell client written in Nim

Version 1.0.0 · Author Chokri Hammedi (blue0x1) · License MIT

NTLM Kerberos PowerShell File Transfer In-Memory Helpers

nimrm

Legal Notice

nimrm is intended for lawful administration, security testing, and research on systems you own or have explicit permission to access. The author is not responsible for misuse or damage caused by this tool.

Table of Contents

Overview

nimrm provides a compact and fast WinRM shell with practical authentication, command execution, transfer, and reporting helpers. It is built as a native Nim binary with no Nim package dependencies.

Features

Area Support
Authentication NTLM password, NTLM hash, Kerberos via KRB5CCNAME
WinRM transport HTTP, HTTPS/TLS, custom port
Shell Interactive PowerShell, CMD prefix, one-shot command mode
Transfers File upload/download, recursive directory transfer
In-memory PowerShell script import, managed .NET assembly execution
Reporting AD/domain context, logging and auditing posture
Reliability Kerberos message wrapping, transport reset/retry handling

Requirements

Component Requirement
Build Nim >= 1.6.0
Kerberos libgssapi_krb5.so.2 on Linux or libgssapi_krb5.dylib on macOS
TLS build OpenSSL and -d:ssl
Target WinRM reachable on the selected port

Installation

Download the latest release:

curl -L -o nimrm https://github.com/blue0x1/nimrm/releases/latest/download/nimrm
chmod +x nimrm

Windows release binary:

Invoke-WebRequest -Uri https://github.com/blue0x1/nimrm/releases/latest/download/nimrm.exe -OutFile nimrm.exe

Debian package:

curl -L -o nimrm_1.0.0_amd64.deb https://github.com/blue0x1/nimrm/releases/latest/download/nimrm_1.0.0_amd64.deb
sudo dpkg -i nimrm_1.0.0_amd64.deb

Build from source:

git clone https://github.com/blue0x1/nimrm.git
cd nimrm
make linux

Build

make linux
make ssl
make windows

Manual build:

nim c -d:release --opt:speed -o:nimrm nimrm.nim

Performance

nimrm is designed to stay fast by using a native Nim binary, persistent WinRM runspace, chunked transfer logic, and compact progress rendering.

Operation Implementation
Upload Chunked Base64 writes with adaptive retry on large envelopes
Download Streamed Base64 chunks with progress tracking
Directory transfer Recursive file enumeration using the same chunked transfer path
Command execution Reuses the active WinRM shell/runspace instead of reconnecting per command

Usage

NTLM password:

./nimrm -T 192.168.1.10 -A 'CORP\administrator' -P 'Password123'

NTLM pass-the-hash:

./nimrm -T 192.168.1.10 -A 'CORP\user' -N aad3b435b51404eeaad3b435b51404ee:0123456789abcdef0123456789abcdef

Kerberos:

KRB5CCNAME=FILE:/tmp/user.ccache ./nimrm -k -T dc01.corp.local -Z CORP.LOCAL

Custom port:

./nimrm -T 192.168.1.10 -A 'CORP\user' -P 'Password123' -p 5985

One-shot command:

./nimrm -T 192.168.1.10 -A 'CORP\user' -P 'Password123' -c 'whoami'

Options

Option Description
-T, --target Target IP or hostname
-A, --account Username: user, user@domain, or DOMAIN\user
-P, --secret NTLM password
-p, --port WinRM port
-N, --nt-proof NT hash or LM:NT hash
-Z, --krb-zone Kerberos realm override
-K, --kerb-spn Kerberos SPN override
-k, --kerb Use Kerberos authentication
-c, --command Execute one command and exit
--tls Use HTTPS/TLS
-h, --help Show help

Interactive Commands

Command Description
/help Show help
exit, quit Close shell
!<cmd> Run through cmd.exe
upload <local> [remote] Upload one file
download <remote> [local] Download one file
upload-dir <local> [remote] Upload a directory
download-dir <remote> [local] Download a directory
invoke-script <ps1> [args] Import local PowerShell from memory
execute-assembly <exe> [args] Run managed .NET from memory
ad-info Show AD/domain context
opsec-check Show logging and auditing posture

Examples

PowerShell and CMD:

PS> hostname
PS> Get-Process
PS> !ipconfig /all

Transfers:

PS> upload ./tool.exe C:\Temp\tool.exe
PS> download C:\Temp\out.txt ./out.txt
PS> upload-dir ./payloads C:\Temp\payloads
PS> download-dir C:\Temp\logs ./logs

In-memory helpers:

PS> invoke-script ./AdminTools.ps1
PS> execute-assembly ./tool.exe arg1 arg2

Reporting:

PS> ad-info
PS> opsec-check

Notes

  • execute-assembly supports managed .NET assemblies only.
  • invoke-script imports into the current remote runspace.
  • ad-info and opsec-check are read-only reporting commands.
  • Some reporting data requires sufficient remote privileges.

License

MIT. See LICENSE.

About

Native Nim WinRM shell with NTLM, Kerberos, file transfer, in-memory helpers, and AD/OPSEC reporting

github.com/blue0x1/nimrm

Topics

windows nim powershell active-directory ntlm kerberos winrm red-team wsman remote-administration

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

v1.0.0 Latest
Apr 30, 2026

Packages

 
 
 

Contributors

Languages