hunt-ntlm-info
CommunityRecon NTLM leaks for faster security triage.
System Documentation
What problem does it solve?
It helps investigators identify and extract sensitive NTLM/Negotiate information disclosures from internet-reachable enterprise web services so they can prioritize real risk and reporting.
Core Features & Use Cases
- Header and challenge detection: Detects whether endpoints anonymously advertise NTLM/Negotiate via WWW-Authenticate responses.
- NTLM Type-2 capture & AV_PAIRS decoding: Sends an anonymous NTLM Type-1 probe, captures the returned Type-2 challenge, and decodes AV_PAIRS to recover NetBIOS/DNS names and AD forest topology cues.
- Environment severity context: Helps distinguish informational intranet-only disclosures from internet-exposed leaks that materially accelerate follow-on attack chaining (e.g., recon for auth attacks).
Use Case Example: When testing an internet-facing IIS/SharePoint/Exchange endpoint, run this skill to extract DNS Tree Name and server hostname from NTLM Type-2 challenge data and include it as evidence of AD topology disclosure.
Quick Start
Use the skill to probe an endpoint you can reach (e.g., a SharePoint REST path) and decode the returned NTLM Type-2 AV_PAIRS to extract internal domain and forest indicators.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: hunt-ntlm-info Download link: https://github.com/Carlos-Reyes-UTP/Desarrollo-de-Sistema-de-Ventas-Empresas-de-Moda/archive/main.zip#hunt-ntlm-info Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.