scapy icon indicating copy to clipboard operation
scapy copied to clipboard
verified publisher icon secdev

Windows: add Kerberos PKINIT, Netlogon's Kerberos secure channel, better NTLM variants

Open gpotter2 opened this issue 1 month ago • 1 comments

  • add CMS signing / check
  • refactor (a lot) scapy/layers/tls/cert.py add add documentation
    • Chain wasn't as useful as it could be. We now have a CertTree class that serves as a certificate store (think like Windows), and properly links certificates against their issuer, to a list of root CAs
    • getchain() allows to find a chain of certificates towards one
    • verify() says if a certificate can be verified against the store
  • support PKINIT in Kerberos
  • Load KRB5CCNAME in SPNEGO.from_cli_arguments
  • fix Kerberos handling in DCE/RPC passive sniffing
  • improve Kerberos handling of the "DELEGATION"-related structures
  • Improve DCE/RPC context handling (keeps the context IDs when re-binding to the same interface, etc.)
  • Add support for Kerberos secure channels in MS-NRPC
  • Add the ability to chose between WindowsNT, Windows2000 and Windows2003+ variants of NTLM when building packets
  • add an ability to NOT send channel bindings in HTTP

gpotter2 avatar Nov 26 '25 18:11 gpotter2

Codecov Report

:x: Patch coverage is 66.04803% with 311 lines in your changes missing coverage. Please review. :white_check_mark: Project coverage is 80.81%. Comparing base (e73137e) to head (ed7f1f1).

Files with missing lines Patch % Lines
scapy/layers/kerberos.py 28.57% 130 Missing :warning:
scapy/layers/tls/cert.py 77.88% 48 Missing :warning:
scapy/layers/msrpce/msnrpc.py 19.60% 41 Missing :warning:
scapy/layers/ntlm.py 67.92% 34 Missing :warning:
scapy/layers/spnego.py 87.44% 28 Missing :warning:
scapy/layers/msrpce/rpcclient.py 50.00% 24 Missing :warning:
scapy/layers/gssapi.py 87.50% 2 Missing :warning:
scapy/libs/rfc3961.py 81.81% 2 Missing :warning:
scapy/asn1fields.py 88.88% 1 Missing :warning:
scapy/layers/smb2.py 66.66% 1 Missing :warning:
Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #4879      +/-   ##
==========================================
- Coverage   80.86%   80.81%   -0.05%     
==========================================
  Files         368      368              
  Lines       90271    90636     +365     
==========================================
+ Hits        72996    73250     +254     
- Misses      17275    17386     +111
Files with missing lines Coverage Δ
scapy/asn1/mib.py 91.66% <100.00%> (+0.05%) :arrow_up:
scapy/layers/dcerpc.py 90.10% <100.00%> (+0.04%) :arrow_up:
scapy/layers/http.py 83.68% <100.00%> (+0.02%) :arrow_up:
scapy/layers/ldap.py 67.11% <ø> (+0.12%) :arrow_up:
scapy/layers/msrpce/rpcserver.py 89.14% <ø> (ø)
scapy/layers/smb.py 76.70% <ø> (-0.36%) :arrow_down:
scapy/layers/smbclient.py 73.05% <100.00%> (ø)
scapy/layers/smbserver.py 72.78% <ø> (ø)
scapy/layers/x509.py 97.95% <100.00%> (+0.39%) :arrow_up:
scapy/modules/ticketer.py 41.64% <100.00%> (+0.49%) :arrow_up:
... and 10 more

... and 6 files with indirect coverage changes

:rocket: New features to boost your workflow:
  • :snowflake: Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

codecov[bot] avatar Nov 26 '25 18:11 codecov[bot]