exploiting-kerberoasting-with-impacket

by mukul975

exploiting-kerberoasting-with-impacket helps authorized testers plan Kerberoasting with Impacket GetUserSPNs.py, from SPN enumeration to TGS ticket extraction, offline cracking, and detection-aware reporting. Use this exploiting-kerberoasting-with-impacket guide for penetration testing workflows with clear install and usage context.

Stars6.2k

Favorites0

Comments0

AddedMay 11, 2026

CategoryPenetration Testing

Install Command

npx skills add mukul975/Anthropic-Cybersecurity-Skills --skill exploiting-kerberoasting-with-impacket

Curation Score

This skill scores 78/100, which means it is a solid listing candidate for Agent Skills Finder. The repository gives users enough real workflow content, Impacket command examples, and supporting references/scripts to justify installation if they need a Kerberoasting-focused red-team skill; however, it is more specialized than broadly turnkey, so users should expect a domain-specific tool rather than a general-purpose automation package.

78/100

Strengths

Frontmatter clearly states the technique, domain, and tags, making the trigger easy to identify for Kerberoasting tasks.
Substantive workflow content and code fences provide actionable Impacket usage, including enumeration, TGS request, and offline cracking steps.
Supporting scripts, references, and a report template improve agent leverage and give users detection/reporting context beyond a single prompt.

Cautions

No install command in SKILL.md, so users may need to infer environment setup for Impacket and prerequisites.
This is a red-teaming / credential-access skill, so it has a narrow authorized-testing use case and is not broadly applicable.

Impacket Kerberos Kerberoasting Active Directory Credential Access Service Accounts Ntlm Pass The Hash

Overview

Overview of exploiting-kerberoasting-with-impacket skill

What this skill is for

The exploiting-kerberoasting-with-impacket skill helps you plan and execute Kerberoasting in a controlled, authorized environment using Impacket’s GetUserSPNs.py. It is most useful for penetration testers, red teamers, and defenders validating detection logic who need a practical workflow for enumerating SPN accounts, requesting TGS tickets, and handing hashes off to offline cracking tools.

Why users install it

People install the exploiting-kerberoasting-with-impacket skill when they want more than a one-line command: they want a workflow that explains prerequisites, prioritization, output handling, and detection implications. The main job-to-be-done is to move from “I have domain access” to “I know which service accounts are roastable and how to assess impact” with fewer mistakes.

What makes it useful

This repository is oriented around active-directory credential-access tradecraft, not generic Kerberos theory. The strongest signals are the Impacket-focused path, the report template, and the supporting references for ATT&CK mapping and Windows event IDs. That makes the exploiting-kerberoasting-with-impacket guide more useful for real engagements than a bare prompt because it frames the attack, the output, and the likely defensive artifacts together.

How to Use exploiting-kerberoasting-with-impacket skill

Install the skill first

Use the exploiting-kerberoasting-with-impacket install flow in your skills manager, for example:
npx skills add mukul975/Anthropic-Cybersecurity-Skills --skill exploiting-kerberoasting-with-impacket

After install, start with SKILL.md, then read references/api-reference.md, references/workflows.md, and references/standards.md. Those files give you the command patterns, decision points, and detection context that matter most when you are using the exploiting-kerberoasting-with-impacket skill in practice.

Feed it the right input

The exploiting-kerberoasting-with-impacket usage works best when your prompt includes the domain, the credential type you have, the domain controller IP, and the output you need. Good input looks like: “I have low-priv domain credentials for corp.local, DC IP 10.10.10.1, and I need SPN enumeration plus a crackable hash output.” Weak input like “help me Kerberoast” forces the skill to guess too much.

Use a simple workflow

For exploiting-kerberoasting-with-impacket for Penetration Testing, follow the repository’s natural order: enumerate SPNs, identify high-value accounts, request tickets, crack offline, then validate impact. Use GetUserSPNs.py in list mode first if you need target selection, and only add -request -outputfile once you know which accounts are worth the noise. That separation reduces wasted requests and makes results easier to explain in a report.

Read these files first

If you want the fastest path to useful output, read assets/template.md for reporting structure and references/workflows.md for the attack sequence. Then check scripts/agent.py and scripts/process.py to understand what the skill automates and what it expects from log data. Those files are more decision-relevant than browsing the whole repository tree.

exploiting-kerberoasting-with-impacket skill FAQ

Is this only for offensive use?

No. The exploiting-kerberoasting-with-impacket skill is framed for authorized testing, but it is also useful for blue teams and detection engineers who need to understand how Kerberoasting appears in logs and how service-account exposure becomes risk.

Do I need a special environment?

You need valid domain credentials, network access to a domain controller, and Impacket available in your test environment. If you cannot run Linux-based tools or cannot reach LDAP/Kerberos services, the skill is a poor fit until those basics are in place.

Why not just use a generic prompt?

A generic prompt usually gives a command and stops there. This skill is better when you need the full operational context: how to choose targets, how to format outputs for cracking, what artifacts to expect, and how to map findings to ATT&CK and Windows security events.

Is it beginner-friendly?

It is beginner-friendly for practitioners who already know basic AD concepts, but not for someone learning Kerberos from zero. If you do not know what an SPN, TGS, or service account is, you should read the overview and references first so the exploiting-kerberoasting-with-impacket guide can be applied correctly.

How to Improve exploiting-kerberoasting-with-impacket skill

Give it better target context

The quality of the exploiting-kerberoasting-with-impacket usage improves when you specify domain naming, reachable DCs, known service accounts, and any constraints like “avoid noisy enumeration” or “need a report-ready result.” The skill can then prioritize whether it should focus on enumeration, request generation, or validation.

Include cracking constraints up front

If you want usable hashes, say what cracking resources you have: wordlists, GPU capacity, and whether you expect RC4 or AES tickets. That matters because the workflow and expected payoff differ by encryption type, and the repository’s references already distinguish hashcat modes and cracking paths.

Watch for common failure modes

The biggest mistakes are mixing enumeration and request steps too early, using vague credentials, and ignoring detection context. Another frequent failure is treating success as “hash extracted” instead of “account risk understood.” Stronger prompts ask for target prioritization, output formatting, and a short interpretation of what the result means.

Iterate from output to validation

After the first run, refine the request with what you learned: which SPNs exist, which accounts look privileged, which hashes are crackable, and which detections should have fired. That turns the exploiting-kerberoasting-with-impacket skill from a one-off attack helper into a repeatable assessment workflow with clearer findings and better reporting.

Ratings & Reviews

No ratings yet

Share your review

0/10000

Latest reviews

Saving...

more skill

exploiting-insecure-data-storage-in-mobile

by mukul975

The exploiting-insecure-data-storage-in-mobile skill helps assess and extract evidence from insecure local storage in Android and iOS apps. It covers SharedPreferences, SQLite databases, plist files, world-readable files, backup exposure, and weak keychain/keystore handling for mobile pentesting and Security Audit workflows.

Security Audit

Favorites 0GitHub 6.2k

exploiting-jwt-algorithm-confusion-attack

by mukul975

The exploiting-jwt-algorithm-confusion-attack skill helps Security Audit workflows test JWT algorithm confusion, including RS256-to-HS256 downgrades, alg:none bypasses, and kid/jku/x5u header tricks. It is backed by a practical guide, reference examples, and a script for repeatable validation.

Security Audit

Favorites 0GitHub 6.2k

exploiting-idor-vulnerabilities

by mukul975

exploiting-idor-vulnerabilities helps authorized security audits test Insecure Direct Object Reference flaws across APIs, web apps, and multi-tenant systems with cross-session checks, object mapping, and read/write verification.

Security Audit

Favorites 0GitHub 6.2k

exploiting-server-side-request-forgery

by mukul975

The exploiting-server-side-request-forgery skill helps assess SSRF-prone features in authorized web targets, including URL fetchers, webhooks, preview tools, and cloud metadata access. It provides a guided workflow for detection, bypass testing, internal service probing, and Security Audit validation.

Security Audit

Favorites 0GitHub 0

exploiting-race-condition-vulnerabilities

by mukul975

The exploiting-race-condition-vulnerabilities skill helps security auditors test web apps for TOCTOU flaws, duplicate transactions, and limit bypasses using Turbo Intruder-style concurrent requests. It includes install, workflow, and usage guidance for authorized assessments.

Security Audit

Favorites 0GitHub 0

exploiting-nopac-cve-2021-42278-42287

by mukul975

The exploiting-nopac-cve-2021-42278-42287 skill is a practical guide for assessing the noPac chain (CVE-2021-42278 and CVE-2021-42287) in Active Directory. It helps authorized red teamers and Security Audit users check prerequisites, review workflow files, and document exploitability with less guesswork.

Security Audit

Favorites 0GitHub 0

exploiting-constrained-delegation-abuse

by mukul975

The exploiting-constrained-delegation-abuse skill guides authorized Active Directory testing of Kerberos constrained delegation abuse. It covers enumeration, S4U2self and S4U2proxy ticket requests, and practical paths to lateral movement or privilege escalation. Use it when you need a repeatable guide for penetration testing, not a generic Kerberos overview.

Penetration Testing

Favorites 0GitHub 0

frontend-design

by anthropics

frontend-design helps you turn vague UI ideas into distinctive, production-grade interfaces with real frontend code, strong aesthetic direction, and less generic AI styling.

UI Design

Favorites 1GitHub 105.2k

create-colleague

by titanwings

create-colleague turns coworker docs, chats, emails, screenshots, Feishu, and DingTalk data into an editable AI skill with separate work and persona outputs, plus update flows for ongoing refinement.

Skill Authoring

Favorites 1GitHub 747

hyperframes

by heygen-com

hyperframes is a workflow skill for building HTML-based video compositions in HyperFrames. Use it for title cards, overlays, captions, voiceovers, audio-reactive motion, and scene transitions when you need structured, code-first hyperframes for Video Editing. It favors layout, timing, and animation decisions over generic prompt-only video requests.

Video Editing

Favorites 0GitHub 2.7k

kreuzberg

by kreuzberg-dev

The kreuzberg skill helps you install and use Kreuzberg for document extraction across 91+ formats, including PDFs, Office files, images, HTML, email, and archives. It covers Python, Node.js/TypeScript, Rust, and CLI workflows for OCR, tables, metadata, batch processing, and practical parsing guidance.

PDF Processing

Favorites 0GitHub 0

skill-creator

by anthropics

skill-creator is a Skill Authoring meta-skill for drafting new skills, revising existing SKILL.md files, running evals, comparing variants, and improving trigger descriptions with repository scripts and review tools.

Skill Authoring

Favorites 2GitHub 105.1k

azure-identity-py

by microsoft

azure-identity-py helps set up Azure authentication in Python with Microsoft Entra ID. Use it to choose DefaultAzureCredential, managed identity, or service principal auth, configure environment variables, and troubleshoot access control and credential chain issues. Install guidance, usage patterns, and practical setup notes are based on the repo skill file.

Access Control

Favorites 0GitHub 2.2k

claude-api

by anthropics

claude-api is a practical skill for installing and using the Claude API and Anthropic SDKs. It helps developers choose the right SDK or raw HTTP path, detect language-specific docs, and implement streaming, tool use, files, batches, and error handling with less guesswork.

API Development

Favorites 0GitHub 105k

wrangler

by cloudflare

The wrangler skill helps you find correct CLI commands, config shapes, and deployment steps for Cloudflare Workers. Use it for wrangler usage, wrangler install checks, and a practical wrangler guide when building or shipping Workers for Backend Development.

Backend Development

Favorites 0GitHub 1.3k

clickhouse-best-practices

by ClickHouse

clickhouse-best-practices is a ClickHouse best practices skill for Database Engineering. It guides schema design, query tuning, insert strategy, and agent connectivity with rule-based recommendations, making clickhouse-best-practices usage easier to trigger, review, and cite in ClickHouse workflows.

Database Engineering

Favorites 0GitHub 412