express-ntlm - An express middleware to have basic NTLM-authentication in node.js.

  •        142

An express middleware to have basic NTLM-authentication in node.js. Upgrading from 1.0: The fields for username, domain and workstation have different names now: UserName, DomainName, Workstation.


async : ^0.9.0
underscore : ^1.7.0



Related Projects

Waffle - Enable drop-in Windows Single Sign On for popular Java web servers

  •    Java

WAFFLE is a native Windows Authentication Framework consisting of two C# and Java libraries that perform functions related to Windows authentication, supporting Negotiate, NTLM and Kerberos. Waffle also includes libraries that enable drop-in Windows Single Sign On for popular Java web servers, when running on Windows. While Waffle makes it ridiculously easy to do Windows Authentication in Java, on Windows, Waffle does not work on *nix(UNIX-like). Unlike many other implementations Waffle on Windows does not require any server-side Kerberos keytab setup, it's a drop-in solution.

NTLM auth module for Apache/Unix

  •    C

NTLM is a authentication method used by Microsoft IIS and Internet Explorer. This modules is implementing NTLM for Apache 1.3.9 and Apache 2.0.

Bad-Pdf - Steal Net-NTLM Hash using Bad-PDF

  •    Python

Bad-PDF create malicious PDF file to steal NTLM(NTLMv1/NTLMv2) Hashes from windows machines, it utilize vulnerability disclosed by checkpoint team to create the malicious PDF file. Bad-Pdf reads the NTLM hashes using Responder listener. This method work on all PDF readers(Any version) and java scripts are not required for this attack, most of the EDR/Endpoint solution fail to detect this attack.

express-jwt-permissions - :vertical_traffic_light: Express middleware for JWT permissions

  •    Javascript

Middleware that checks JWT tokens for permissions, recommended to be used in conjunction with express-jwt. This middleware assumes you already have a JWT authentication middleware such as express-jwt.

curl - A command line tool and library for transferring data with URL syntax, supporting HTTP, HTTPS, FTP, FTPS, GOPHER, TFTP, SCP, SFTP, SMB, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3, RTSP and RTMP

  •    C

curl is used in command lines or scripts to transfer data. It is also used in cars, television sets, routers, printers, audio equipment, mobile phones, tablets, settop boxes, media players and is the internet transfer backbone for thousands of software applications affecting billions of humans daily.

express-gateway - A microservices API Gateway built on top of ExpressJS

  •    Javascript

Express Gateway is an API Gateway that sits at the heart of any microservices architecture, regardless of what language or platform you're using. Express Gateway secures your microservices and exposes them through APIs using Node.js, ExpressJS and Express middleware. Developing microservices, orchestrating and managing them now can be done insanely fast all on one seamless platform without having to introduce additional infrastructure. Express Gateway is commerically supported LunchBadger. For more information about support plans please contact

connect-roles - Provides dynamic roles based authorisation for node.js connect and express servers.

  •    Javascript

Connect roles is designed to work with connect or express. It is an authorisation provider, not an authentication provider. It is designed to support context sensitive roles/abilities, through the use of middleware style authorisation strategies. If you're looking for an authentication system I suggest you check out passport.js, which works perfectly with this module.

permit - An unopinionated authentication library for building Node.js APIs.

  •    Javascript

An unopinionated authentication library for building Node.js APIs. Permit makes it easy to add an authentication layer to any Node.js API. It can be used with any of the popular server frameworks (eg. Express, Koa, Hapi, Fastify) and it can be used for any type of API (eg. REST, GraphQL, etc.) due to its simple, unopinionated design.

Invoke-TheHash - PowerShell Pass The Hash Utils

  •    PowerShell

Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.

ts-express-decorators - :triangular_ruler: A TypeScript Framework on top of Express

  •    TypeScript

Ts.ED is a framework on top of Express to write your application with TypeScript (or in ES6). It provides a lot of decorators to write your code. Important! TsExpressDecorators requires Node >= 6, Express >= 4, TypeScript >= 2.0 and the experimentalDecorators, emitDecoratorMetadata, types and lib compilation options in your tsconfig.json file.

NTLM Authorization Proxy Server

  •    Python

Opens up IIS Proxy Servers using NTLM to non-Microsoft browsers, etc

Internal-Monologue - Internal Monologue Attack: Retrieving NTLM Hashes without Touching LSASS

  •    CSharp

Mimikatz, developed by Benjamin Delpy (@gentilkiwi), is a well-regarded post-exploitation tool, which allows adversaries to extract plain text passwords, NTLM hashes and Kerberos tickets from memory, as well as perform attacks such as pass-the-hash, pass-the-ticket or build a golden ticket. Arguably, the primary use of Mimikatz is retrieving user credentials from LSASS process memory for use in post exploitation lateral movement. Recently, Microsoft has introduced Credential Guard in Windows 10 Enterprise and Windows Server 2016, which uses virtualization-based security to isolate secrets, and it is very effective in preventing Mimikatz from retrieving hashes directly from memory. Also, Mimikatz has become a prime target of most endpoint protection solutions, and they are very aggressive in their efforts to detect and prevent it. Although these efforts are bound to fail, they are increasingly becoming a nuisance.

tinyhttp - Mordern Express like Web Framework

  •    Typescript

tinyhttp is a modern Express-like web framework written in TypeScript and compiled to native ESM, that uses a bare minimum amount of dependencies trying to avoid legacy hell. It has Async middleware support and it is 2x faster than Express.

fullstack-apollo-react-express-boilerplate-project - 💥A sophisticated Apollo in React and Express boilerplate project

  •    Javascript

A full-fledged Apollo Server 2 with Apollo Client 2 starter project with React, Express and PostgreSQL. Since this boilerplate project is using PostgreSQL, you have to install it for your machine and get a database up and running. You find everything for the set up over here: Setup PostgreSQL with Sequelize in Express Tutorial. After you have created a database and a database user, you can fill out the environment variables in the server/.env file.

express-graphql - Create a GraphQL HTTP server with Express.

  •    Javascript

Create a GraphQL HTTP server with any HTTP web framework that supports connect styled middleware, including Connect itself, Express and Restify.Use .get or .post (or both) rather than .use to configure your route handler. If you want to show GraphiQL in the browser, set graphiql: true on your .get handler.

express-http-proxy - Proxy middleware for express/connect

  •    Javascript

Express middleware to proxy request to another host and pass response back to original caller. Proxy requests and user responses are piped/streamed/chunked by default.

express-stormpath - Build simple, secure web applications with Stormpath and Express!

  •    Javascript

We are incredibly excited to announce that Stormpath is joining forces with Okta. Please visit the Migration FAQs for a detailed look at what this means for Stormpath users. We're available to answer all questions at

We have large collection of open source products. Follow the tags from Tag Cloud >>

Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.