From 8543e7d151fb2e33e48d4d4de08879c164139d22 Mon Sep 17 00:00:00 2001
From: gpotter2 <10530980+gpotter2@users.noreply.github.com>
Date: Sun, 21 Sep 2025 00:10:18 +0200
Subject: [PATCH] SPNEGO.from_cli_arguments: don't ask for password when
 unrequired

---
 scapy/layers/spnego.py | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/scapy/layers/spnego.py b/scapy/layers/spnego.py
index 75ee2202416..3afb73268ed 100644
--- a/scapy/layers/spnego.py
+++ b/scapy/layers/spnego.py
@@ -669,6 +669,7 @@ def from_cli_arguments(
             if not valid_ip(target):
                 hostname = target
             target = str(Net(target))
+
         # Check UPN
         try:
             _, realm = _parse_upn(UPN)
@@ -678,12 +679,23 @@ def from_cli_arguments(
         except ValueError:
             # not a UPN: NTLM only
             kerberos = False
+
         # Do we need to ask the password?
-        if HashNt is None and password is None and ST is None:
+        if all(
+            x is None
+            for x in [
+                ST,
+                password,
+                HashNt,
+                HashAes256Sha96,
+                HashAes128Sha96,
+            ]
+        ):
             # yes.
             from prompt_toolkit import prompt
 
             password = prompt("Password: ", is_password=True)
+
         ssps = []
         # Kerberos
         if kerberos and hostname:
@@ -731,11 +743,13 @@ def from_cli_arguments(
                 "Kerberos required but domain not specified in the UPN, "
                 "or target isn't a hostname !"
             )
+
         # NTLM
         if not kerberos_required:
             if HashNt is None and password is not None:
                 HashNt = MD4le(password)
             ssps.append(NTLMSSP(UPN=UPN, HASHNT=HashNt))
+
         # Build the SSP
         return cls(ssps)