Skip to main content
The show module allows you to display and export enumeration results collected by other SCCMHunter modules. This is essential for analyzing large datasets and creating reports from your SCCM assessment.
The show module is particularly useful for reviewing user and group results in larger environments where terminal output may be overwhelming.

Prerequisites

Requirements

  • Completed enumeration using the find module
  • Optional: Additional data from the smb module
  • Access to SCCMHunter’s local database

Command Syntax

python3 sccmhunter.py show [OPTIONS]

Display Options

FlagDescriptionUse Case
-siteserversShow Site Servers tableReview primary SCCM infrastructure
-mpsShow Management Points tableIdentify client communication endpoints
-usersShow SCCM related usersFind service accounts and privileged users
-computersShow SCCM related computersCatalog all SCCM-associated systems
-groupsShow SCCM related groupsDiscover security groups for escalation
-credsShow recovered credentialsReview extracted passwords and hashes
-allShow all enumeration resultsComplete overview of discovered assets
FlagDescriptionOutput Location
-jsonExport results in JSON format/root/.sccmhunter/logs/json/
-csvExport results in CSV format/root/.sccmhunter/logs/csvs/
-debugEnable verbose loggingTerminal with additional details
Export options work in combination with display options. You must specify what data to show (e.g., -siteservers) along with the export format (e.g., -csv).

Usage Examples

View all discovered SCCM site servers and their configurations
python3 sccmhunter.py show -siteservers
Expected Output:
[22:41:59] INFO     [+] Showing SiteServers Table
+----------------------+------------+-------+-----------------+--------------+---------------+----------+---------+
| Hostname             | SiteCode   | CAS   | SigningStatus   | SiteServer   | SMSProvider   | Config   | MSSQL   |
+======================+============+=======+=================+==============+===============+==========+=========+
| sccm2.internal.lab   | ABC        | False | False           | True         | True          | Active   | True    |
+----------------------+------------+-------+-----------------+--------------+---------------+----------+---------+
| active.internal.lab  | ACT        | False | False           | True         | True          | Active   | False   |
+----------------------+------------+-------+-----------------+--------------+---------------+----------+---------+
| sccm.internal.lab    | LAB        | False | False           | True         | True          | Active   | False   |
+----------------------+------------+-------+-----------------+--------------+---------------+----------+---------+
| passive.internal.lab | ACT        | False | False           | True         | True          | Passive  | True    |
+----------------------+------------+-------+-----------------+--------------+---------------+----------+---------+
| cas.internal.lab     | CAS        | True  | False           | True         | True          | Active   | True    |
+----------------------+------------+-------+-----------------+--------------+---------------+----------+---------+
Site servers with “CAS” marked as “True” are Central Administration Sites, which sit at the top of multi-site hierarchies.
Export site server data to both CSV and JSON formats for reporting
python3 sccmhunter.py show -siteservers -json -csv
Expected Output:
[22:43:19] INFO     [+] Showing SiteServers Table
[Table output as above...]
[22:43:19] INFO     [*] CSV files saved to /root/.sccmhunter/logs/csvs/
[22:43:19] INFO     [*] JSON files saved to /root/.sccmhunter/logs/json/
Exported files are automatically timestamped and organized by data type. This is particularly useful for generating reports or importing data into other analysis tools.
Display comprehensive results from all discovery modules
python3 sccmhunter.py show -all
Use Case: Get a complete overview of all discovered SCCM infrastructure, users, groups, and credentials in a single command.
Using -all can produce extensive output in large environments. Consider using export options to save results to files for easier analysis.
Examine SCCM-related security groups for privilege escalation opportunities
python3 sccmhunter.py show -groups -csv
Why This Matters: SCCM groups often contain high-privilege accounts and can reveal paths for lateral movement or privilege escalation.

Data Analysis Tips

Table Column Interpretation

Understanding the output format helps prioritize targets:
  • SiteCode: Identifies the SCCM site boundaries
  • SigningStatus: Indicates if client certificates are required (security control)
  • Config: Active vs Passive server states for redundancy planning
  • MSSQL: Servers hosting databases (high-value targets)

High-Priority Targets

  • Central Administration Sites (CAS)
  • Active site servers with MSSQL
  • Management Points (MP)
  • Servers with SMSProvider role

Export Locations

  • CSV Files: /root/.sccmhunter/logs/csvs/
  • JSON Files: /root/.sccmhunter/logs/json/
  • Log Files: /root/.sccmhunter/logs/

Next Steps

SMB Profiling

Deep dive into discovered infrastructure with service enumeration

HTTP Exploitation

Leverage Management Points for credential extraction