NetExec v1.1 releases: network service exploitation tool

NetExec – The Network Execution Tool

This project was initially created in 2015 by @byt3bl33d3r, known as CrackMapExec. In 2019 @mpgn_x64 started maintaining the project for the next 4 years, adding a lot of great tools and features. In September 2023 he retired from maintaining the project.

Along with many other contributors, we (NeffIsBack, Marshall-Hallenbeck, and zblurx) developed new features, and bug fixes, and helped maintain the original project CrackMapExec. During this time, with both a private and public repository, community contributions were not easily merged into the project. The 6-8 month discrepancy between the code bases caused many development issues and heavily reduced community-driven development. With the end of mpgn’s maintainer role, we (the remaining most active contributors) decided to maintain the project together as a fully free and open source project under the new name NetExec 🚀 Going forward, our intent is to maintain a community-driven and maintained project with regular updates for everyone to use.

NetExec (a.k.a nxc) is a network service exploitation tool that helps automate assessing the security of large networks.

Available protocols

• smb
• ssh
• ldap
• ftp
• wmi
• winrm
• rdp
• vnc
• mssql

Changelog v1.1

• Fix #48 tries to falsly add creds to bloodhound using –laps by @NeffIsBack in #49
• Bump urllib3 from 2.0.4 to 2.0.6 by @dependabot in #53
• Update enum_av.py by @bongobongoland in #58
• Create schtask.py by @Dfte in #54
  • Add the schtask module that can be used to impersonate loggedon users and run commands on their behalf.
• Add ascii art to cli by @NeffIsBack in #57
  • courtesy of @bongobongoland!
• [nanodump] fix error with temporary path by @XiaoliChan in #67
• Update dependencies (including impacket fork) for v1.1.0 by @Marshall-Hallenbeck in #30
• Bump urllib3 from 2.0.6 to 2.0.7 by @dependabot in #77
• mpgn is back 🎉 by @NeffIsBack in #80
• Update README.md by @mishrasamiksha in #83
• Enhancing the FTP protocol by @RomanRII in #40
• Add module sorting by @NeffIsBack in #74
• [ssh] improvement by @XiaoliChan in #25
  • [ssh.py]: less create ssh connect, keep doing set credential via paramiko transport
  • [ssh.py]: rewrite enum_host_info function
  • [ssh.py]: fix hanging, old one will never exit
  • [ssh.py]: fix private key with passphrase
  • [ssh.py]: add sudo check for linux user
  • [ssh.py]: windows privileges check
  • [ssh.py]: improve command execute and format command execute result
  • [ssh.py]: paramiko always discovery private keys in ~/.ssh/, that will make paramiko exception, disable it.
• fix(dependencies): add bloodhound to netexec.spec, fixes #79 by @Marshall-Hallenbeck in #87
• Downgrade termcolor to prevent atty check which disables colors by @NeffIsBack in #86
• Cleanup & Lint Code by @Marshall-Hallenbeck in #35
  • Add Ruff configuration (version pinned due to discrepancies on GitHub runner versioning)
  • Create linter workflow to run Ruff on push & pull request
  • Remove encoding specification from files (unnecessary in Py3)
  • Update strings to be more descriptive, remove typos, and be properly capitalized
  • Change additionally remaining .format() and % old string interpolation to f-string usage (partially FLY)
  • Fix blank Except statements and unnecessary parenthesis in Excepts (partially RSE)
  • Update exception handling for some circumstances where another except was thrown, causing unnecessary output
  • Remove unused imports
  • Fix poorly and non-pythonic variable/function/class names
  • Fix additional single/double quote usage (Q)
  • Add docstrings to some functions and fix docstrings for others
  • Fix usages of mutable function defaults (see B006, mutable-argument-default in Ruff)
  • Properly inform user if file they specified doesn’t exist for several modules
  • Fix usages of comprehension and list/dict initialization via Ruff (C4)
  • Remove unnecessary str-concat (ISC)
  • Fix unnecessary pass statements and unnecessary creation of additional variables before return (PIE)
  • Fix some pytest style (PT)
  • Fix return statements returning None (unnecessary) (RET)
  • Add –poetry option for e2e tests, so all commands are prepended with poetry run
  • Fix ftp class name (got changed to “Ftp” by accident)
  • Simplify lots of code (SIM)
  • Fix tests using a password file to properly reference said file (was missing data/)
  • Remove commented out code (ERA)
  • Import and call sys.exit() instead of just exit() (PL)
  • Fix some try except outside loops (PERF203); additional ones are ignored for now
  • Implement list and dict comprehension where possible and preferred (PERF401)
  • Fix some spaces before inline comments (E261)
  • Modernize some code via Refurb (FURB)
  • Fix bug in add-computer module where improper access was being requested, causing an exception
  • Fix bug in add-computer module where module was not exiting if the computer already exists
  • Add in e2e tests for several missing modules
• Add python version and OS info to debug output by @NeffIsBack in #89
• Update README.md – one grammatical error. by @ayushrakesh in #94
• Fix import error on windows by @NeffIsBack in #98
• fix typos in python files of directory nxc/modules by @shresthasurav in #97
• Implement s4u abuse by @zblurx in #50
  • This option will do a full S4U abuse (S4U2Self + S4U2Proxy) in an automated way, allowing to use all postex functionalities of NXC 🔥
• [connection.py] Improvement by @XiaoliChan in #63
  • connection.py: Add missing self.port in connection.py, in order to use connection.port when writing module.
  • connection.py and protocol: Redirect self.args.port to self.port
  • connection.py: improve ipv6 support, now add is_ipv6 is_link_local_ipv6 variables
  • connection.py: rewrite gethost_addinfo function, don’t need try to detect ipv6 anymore, just use AF_UNSPEC instead AF_INET6, AF_INET
  • connection.py: IPv4 preferred when target is dual stack
• Improve bloodhound connector with Netbios domain name by @NeffIsBack in #88
• Set computer accounts as owned in bloodhound if local admin privs by @NeffIsBack in #90
• [winrm] Improvement by @XiaoliChan in #72
• Fix: update MS17-010 for Python3 properly; add debug logging by @Marshall-Hallenbeck in #108
• [winrm] disable logger & add miss port args by @XiaoliChan in #107
• Fix Kerberoasting for #104 by @Marshall-Hallenbeck in #111
• Improve module texts by @NeffIsBack in #109
• [ssh] fix #112 by @XiaoliChan in #113
• disable use of ssh_agent by @nikaiw in #106
• Adding error handling for unexpected powershell output, see issue #93 by @NeffIsBack in #115
• Netexec v1.1.0 by @NeffIsBack in #116

Install & Use

Copyright (c) 2023, Marshall-Hallenbeck, NeffIsBack, zblurx
Copyright (c) 2022, byt3bl33d3r, mpgn_x64