NetExec v1.1 releases: network service exploitation tool

NetExec – The Network Execution Tool

This project was initially created in 2015 by @byt3bl33d3r, known as CrackMapExec. In 2019 @mpgn_x64 started maintaining the project for the next 4 years, adding a lot of great tools and features. In September 2023 he retired from maintaining the project.

Along with many other contributors, we (NeffIsBack, Marshall-Hallenbeck, and zblurx) developed new features, and bug fixes, and helped maintain the original project CrackMapExec. During this time, with both a private and public repository, community contributions were not easily merged into the project. The 6-8 month discrepancy between the code bases caused many development issues and heavily reduced community-driven development. With the end of mpgn’s maintainer role, we (the remaining most active contributors) decided to maintain the project together as a fully free and open source project under the new name NetExec 🚀 Going forward, our intent is to maintain a community-driven and maintained project with regular updates for everyone to use.

NetExec (a.k.a nxc) is a network service exploitation tool that helps automate assessing the security of large networks.

Available protocols

  • smb
  • ssh
  • ldap
  • ftp
  • wmi
  • winrm
  • rdp
  • vnc
  • mssql

Changelog v1.1

  • Fix #48 tries to falsly add creds to bloodhound using –laps by @NeffIsBack in #49
  • Bump urllib3 from 2.0.4 to 2.0.6 by @dependabot in #53
  • Update enum_av.py by @bongobongoland in #58
  • Create schtask.py by @Dfte in #54
    • Add the schtask module that can be used to impersonate loggedon users and run commands on their behalf.
  • Add ascii art to cli by @NeffIsBack in #57
  • [nanodump] fix error with temporary path by @XiaoliChan in #67
  • Update dependencies (including impacket fork) for v1.1.0 by @Marshall-Hallenbeck in #30
  • Bump urllib3 from 2.0.6 to 2.0.7 by @dependabot in #77
  • mpgn is back 🎉 by @NeffIsBack in #80
  • Update README.md by @mishrasamiksha in #83
  • Enhancing the FTP protocol by @RomanRII in #40
  • Add module sorting by @NeffIsBack in #74
  • [ssh] improvement by @XiaoliChan in #25
    • [ssh.py]: less create ssh connect, keep doing set credential via paramiko transport
    • [ssh.py]: rewrite enum_host_info function
    • [ssh.py]: fix hanging, old one will never exit
    • [ssh.py]: fix private key with passphrase
    • [ssh.py]: add sudo check for linux user
    • [ssh.py]: windows privileges check
    • [ssh.py]: improve command execute and format command execute result
    • [ssh.py]: paramiko always discovery private keys in ~/.ssh/, that will make paramiko exception, disable it.
  • fix(dependencies): add bloodhound to netexec.spec, fixes #79 by @Marshall-Hallenbeck in #87
  • Downgrade termcolor to prevent atty check which disables colors by @NeffIsBack in #86
  • Cleanup & Lint Code by @Marshall-Hallenbeck in #35
    • Add Ruff configuration (version pinned due to discrepancies on GitHub runner versioning)
    • Create linter workflow to run Ruff on push & pull request
    • Remove encoding specification from files (unnecessary in Py3)
    • Update strings to be more descriptive, remove typos, and be properly capitalized
    • Change additionally remaining .format() and % old string interpolation to f-string usage (partially FLY)
    • Fix blank Except statements and unnecessary parenthesis in Excepts (partially RSE)
    • Update exception handling for some circumstances where another except was thrown, causing unnecessary output
    • Remove unused imports
    • Fix poorly and non-pythonic variable/function/class names
    • Fix additional single/double quote usage (Q)
    • Add docstrings to some functions and fix docstrings for others
    • Fix usages of mutable function defaults (see B006, mutable-argument-default in Ruff)
    • Properly inform user if file they specified doesn’t exist for several modules
    • Fix usages of comprehension and list/dict initialization via Ruff (C4)
    • Remove unnecessary str-concat (ISC)
    • Fix unnecessary pass statements and unnecessary creation of additional variables before return (PIE)
    • Fix some pytest style (PT)
    • Fix return statements returning None (unnecessary) (RET)
    • Add –poetry option for e2e tests, so all commands are prepended with poetry run
    • Fix ftp class name (got changed to “Ftp” by accident)
    • Simplify lots of code (SIM)
    • Fix tests using a password file to properly reference said file (was missing data/)
    • Remove commented out code (ERA)
    • Import and call sys.exit() instead of just exit() (PL)
    • Fix some try except outside loops (PERF203); additional ones are ignored for now
    • Implement list and dict comprehension where possible and preferred (PERF401)
    • Fix some spaces before inline comments (E261)
    • Modernize some code via Refurb (FURB)
    • Fix bug in add-computer module where improper access was being requested, causing an exception
    • Fix bug in add-computer module where module was not exiting if the computer already exists
    • Add in e2e tests for several missing modules
  • Add python version and OS info to debug output by @NeffIsBack in #89
  • Update README.md – one grammatical error. by @ayushrakesh in #94
  • Fix import error on windows by @NeffIsBack in #98
  • fix typos in python files of directory nxc/modules by @shresthasurav in #97
  • Implement s4u abuse by @zblurx in #50
    • This option will do a full S4U abuse (S4U2Self + S4U2Proxy) in an automated way, allowing to use all postex functionalities of NXC 🔥
  • [connection.py] Improvement by @XiaoliChan in #63
    • connection.py: Add missing self.port in connection.py, in order to use connection.port when writing module.
    • connection.py and protocol: Redirect self.args.port to self.port
    • connection.py: improve ipv6 support, now add is_ipv6 is_link_local_ipv6 variables
    • connection.py: rewrite gethost_addinfo function, don’t need try to detect ipv6 anymore, just use AF_UNSPEC instead AF_INET6, AF_INET
    • connection.py: IPv4 preferred when target is dual stack
  • Improve bloodhound connector with Netbios domain name by @NeffIsBack in #88
  • Set computer accounts as owned in bloodhound if local admin privs by @NeffIsBack in #90
  • [winrm] Improvement by @XiaoliChan in #72
  • Fix: update MS17-010 for Python3 properly; add debug logging by @Marshall-Hallenbeck in #108
  • [winrm] disable logger & add miss port args by @XiaoliChan in #107
  • Fix Kerberoasting for #104 by @Marshall-Hallenbeck in #111
  • Improve module texts by @NeffIsBack in #109
  • [ssh] fix #112 by @XiaoliChan in #113
  • disable use of ssh_agent by @nikaiw in #106
  • Adding error handling for unexpected powershell output, see issue #93 by @NeffIsBack in #115
  • Netexec v1.1.0 by @NeffIsBack in #116

Install & Use

Copyright (c) 2023, Marshall-Hallenbeck, NeffIsBack, zblurx
Copyright (c) 2022, byt3bl33d3r, mpgn_x64