Merge branch 'Pennyw0rth:main' into CVE-2025-33073

Author: Mauriceter

.github/ISSUE_TEMPLATE/bug_report.md

@@ -7,6 +7,10 @@ assignees: ''
 
 ---
 
+# ❗❗❗ Before filing this bug report, MAKE SURE you have already downloaded the newest version of NetExec from GitHub and installed it! Many issues have already been reported and fixed, _especially_ if you are running the native Kali version! Please delete this line before submitting your issue if you have done so.❗❗❗
+
+
+
 **Describe the bug**
 A clear and concise description of what the bug is.
 
@@ -30,8 +34,8 @@ If applicable, add screenshots to help explain your problem.
 
 **NetExec info**
  - OS: [e.g. Kali]
- - Version of nxc: [e.g. v1.5.2]
- - Installed from: apt/github/pip/docker/...? Please try with latest release before openning an issue
+ - Version of nxc: [e.g. v1.5.2] (run nxc --version and post the _exact_ string that is output)
+ - Installed from: apt/github/pip/docker/...? Please try with latest release before opening an issue
 
 **Additional context**
 Add any other context about the problem here.

…EQUEST_TEMPLATE/pull_request_template.md .github/PULL_REQUEST_TEMPLATE.md.github/PULL_REQUEST_TEMPLATE/pull_request_template.md renamed to .github/PULL_REQUEST_TEMPLATE.md .github/PULL_REQUEST_TEMPLATE/pull_request_template.md renamed to .github/PULL_REQUEST_TEMPLATE.md

@@ -1,44 +1,35 @@
----
-name: Pull request
-about: Update code to fix a bug or add an enhancement/feature
-title: ''
-labels: ''
-assignees: ''
-
----
 ## Description
 
 Please include a summary of the change and which issue is fixed, or what the enhancement does.
-Please also include relevant motivation and context.
 List any dependencies that are required for this change.
 
 ## Type of change
-Please delete options that are not relevant.
+Insert an "x" inside the brackets for relevant items (do not delete options)
+
 - [ ] Bug fix (non-breaking change which fixes an issue)
 - [ ] New feature (non-breaking change which adds functionality)
 - [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
+- [ ] Deprecation of feature or functionality
 - [ ] This change requires a documentation update
 - [ ] This requires a third party update (such as Impacket, Dploot, lsassy, etc)
 
-## How Has This Been Tested?
-Please describe the tests that you ran to verify your changes (e2e, single commands, etc)
-Please also list any relevant details for your test configuration, such as your locally running machine Python version & OS, as well as the target(s) you tested against, including software versions
-
-If you are using poetry, you can easily run tests via:
-`poetry run python tests/e2e_tests.py -t $TARGET -u $USER -p $PASSWORD`
-There are additional options like `--errors` to display ALL errors (some may not be failures), `--poetry` (output will include the poetry run prepended), `--line-num $START-$END $SINGLE` for only running a subset
+## Setup guide for the review
+Please provide guidance on what setup is needed to test the introduced changes, such as your locally running machine Python version & OS, as well as the target(s) you tested against, including software versions.
+In particular:
+- Bug Fix: Please provide a short description on how to trigger the bug, to make the bug reproducable for the reviewer.
+- Added Feature/Enhancement: Please specify what setup is needed in order to test the changes. E.g. is additional software needed? GPO changes required? Specific registry settings that need to be changed?
 
 ## Screenshots (if appropriate):
 Screenshots are always nice to have and can give a visual representation of the change.
 If appropriate include before and after screenshot(s) to show which results are to be expected.
 
 ## Checklist:
+Insert an "x" inside the brackets for completed and relevant items (do not delete options)
 
 - [ ] I have ran Ruff against my changes (via poetry: `poetry run python -m ruff check . --preview`, use `--fix` to automatically fix what it can)
-- [ ] I have added or updated the tests/e2e_commands.txt file if necessary
+- [ ] I have added or updated the `tests/e2e_commands.txt` file if necessary (new modules or features are _required_ to be added to the e2e tests)
 - [ ] New and existing e2e tests pass locally with my changes
-- [ ] My code follows the style guidelines of this project (should be covered by Ruff above)
-- [ ] If reliant on third party dependencies, such as Impacket, dploot, lsassy, etc, I have linked the relevant PRs in those projects
+- [ ] If reliant on changes of third party dependencies, such as Impacket, dploot, lsassy, etc, I have linked the relevant PRs in those projects
 - [ ] I have performed a self-review of my own code
 - [ ] I have commented my code, particularly in hard-to-understand areas
 - [ ] I have made corresponding changes to the documentation (PR here: https://github.com/Pennyw0rth/NetExec-Wiki)

.github/workflows/build-binaries.yml

@@ -10,7 +10,7 @@ jobs:
     strategy:
       matrix:
         os: [ubuntu-latest, macOS-latest, windows-latest]
-        python-version: ["3.11"]
+        python-version: ["3.13"]
         #python-version: ["3.8", "3.9", "3.10", "3.11"] # for binary builds we only need one version
     steps:
     - uses: actions/checkout@v4
@@ -20,18 +20,18 @@ jobs:
         python-version: ${{ matrix.python-version }}
     - name: Build Native Binary
       run: |
-        pip install pyinstaller
+        pip install pyinstaller pillow
         pip install .
         pyinstaller netexec.spec
     - name: Upload Windows Binary
       if: runner.os == 'windows'
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: nxc.exe
         path: dist/nxc.exe
     - name: Upload Nix/OSx Binary
       if: runner.os != 'windows'
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: nxc-${{ matrix.os }}
         path: dist/nxc

.github/workflows/build-zipapps.yml

@@ -10,7 +10,7 @@ jobs:
     strategy:
       matrix:
         os: [ubuntu-latest, macOS-latest, windows-latest]
-        python-version: ["3.8", "3.9", "3.10", "3.11"]
+        python-version: ["3.10", "3.11", "3.12", "3.13"]
     steps:
     - uses: actions/checkout@v4
     - name: NetExec set up python on ${{ matrix.os }}
@@ -22,12 +22,12 @@ jobs:
         pip install shiv
         python build_collector.py
     - name: Upload nxc ZipApp
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: nxc-zipapp-${{ matrix.os }}-${{ matrix.python-version }}
         path: bin/nxc
     - name: Upload nxcdb ZipApp
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: nxcdb-zipapp-${{ matrix.os }}-${{ matrix.python-version }}
         path: bin/nxcdb

.github/workflows/lint.yml

@@ -4,12 +4,14 @@ name: Lint Python code with ruff
 on:
   push:
   workflow_dispatch:
+  pull_request_review:
+    types: [submitted]
 
 jobs:
   lint:
     runs-on: ubuntu-latest
     if:
-      github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository
+      github.event_name == 'push' || github.event.review.state == 'APPROVED' || github.event_name == 'workflow_dispatch'
 
     steps:
       - uses: actions/checkout@v4
@@ -19,7 +21,7 @@ jobs:
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
-          python-version: 3.11
+          python-version: 3.13
           cache: poetry
           cache-dependency-path: poetry.lock
       - name: Install dependencies with dev group

.github/workflows/test.yml

@@ -8,18 +8,20 @@ on:
 jobs:
   build:
     name: Test for Py${{ matrix.python-version }}
-    if: github.event.review.state == 'APPROVED'
+    if: github.event.review.state == 'APPROVED' || github.event_name == 'workflow_dispatch'
     runs-on: ${{ matrix.os }}
     strategy:
       max-parallel: 5
       matrix:
         os: [ubuntu-latest]
-        python-version: ["3.8", "3.9", "3.10", "3.11", "3.12"]
+        python-version: ["3.10", "3.11", "3.12", "3.13"]
     steps:
       - uses: actions/checkout@v4
       - name: Install poetry
         run: |
           pipx install poetry
+          poetry --version
+          poetry env info
       - name: NetExec set up python ${{ matrix.python-version }} on ${{ matrix.os }}
         uses: actions/setup-python@v5
         with:
@@ -29,11 +31,6 @@ jobs:
       - name: Install with pipx
         run: |
           pipx install . --python python${{ matrix.python-version }}
-      - name: Install poetry
-        run: |
-          pipx install poetry --python python${{ matrix.python-version }}
-          poetry --version
-          poetry env info
       - name: Install libraries with dev group
         run: |
           poetry install --with dev
@@ -48,4 +45,4 @@ jobs:
           poetry run netexec mssql 127.0.0.1
           poetry run netexec ssh 127.0.0.1
           poetry run netexec ftp 127.0.0.1
-          poetry run netexec smb 127.0.0.1 -M veeam
+          poetry run netexec smb 127.0.0.1 -L

Dockerfile

@@ -1,22 +1,45 @@
-FROM python:3.11-slim
-
+FROM python:3.13-slim-bookworm AS builder
 ENV LANG=C.UTF-8
 ENV LC_ALL=C.UTF-8
 ENV PIP_NO_CACHE_DIR=off
 
 WORKDIR /usr/src/netexec
 
-RUN apt-get update && \
-    apt-get install -y libffi-dev libxml2-dev libxslt-dev libssl-dev openssl autoconf g++ python3-dev curl git
-RUN apt-get update
-# Get Rust
-RUN curl https://sh.rustup.rs -sSf | bash -s -- -y
-# Add .cargo/bin to PATH
+RUN apt update && \
+    apt install -y --no-install-recommends \
+        libffi-dev \
+        libxml2-dev \
+        libxslt-dev \
+        libssl-dev \
+        openssl \
+        autoconf \
+        g++ \
+        python3-dev \
+        curl \
+        git \
+        unzip \
+    && apt clean && rm -rf /var/lib/apt/lists/*
+
+RUN curl https://sh.rustup.rs -sSf | bash -s -- -y --default-toolchain stable
 ENV PATH="/root/.cargo/bin:${PATH}"
-# Check cargo is visible
-RUN cargo --help
 
-COPY . .
-RUN pip install .
+RUN git clone https://github.com/Pennyw0rth/NetExec.git . \
+    && pip install .
+
+FROM python:3.13-slim-bookworm
+
+ENV LANG=C.UTF-8
+ENV LC_ALL=C.UTF-8
+ENV PIP_NO_CACHE_DIR=off
+
+WORKDIR /usr/src/netexec
+
+COPY --from=builder /usr/local/lib/python3.13/site-packages /usr/local/lib/python3.13/site-packages
+COPY --from=builder /usr/local/bin /usr/local/bin
+
+RUN apt update && \
+    apt install -y --no-install-recommends \
+        openssl \
+    && apt clean && rm -rf /var/lib/apt/lists/*
 
-ENTRYPOINT [ "nxc" ]
+ENTRYPOINT ["nxc"]

LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2023, Marshall-Hallenbeck, NeffIsBack, zblurx, mpgn_x64
+Copyright (c) 2025, Marshall-Hallenbeck, NeffIsBack, zblurx, mpgn_x64
 Copyright (c) 2022, byt3bl33d3r
 All rights reserved.
 

README.md

@@ -1,4 +1,4 @@
-![Supported Python versions](https://img.shields.io/badge/python-3.8+-blue.svg)
+![Supported Python versions](https://img.shields.io/badge/python-3.10+-blue.svg)
 [![Twitter](https://img.shields.io/twitter/follow/al3xn3ff?label=al3x_n3ff&style=social)](https://twitter.com/intent/follow?screen_name=al3x_n3ff)
 [![Twitter](https://img.shields.io/twitter/follow/_zblurx?label=_zblurx&style=social)](https://twitter.com/intent/follow?screen_name=_zblurx)
 [![Twitter](https://img.shields.io/twitter/follow/MJHallenbeck?label=MJHallenbeck&style=social)](https://twitter.com/intent/follow?screen_name=MJHallenbeck)
@@ -63,3 +63,5 @@ Awesome code contributors of NetExec:
 [![](https://github.com/NeffIsBack.png?size=50)](https://github.com/NeffIsBack)
 [![](https://github.com/Hackndo.png?size=50)](https://github.com/Hackndo)
 [![](https://github.com/XiaoliChan.png?size=50)](https://github.com/XiaoliChan)
+[![](https://github.com/termanix.png?size=50)](https://github.com/termanix)
+[![](https://github.com/Dfte.png?size=50)](https://github.com/Dfte)

netexec.spec

@@ -20,17 +20,20 @@ a = Analysis(
         'aardwolf.commons.target',
         'aardwolf.protocol.x224.constants',
         'impacket.examples.secretsdump',
+        'impacket.examples.regsecrets',
         'impacket.dcerpc.v5.lsat',
         'impacket.dcerpc.v5.transport',
         'impacket.dcerpc.v5.lsad',
         'impacket.dcerpc.v5.gkdi',
         'impacket.dcerpc.v5.rprn',
+        'impacket.dcerpc.v5.even',
+        'impacket.dcerpc.v5.even6',
         'impacket.dpapi_ng',
         'impacket.tds',
         'impacket.version',
         'impacket.ldap.ldap',
+        'jwt',
         'nxc.connection',
-        'nxc.servers.smb',
         'nxc.protocols.smb.wmiexec',
         'nxc.protocols.smb.atexec',
         'nxc.protocols.smb.smbexec',
@@ -41,13 +44,14 @@ a = Analysis(
         'nxc.parsers.ldap_results',
         'nxc.helpers.bash',
         'nxc.helpers.bloodhound',
+        'nxc.helpers.even6_parser',
         'nxc.helpers.msada_guids',
         'nxc.helpers.ntlm_parser',
         'paramiko',
         'pypsrp.client',
-        'pywerview.cli.helpers',
         'pylnk3',
         'pypykatz',
+        'pyNfsClient',
         'masky',
         'msldap',
         'msldap.connection',
@@ -69,6 +73,7 @@ a = Analysis(
         'dploot.triage.masterkeys',
         'dploot.triage.mobaxterm',
         'dploot.triage.backupkey',
+        'dploot.triage.wam',
         'dploot.triage.wifi',
         'dploot.triage.sccm',
         'dploot.lib.target',