blacklanternsecurity
diff --git a/‎.github/workflows/build-binaries.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/build-binaries.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/workflows/build-zipapps.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/build-zipapps.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/workflows/lint.yml‎
Lines changed: 3 additions & 2 deletions b/‎.github/workflows/lint.yml‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎.github/workflows/test.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/test.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎README.md‎
Lines changed: 5 additions & 0 deletions b/‎README.md‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎nxc/cli.py‎
Lines changed: 2 additions & 3 deletions b/‎nxc/cli.py‎
Lines changed: 2 additions & 3 deletions
diff --git a/‎nxc/connection.py‎
Lines changed: 7 additions & 6 deletions b/‎nxc/connection.py‎
Lines changed: 7 additions & 6 deletions
diff --git a/‎nxc/logger.py‎
Lines changed: 9 additions & 8 deletions b/‎nxc/logger.py‎
Lines changed: 9 additions & 8 deletions
diff --git a/‎nxc/modules/enum_av.py‎
Lines changed: 21 additions & 0 deletions b/‎nxc/modules/enum_av.py‎
Lines changed: 21 additions & 0 deletions
diff --git a/‎nxc/modules/handlekatz.py‎
Lines changed: 1 addition & 1 deletion b/‎nxc/modules/handlekatz.py‎
Lines changed: 1 addition & 1 deletion
@@ -13,9 +13,9 @@ jobs:
         python-version: ["3.11"]
         #python-version: ["3.8", "3.9", "3.10", "3.11"] # for binary builds we only need one version
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: NetExec set up python on ${{ matrix.os }}
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       with:
         python-version: ${{ matrix.python-version }}
     - name: Build Native Binary
 
@@ -12,9 +12,9 @@ jobs:
         os: [ubuntu-latest, macOS-latest, windows-latest]
         python-version: ["3.8", "3.9", "3.10", "3.11"]
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: NetExec set up python on ${{ matrix.os }}
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       with:
         python-version: ${{ matrix.python-version }}
     - name: Build Python ZipApp with Shiv
 
@@ -3,6 +3,7 @@ name: Lint Python code with ruff
 
 on:
   push:
+  workflow_dispatch:
 
 jobs:
   lint:
@@ -11,12 +12,12 @@ jobs:
       github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Install poetry
         run: |
           pipx install poetry
       - name: Set up Python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: 3.11
           cache: poetry
 
@@ -16,12 +16,12 @@ jobs:
         os: [ubuntu-latest]
         python-version: ["3.8", "3.9", "3.10", "3.11", "3.12"]
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Install poetry
         run: |
           pipx install poetry
       - name: NetExec set up python ${{ matrix.python-version }} on ${{ matrix.os }}
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: ${{ matrix.python-version }}
           cache: poetry
 
@@ -43,6 +43,11 @@ sudo apt install pipx git
 pipx ensurepath
 pipx install git+https://github.com/Pennyw0rth/NetExec
 ```
+
+## Availability on Unix distributions
+
+[![Packaging status](https://repology.org/badge/vertical-allrepos/netexec.svg)](https://repology.org/project/netexec/versions)
+
 # Development
 Development guidelines and recommendations in development
 
 
@@ -27,6 +27,7 @@ def gen_cli_args():
 
     generic_parser = argparse.ArgumentParser(add_help=False, formatter_class=DisplayDefaultsNotNone)
     generic_group = generic_parser.add_argument_group("Generic", "Generic options for nxc across protocols")
+    generic_group.add_argument("--version", action="store_true", help="Display nxc version")
     generic_group.add_argument("-t", "--threads", type=int, dest="threads", default=256, help="set how many concurrent threads to use")
     generic_group.add_argument("--timeout", default=None, type=int, help="max timeout in seconds of each thread")
     generic_group.add_argument("--jitter", metavar="INTERVAL", type=str, help="sets a random delay between each authentication")
@@ -69,8 +70,6 @@ def gen_cli_args():
         parents=[generic_parser, output_parser, dns_parser]
     )
 
-    parser.add_argument("--version", action="store_true", help="Display nxc version")
-
     # we do module arg parsing here so we can reference the module_list attribute below
     module_parser = argparse.ArgumentParser(add_help=False, formatter_class=DisplayDefaultsNotNone)
     mgroup = module_parser.add_argument_group("Modules", "Options for nxc modules")
@@ -82,7 +81,7 @@ def gen_cli_args():
     subparsers = parser.add_subparsers(title="Available Protocols", dest="protocol")
 
     std_parser = argparse.ArgumentParser(add_help=False, parents=[generic_parser, output_parser, dns_parser], formatter_class=DisplayDefaultsNotNone)
-    std_parser.add_argument("target", nargs="+" if not (module_parser.parse_known_args()[0].list_modules or module_parser.parse_known_args()[0].show_module_options) else "*", type=str, help="the target IP(s), range(s), CIDR(s), hostname(s), FQDN(s), file(s) containing a list of targets, NMap XML or .Nessus file(s)")
+    std_parser.add_argument("target", nargs="+" if not (module_parser.parse_known_args()[0].list_modules or module_parser.parse_known_args()[0].show_module_options or generic_parser.parse_known_args()[0].version) else "*", type=str, help="the target IP(s), range(s), CIDR(s), hostname(s), FQDN(s), file(s) containing a list of targets, NMap XML or .Nessus file(s)")
     credential_group = std_parser.add_argument_group("Authentication", "Options for authenticating")
     credential_group.add_argument("-u", "--username", metavar="USERNAME", dest="username", nargs="+", default=[], help="username(s) or file(s) containing usernames")
     credential_group.add_argument("-p", "--password", metavar="PASSWORD", dest="password", nargs="+", default=[], help="password(s) or file(s) containing passwords")
 
@@ -134,7 +134,7 @@ def __init__(self, args, db, target):
         # Authentication info
         self.password = ""
         self.username = ""
-        self.kerberos = bool(self.args.kerberos or self.args.use_kcache or self.args.aesKey)
+        self.kerberos = bool(self.args.kerberos or self.args.use_kcache or self.args.aesKey or (hasattr(self.args, "delegate") and self.args.delegate))
         self.aesKey = None if not self.args.aesKey else self.args.aesKey[0]
         self.use_kcache = None if not self.args.use_kcache else self.args.use_kcache
         self.admin_privs = False
@@ -157,7 +157,7 @@ def __init__(self, args, db, target):
         else:
             return
 
-        if self.args.kerberos:
+        if self.kerberos:
             self.host = self.hostname
 
         self.logger.info(f"Socket info: host={self.host}, hostname={self.hostname}, kerberos={self.kerberos}, ipv6={self.is_ipv6}, link-local ipv6={self.is_link_local_ipv6}")
@@ -167,6 +167,9 @@ def __init__(self, args, db, target):
         except Exception as e:
             if "ERROR_DEPENDENT_SERVICES_RUNNING" in str(e):
                 self.logger.error(f"Exception while calling proto_flow() on target {target}: {e}")
+            # Catching impacket SMB specific exceptions, which should not be imported due to performance reasons
+            elif e.__class__.__name__ in ["NetBIOSTimeout", "NetBIOSError"]:
+                self.logger.error(f"{e.__class__.__name__} on target {target}: {e}")
             else:
                 self.logger.exception(f"Exception while calling proto_flow() on target {target}: {e}")
         finally:
@@ -470,8 +473,6 @@ def try_credentials(self, domain, username, owned, secret, cred_type, data=None)
             return False
         if self.args.continue_on_success and owned:
             return False
-        if hasattr(self.args, "delegate") and self.args.delegate:
-            self.args.kerberos = True
 
         if self.args.jitter:
             jitter = self.args.jitter
@@ -486,7 +487,7 @@ def try_credentials(self, domain, username, owned, secret, cred_type, data=None)
 
         with sem:
             if cred_type == "plaintext":
-                if self.args.kerberos:
+                if self.kerberos:
                     self.logger.debug("Trying to authenticate using Kerberos")
                     return self.kerberos_login(domain, username, secret, "", "", self.kdcHost, False)
                 elif hasattr(self.args, "domain"):  # Some protocols don't use domain for login
@@ -499,7 +500,7 @@ def try_credentials(self, domain, username, owned, secret, cred_type, data=None)
                     self.logger.debug("Trying to authenticate using plaintext")
                     return self.plaintext_login(username, secret)
             elif cred_type == "hash":
-                if self.args.kerberos:
+                if self.kerberos:
                     return self.kerberos_login(domain, username, "", secret, "", self.kdcHost, False)
                 return self.hash_login(domain, username, secret)
             elif cred_type == "aesKey":
 
@@ -5,6 +5,7 @@
 import sys
 import re
 from nxc.console import nxc_console
+from nxc.paths import NXC_PATH
 from termcolor import colored
 from datetime import datetime
 from rich.text import Text
@@ -30,7 +31,7 @@ def setup_debug_logging():
         root_logger.setLevel(logging.INFO)
     elif debug_args.debug:
         nxc_logger.logger.setLevel(logging.DEBUG)
-        root_logger.setLevel(logging.INFO)
+        root_logger.setLevel(logging.DEBUG)
     else:
         nxc_logger.logger.setLevel(logging.ERROR)
         root_logger.setLevel(logging.ERROR)
@@ -163,15 +164,16 @@ def log_console_to_file(self, text, *args, **kwargs):
         If debug or info logging is not enabled, we still want display/success/fail logged to the file specified,
         so we create a custom LogRecord and pass it to all the additional handlers (which will be all the file handlers)
         """
-        if self.logger.getEffectiveLevel() >= logging.INFO and len(self.logger.handlers):  # will be 0 if it's just the console output, so only do this if we actually have file loggers
+        caller_frame = inspect.currentframe().f_back.f_back.f_back
+        if len(self.logger.handlers):  # will be 0 if it's just the console output, so only do this if we actually have file loggers
             try:
                 for handler in self.logger.handlers:
-                    handler.handle(LogRecord("nxc", 20, "", kwargs, msg=text, args=args, exc_info=None))
+                    handler.handle(LogRecord("nxc", 20, pathname=caller_frame.f_code.co_filename, lineno=caller_frame.f_lineno, msg=text, args=args, exc_info=None))
             except Exception as e:
                 self.logger.fail(f"Issue while trying to custom print handler: {e}")
 
     def add_file_log(self, log_file=None):
-        file_formatter = TermEscapeCodeFormatter("%(asctime)s - %(levelname)s - %(message)s")
+        file_formatter = TermEscapeCodeFormatter("%(asctime)s | %(filename)s:%(lineno)s - %(levelname)s - %(message)s", datefmt="%Y-%m-%d %H:%M:%S")
         output_file = self.init_log_file() if log_file is None else log_file
         file_creation = False
 
@@ -193,11 +195,10 @@ def add_file_log(self, log_file=None):
 
     @staticmethod
     def init_log_file():
-        newpath = os.path.expanduser("~/.nxc") + "/logs/" + datetime.now().strftime("%Y-%m-%d")
-        if not os.path.exists(newpath):
-            os.makedirs(newpath)
+        newpath = NXC_PATH + "/logs/" + datetime.now().strftime("%Y-%m-%d")
+        os.makedirs(newpath, exist_ok=True)
         return os.path.join(
-            os.path.expanduser("~/.nxc"),
+            NXC_PATH,
             "logs",
             datetime.now().strftime("%Y-%m-%d"),
             f"log_{datetime.now().strftime('%Y-%m-%d-%H-%M-%S')}.log",
 
@@ -358,6 +358,27 @@ def LsarLookupNames(self, dce, policyHandle, service):
                 {"name": "sophoslivequery_*", "processes": [""]}
             ]
         },
+        {
+            "name": "Trellix Endpoint Detection and Response (EDR)",
+            "services": [
+                {"name": "McAfee Endpoint Security Platform Service", "description": "Trellix Core Service"},
+                {"name": "mfemactl", "description": "Trellix Management Service"},
+                {"name": "mfemms", "description": "McAfee Management Service"},
+                {"name": "mfefire", "description": "Trellix Firewall Core Service"},
+                {"name": "masvc", "description": "Trellix Agent Service"},
+                {"name": "macmnsvc", "description": "Trellix Agent Common Service"},
+                {"name": "mfetp", "description": "Trellix Endpoint Threat Prevention Service"},
+                {"name": "mfewc", "description": "Trellix Endpoint Security Web Control Service"}, 
+                {"name": "mfeaack", "description": "Trellix Anti-Malware Core Service"}
+            ],
+            "pipes": [
+                {"name": "TrellixEDR_Pipe_*", "processes": ["McAfeeEDR.exe"]},
+                {"name": "mfemactl_*", "processes": ["mfemactl.exe"]},
+                {"name": "mfefire_*", "processes": ["mfefire.exe"]},
+                {"name": "McAfeeAgent_Pipe_*", "processes": ["McAfeeAgent.exe"]},
+                {"name": "mfetp_*", "processes": ["mfetp.exe"]}
+            ]
+        },
         {
             "name": "Trend Micro Endpoint Security",
             "services": [
 
@@ -7,7 +7,7 @@
 import sys
 
 from nxc.helpers.bloodhound import add_user_bh
-import pypykatz
+from pypykatz.pypykatz import pypykatz
 
 
 class NXCModule: