feat(options): change how args are parsed and passed, allowing --debug, etc to be used anywhere

Author: Marshall-Hallenbeck

nxc/cli.py

@@ -23,8 +23,22 @@ def gen_cli_args():
         COMMIT = ""
     CODENAME = "nxc4u"
     nxc_logger.debug(f"NXC VERSION: {VERSION} - {CODENAME} - {COMMIT}")
-
-    parser = argparse.ArgumentParser(description=rf"""
+    
+    generic_parser = argparse.ArgumentParser(add_help=False)
+    generic_group = generic_parser.add_argument_group("Generic Options", "Generic options for nxc across protocols")
+    generic_group.add_argument("-t", "--threads", type=int, dest="threads", default=256, help="set how many concurrent threads to use (default: 256)")
+    generic_group.add_argument("--timeout", default=None, type=int, help="max timeout in seconds of each thread (default: None)")
+    generic_group.add_argument("--jitter", metavar="INTERVAL", type=str, help="sets a random delay between each authentication (default: None)")
+    
+    output_parser = argparse.ArgumentParser(add_help=False)
+    output_group = output_parser.add_argument_group("Output Options", "Options to set verbosity levels and control output")
+    output_group.add_argument("--verbose", action="store_true", help="enable verbose output")
+    output_group.add_argument("--debug", action="store_true", help="enable debug level information")
+    output_group.add_argument("--no-progress", action="store_true", help="do not displaying progress bar during scan")
+    output_group.add_argument("--log", metavar="LOG", help="export result into a custom file")
+    
+    parser = argparse.ArgumentParser(
+        description=rf"""
      .   .
     .|   |.     _   _          _     _____
     ||   ||    | \ | |   ___  | |_  | ____| __  __   ___    ___
@@ -42,14 +56,11 @@ def gen_cli_args():
     {highlight('Version', 'red')} : {highlight(VERSION)}
     {highlight('Codename', 'red')}: {highlight(CODENAME)}
     {highlight('Commit', 'red')}  : {highlight(COMMIT)}
-    """, formatter_class=RawTextHelpFormatter)
-
-    parser.add_argument("-t", type=int, dest="threads", default=256, help="set how many concurrent threads to use (default: 256)")
-    parser.add_argument("--timeout", default=None, type=int, help="max timeout in seconds of each thread (default: None)")
-    parser.add_argument("--jitter", metavar="INTERVAL", type=str, help="sets a random delay between each authentication (default: None)")
-    parser.add_argument("--no-progress", action="store_true", help="Not displaying progress bar during scan")
-    parser.add_argument("--verbose", action="store_true", help="enable verbose output")
-    parser.add_argument("--debug", action="store_true", help="enable debug level information")
+    """,
+        formatter_class=RawTextHelpFormatter,
+        parents=[generic_parser, output_parser]
+    )
+
     parser.add_argument("--version", action="store_true", help="Display nxc version")
 
     # we do module arg parsing here so we can reference the module_list attribute below
@@ -64,9 +75,9 @@ def gen_cli_args():
     module_parser.add_argument("--server-port", metavar="PORT", type=int, help="start the server on the specified port")
     module_parser.add_argument("--connectback-host", type=str, metavar="CHOST", help="IP for the remote system to connect back to (default: same as server-host)")
 
-    subparsers = parser.add_subparsers(title="protocols", dest="protocol", description="available protocols")
+    subparsers = parser.add_subparsers(title="Available Protocols", dest="protocol")
 
-    std_parser = argparse.ArgumentParser(add_help=False)
+    std_parser = argparse.ArgumentParser(add_help=False, parents=[generic_parser, output_parser])
     std_parser.add_argument("target", nargs="+" if not (module_parser.parse_known_args()[0].list_modules or module_parser.parse_known_args()[0].show_module_options) else "*", type=str, help="the target IP(s), range(s), CIDR(s), hostname(s), FQDN(s), file(s) containing a list of targets, NMap XML or .Nessus file(s)")
     std_parser.add_argument("-id", metavar="CRED_ID", nargs="+", default=[], type=str, dest="cred_id", help="database credential ID(s) to use for authentication")
     std_parser.add_argument("-u", metavar="USERNAME", dest="username", nargs="+", default=[], help="username(s) or file(s) containing usernames")
@@ -76,7 +87,6 @@ def gen_cli_args():
     std_parser.add_argument("--no-bruteforce", action="store_true", help="No spray when using file for username and password (user1 => password1, user2 => password2")
     std_parser.add_argument("--continue-on-success", action="store_true", help="continues authentication attempts even after successes")
     std_parser.add_argument("--use-kcache", action="store_true", help="Use Kerberos authentication from ccache file (KRB5CCNAME)")
-    std_parser.add_argument("--log", metavar="LOG", help="Export result into a custom file")
     std_parser.add_argument("--aesKey", metavar="AESKEY", nargs="+", help="AES key to use for Kerberos Authentication (128 or 256 bits)")
     std_parser.add_argument("--kdcHost", metavar="KDCHOST", help="FQDN of the domain controller. If omitted it will use the domain part (FQDN) specified in the target parameter")
 
@@ -91,7 +101,7 @@ def gen_cli_args():
     try:
         for protocol in protocols:
             protocol_object = p_loader.load_protocol(protocols[protocol]["argspath"])
-            subparsers = protocol_object.proto_args(subparsers, std_parser, module_parser)
+            subparsers = protocol_object.proto_args(subparsers, [std_parser, module_parser])
     except Exception as e:
         nxc_logger.exception(f"Error loading proto_args from proto_args.py file in protocol folder: {protocol} - {e}")
 

nxc/protocols/ftp/proto_args.py

@@ -1,5 +1,5 @@
-def proto_args(parser, std_parser, module_parser):
-    ftp_parser = parser.add_parser("ftp", help="own stuff using FTP", parents=[std_parser, module_parser])
+def proto_args(parser, parents):
+    ftp_parser = parser.add_parser("ftp", help="own stuff using FTP", parents=parents)
     ftp_parser.add_argument("--port", type=int, default=21, help="FTP port (default: 21)")
 
     cgroup = ftp_parser.add_argument_group("FTP Access", "Options for enumerating your access")

nxc/protocols/ldap/proto_args.py

@@ -1,5 +1,5 @@
-def proto_args(parser, std_parser, module_parser):
-    ldap_parser = parser.add_parser("ldap", help="own stuff using LDAP", parents=[std_parser, module_parser])
+def proto_args(parser, parents):
+    ldap_parser = parser.add_parser("ldap", help="own stuff using LDAP", parents=parents)
     ldap_parser.add_argument("-H", "--hash", metavar="HASH", dest="hash", nargs="+", default=[], help="NTLM hash(es) or file(s) containing NTLM hashes")
     ldap_parser.add_argument("--port", type=int, choices={389, 636}, default=389, help="LDAP port (default: 389)")
     ldap_parser.add_argument("--no-smb", action="store_true", help="No smb connection")

nxc/protocols/mssql/proto_args.py

@@ -1,5 +1,5 @@
-def proto_args(parser, std_parser, module_parser):
-    mssql_parser = parser.add_parser("mssql", help="own stuff using MSSQL", parents=[std_parser, module_parser])
+def proto_args(parser, parents):
+    mssql_parser = parser.add_parser("mssql", help="own stuff using MSSQL", parents=parents)
     mssql_parser.add_argument("-H", "--hash", metavar="HASH", dest="hash", nargs="+", default=[], help="NTLM hash(es) or file(s) containing NTLM hashes")
     mssql_parser.add_argument("--port", default=1433, type=int, metavar="PORT", help="MSSQL port (default: 1433)")
     mssql_parser.add_argument("--mssql-timeout", help="SQL server connection timeout, default is %(default)s seconds", type=int, default=5)

nxc/protocols/rdp/proto_args.py

@@ -1,5 +1,5 @@
-def proto_args(parser, std_parser, module_parser):
-    rdp_parser = parser.add_parser("rdp", help="own stuff using RDP", parents=[std_parser, module_parser])
+def proto_args(parser, parents):
+    rdp_parser = parser.add_parser("rdp", help="own stuff using RDP", parents=parents)
     rdp_parser.add_argument("-H", "--hash", metavar="HASH", dest="hash", nargs="+", default=[], help="NTLM hash(es) or file(s) containing NTLM hashes")
     rdp_parser.add_argument("--port", type=int, default=3389, help="Custom RDP port")
     rdp_parser.add_argument("--rdp-timeout", type=int, default=5, help="RDP timeout on socket connection, defalut is %(default)ss")

nxc/protocols/smb/proto_args.py

@@ -1,8 +1,8 @@
 from argparse import _StoreTrueAction
 
 
-def proto_args(parser, std_parser, module_parser):
-    smb_parser = parser.add_parser("smb", help="own stuff using SMB", parents=[std_parser, module_parser])
+def proto_args(parser, parents):
+    smb_parser = parser.add_parser("smb", help="own stuff using SMB", parents=parents)
     smb_parser.add_argument("-H", "--hash", metavar="HASH", dest="hash", nargs="+", default=[], help="NTLM hash(es) or file(s) containing NTLM hashes")
     delegate_arg = smb_parser.add_argument("--delegate", action="store", help="Impersonate user with S4U2Self + S4U2Proxy")
     self_delegate_arg = smb_parser.add_argument("--self", dest="no_s4u2proxy", action=get_conditional_action(_StoreTrueAction), make_required=[], help="Only do S4U2Self, no S4U2Proxy (use with delegate)")
@@ -22,12 +22,10 @@ def proto_args(parser, std_parser, module_parser):
     cgroup.add_argument("--lsa", action="store_true", help="dump LSA secrets from target systems")
     cgroup.add_argument("--ntds", choices={"vss", "drsuapi"}, nargs="?", const="drsuapi", help="dump the NTDS.dit from target DCs using the specifed method\n(default: drsuapi)")
     cgroup.add_argument("--dpapi", choices={"cookies", "nosystem"}, nargs="*", help='dump DPAPI secrets from target systems, can dump cookies if you add "cookies", will not dump SYSTEM dpapi if you add nosystem\n')
-
-    ngroup = smb_parser.add_argument_group("Credential Gathering", "Options for gathering credentials")
-    ngroup.add_argument("--mkfile", action="store", help="DPAPI option. File with masterkeys in form of {GUID}:SHA1")
-    ngroup.add_argument("--pvk", action="store", help="DPAPI option. File with domain backupkey")
-    ngroup.add_argument("--enabled", action="store_true", help="Only dump enabled targets from DC")
-    ngroup.add_argument("--user", dest="userntds", type=str, help="Dump selected user from DC")
+    cgroup.add_argument("--mkfile", action="store", help="DPAPI option. File with masterkeys in form of {GUID}:SHA1")
+    cgroup.add_argument("--pvk", action="store", help="DPAPI option. File with domain backupkey")
+    cgroup.add_argument("--enabled", action="store_true", help="Only dump enabled targets from DC")
+    cgroup.add_argument("--user", dest="userntds", type=str, help="Dump selected user from DC")
 
     egroup = smb_parser.add_argument_group("Mapping/Enumeration", "Options for Mapping/Enumerating")
     egroup.add_argument("--shares", action="store_true", help="enumerate shares and access")
@@ -63,16 +61,18 @@ def proto_args(parser, std_parser, module_parser):
     tgroup.add_argument("--get-file", action="append", nargs=2, metavar="FILE", help="Get a remote file, ex: \\\\Windows\\\\Temp\\\\whoami.txt whoami.txt")
     tgroup.add_argument("--append-host", action="store_true", help="append the host to the get-file filename")
 
-    cgroup = smb_parser.add_argument_group("Command Execution", "Options for executing commands")
-    cgroup.add_argument("--exec-method", choices={"wmiexec", "mmcexec", "smbexec", "atexec"}, default=None, help="method to execute the command. Ignored if in MSSQL mode (default: wmiexec)")
-    cgroup.add_argument("--dcom-timeout", help="DCOM connection timeout, default is 5 secondes", type=int, default=5)
-    cgroup.add_argument("--get-output-tries", help="Number of times atexec/smbexec/mmcexec tries to get results, default is 5", type=int, default=5)
-    cgroup.add_argument("--codec", default="utf-8", help="Set encoding used (codec) from the target's output (default: utf-8). If errors are detected, run chcp.com at the target & map the result with https://docs.python.org/3/library/codecs.html#standard-encodings and then execute again with --codec and the corresponding codec")
-    cgroup.add_argument("--force-ps32", action="store_true", help="force the PowerShell command to run in a 32-bit process")
-    cgroup.add_argument("--no-output", action="store_true", help="do not retrieve command output")
-    cegroup = cgroup.add_mutually_exclusive_group()
-    cegroup.add_argument("-x", metavar="COMMAND", dest="execute", help="execute the specified CMD command")
-    cegroup.add_argument("-X", metavar="PS_COMMAND", dest="ps_execute", help="execute the specified PowerShell command")
+    cegroup = smb_parser.add_argument_group("Command Execution", "Options for executing commands")
+    cegroup.add_argument("--exec-method", choices={"wmiexec", "mmcexec", "smbexec", "atexec"}, default=None, help="method to execute the command. Ignored if in MSSQL mode (default: wmiexec)")
+    cegroup.add_argument("--dcom-timeout", help="DCOM connection timeout, default is 5 secondes", type=int, default=5)
+    cegroup.add_argument("--get-output-tries", help="Number of times atexec/smbexec/mmcexec tries to get results, default is 5", type=int, default=5)
+    cegroup.add_argument("--codec", default="utf-8", help="Set encoding used (codec) from the target's output (default: utf-8). If errors are detected, run chcp.com at the target & map the result with https://docs.python.org/3/library/codecs.html#standard-encodings and then execute again with --codec and the corresponding codec")
+    cegroup.add_argument("--force-ps32", action="store_true", help="force the PowerShell command to run in a 32-bit process")
+    cegroup.add_argument("--no-output", action="store_true", help="do not retrieve command output")
+    # command execution method
+    cemgroup = cgroup.add_mutually_exclusive_group()
+    cemgroup.add_argument("-x", metavar="COMMAND", dest="execute", help="execute the specified CMD command")
+    cemgroup.add_argument("-X", metavar="PS_COMMAND", dest="ps_execute", help="execute the specified PowerShell command")
+    
     psgroup = smb_parser.add_argument_group("Powershell Obfuscation", "Options for PowerShell script obfuscation")
     psgroup.add_argument("--obfs", action="store_true", help="Obfuscate PowerShell scripts")
     psgroup.add_argument("--amsi-bypass", nargs=1, metavar="FILE", help="File with a custom AMSI bypass")

nxc/protocols/ssh/proto_args.py

@@ -1,7 +1,7 @@
 from argparse import _StoreAction
 
-def proto_args(parser, std_parser, module_parser):
-    ssh_parser = parser.add_parser("ssh", help="own stuff using SSH", parents=[std_parser, module_parser])
+def proto_args(parser, parents):
+    ssh_parser = parser.add_parser("ssh", help="own stuff using SSH", parents=parents)
     ssh_parser.add_argument("--key-file", type=str, help="Authenticate using the specified private key. Treats the password parameter as the key's passphrase.")
     ssh_parser.add_argument("--port", type=int, default=22, help="SSH port (default: 22)")
     ssh_parser.add_argument("--ssh-timeout", help="SSH connection timeout, default is %(default)s secondes", type=int, default=15)

nxc/protocols/vnc/proto_args.py

@@ -1,5 +1,5 @@
-def proto_args(parser, std_parser, module_parser):
-    vnc_parser = parser.add_parser("vnc", help="own stuff using VNC", parents=[std_parser, module_parser])
+def proto_args(parser, parents):
+    vnc_parser = parser.add_parser("vnc", help="own stuff using VNC", parents=parents)
     vnc_parser.add_argument("--port", type=int, default=5900, help="Custom VNC port")
     vnc_parser.add_argument("--vnc-sleep", type=int, default=5, help="VNC Sleep on socket connection to avoid rate limit")
 

nxc/protocols/winrm/proto_args.py

@@ -1,5 +1,5 @@
-def proto_args(parser, std_parser, module_parser):
-    winrm_parser = parser.add_parser("winrm", help="own stuff using WINRM", parents=[std_parser, module_parser])
+def proto_args(parser, parents):
+    winrm_parser = parser.add_parser("winrm", help="own stuff using WINRM", parents=parents)
     winrm_parser.add_argument("-H", "--hash", metavar="HASH", dest="hash", nargs="+", default=[], help="NTLM hash(es) or file(s) containing NTLM hashes")
     winrm_parser.add_argument("--port", nargs="+", default=["5985", "5986"], help="Custom WinRM port, default is %(default)s, format: 'http-port https-port'(with space separated) or 'single-port'"
                               "(http & https will use same port when given single port)")

nxc/protocols/wmi/proto_args.py

@@ -1,5 +1,5 @@
-def proto_args(parser, std_parser, module_parser):
-    wmi_parser = parser.add_parser("wmi", help="own stuff using WMI", parents=[std_parser, module_parser], conflict_handler="resolve")
+def proto_args(parser, parents):
+    wmi_parser = parser.add_parser("wmi", help="own stuff using WMI", conflict_handler="resolve", parents=parents)
     wmi_parser.add_argument("-H", "--hash", metavar="HASH", dest="hash", nargs="+", default=[], help="NTLM hash(es) or file(s) containing NTLM hashes")
     wmi_parser.add_argument("--port", type=int, choices={135}, default=135, help="WMI port (default: 135)")
     wmi_parser.add_argument("--rpc-timeout", help="RPC/DCOM(WMI) connection timeout, default is %(default)s seconds", type=int, default=2)