Merge branch 'main' into timeroast_module

Author: NeffIsBack

…EQUEST_TEMPLATE/pull_request_template.md .github/PULL_REQUEST_TEMPLATE.md.github/PULL_REQUEST_TEMPLATE/pull_request_template.md renamed to .github/PULL_REQUEST_TEMPLATE.md .github/PULL_REQUEST_TEMPLATE/pull_request_template.md renamed to .github/PULL_REQUEST_TEMPLATE.md

@@ -1,11 +1,3 @@
----
-name: Pull request
-about: Update code to fix a bug or add an enhancement/feature
-title: ''
-labels: ''
-assignees: ''
-
----
 ## Description
 
 Please include a summary of the change and which issue is fixed, or what the enhancement does.

.github/workflows/build-binaries.yml

@@ -10,12 +10,12 @@ jobs:
     strategy:
       matrix:
         os: [ubuntu-latest, macOS-latest, windows-latest]
-        python-version: ["3.11"]
+        python-version: ["3.12"]
         #python-version: ["3.8", "3.9", "3.10", "3.11"] # for binary builds we only need one version
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: NetExec set up python on ${{ matrix.os }}
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       with:
         python-version: ${{ matrix.python-version }}
     - name: Build Native Binary
@@ -25,13 +25,13 @@ jobs:
         pyinstaller netexec.spec
     - name: Upload Windows Binary
       if: runner.os == 'windows'
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: nxc.exe
         path: dist/nxc.exe
     - name: Upload Nix/OSx Binary
       if: runner.os != 'windows'
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: nxc-${{ matrix.os }}
         path: dist/nxc

.github/workflows/build-zipapps.yml

@@ -10,24 +10,24 @@ jobs:
     strategy:
       matrix:
         os: [ubuntu-latest, macOS-latest, windows-latest]
-        python-version: ["3.8", "3.9", "3.10", "3.11"]
+        python-version: ["3.10", "3.11", "3.12"]
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: NetExec set up python on ${{ matrix.os }}
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       with:
         python-version: ${{ matrix.python-version }}
     - name: Build Python ZipApp with Shiv
       run: |
         pip install shiv
         python build_collector.py
     - name: Upload nxc ZipApp
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: nxc-zipapp-${{ matrix.os }}-${{ matrix.python-version }}
         path: bin/nxc
     - name: Upload nxcdb ZipApp
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: nxcdb-zipapp-${{ matrix.os }}-${{ matrix.python-version }}
         path: bin/nxcdb

.github/workflows/lint.yml

@@ -3,6 +3,7 @@ name: Lint Python code with ruff
 
 on:
   push:
+  workflow_dispatch:
 
 jobs:
   lint:
@@ -11,14 +12,14 @@ jobs:
       github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Install poetry
         run: |
           pipx install poetry
       - name: Set up Python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
-          python-version: 3.11
+          python-version: 3.12
           cache: poetry
           cache-dependency-path: poetry.lock
       - name: Install dependencies with dev group

.github/workflows/test.yml

@@ -14,14 +14,14 @@ jobs:
       max-parallel: 5
       matrix:
         os: [ubuntu-latest]
-        python-version: ["3.8", "3.9", "3.10", "3.11", "3.12"]
+        python-version: ["3.10", "3.11", "3.12"]
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Install poetry
         run: |
           pipx install poetry
       - name: NetExec set up python ${{ matrix.python-version }} on ${{ matrix.os }}
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: ${{ matrix.python-version }}
           cache: poetry

README.md

@@ -1,4 +1,4 @@
-![Supported Python versions](https://img.shields.io/badge/python-3.8+-blue.svg)
+![Supported Python versions](https://img.shields.io/badge/python-3.10+-blue.svg)
 [![Twitter](https://img.shields.io/twitter/follow/al3xn3ff?label=al3x_n3ff&style=social)](https://twitter.com/intent/follow?screen_name=al3x_n3ff)
 [![Twitter](https://img.shields.io/twitter/follow/_zblurx?label=_zblurx&style=social)](https://twitter.com/intent/follow?screen_name=_zblurx)
 [![Twitter](https://img.shields.io/twitter/follow/MJHallenbeck?label=MJHallenbeck&style=social)](https://twitter.com/intent/follow?screen_name=MJHallenbeck)
@@ -43,6 +43,11 @@ sudo apt install pipx git
 pipx ensurepath
 pipx install git+https://github.com/Pennyw0rth/NetExec
 ```
+
+## Availability on Unix distributions
+
+[![Packaging status](https://repology.org/badge/vertical-allrepos/netexec.svg)](https://repology.org/project/netexec/versions)
+
 # Development
 Development guidelines and recommendations in development
 

netexec.spec

@@ -25,6 +25,7 @@ a = Analysis(
         'impacket.dcerpc.v5.lsad',
         'impacket.dcerpc.v5.gkdi',
         'impacket.dcerpc.v5.rprn',
+        'impacket.dcerpc.v5.even',
         'impacket.dpapi_ng',
         'impacket.tds',
         'impacket.version',
@@ -48,6 +49,7 @@ a = Analysis(
         'pywerview.cli.helpers',
         'pylnk3',
         'pypykatz',
+        'pyNfsClient',
         'masky',
         'msldap',
         'msldap.connection',
@@ -67,8 +69,10 @@ a = Analysis(
         'dploot.triage.browser',
         'dploot.triage.credentials',
         'dploot.triage.masterkeys',
+        'dploot.triage.mobaxterm',
         'dploot.triage.backupkey',
         'dploot.triage.wifi',
+        'dploot.triage.sccm',
         'dploot.lib.target',
         'dploot.lib.smb',
         'pyasn1_modules.rfc5652',

nxc/cli.py

@@ -9,6 +9,7 @@
 from nxc.paths import NXC_PATH
 from nxc.loaders.protocolloader import ProtocolLoader
 from nxc.helpers.logger import highlight
+from nxc.helpers.args import DisplayDefaultsNotNone
 from nxc.logger import nxc_logger, setup_debug_logging
 import importlib.metadata
 
@@ -21,10 +22,32 @@ def gen_cli_args():
     except ValueError:
         VERSION = importlib.metadata.version("netexec")
         COMMIT = ""
-    CODENAME = "nxc4u"
+    CODENAME = "NeedForSpeed"
     nxc_logger.debug(f"NXC VERSION: {VERSION} - {CODENAME} - {COMMIT}")
-
-    parser = argparse.ArgumentParser(description=rf"""
+    
+    generic_parser = argparse.ArgumentParser(add_help=False, formatter_class=DisplayDefaultsNotNone)
+    generic_group = generic_parser.add_argument_group("Generic", "Generic options for nxc across protocols")
+    generic_group.add_argument("--version", action="store_true", help="Display nxc version")
+    generic_group.add_argument("-t", "--threads", type=int, dest="threads", default=256, help="set how many concurrent threads to use")
+    generic_group.add_argument("--timeout", default=None, type=int, help="max timeout in seconds of each thread")
+    generic_group.add_argument("--jitter", metavar="INTERVAL", type=str, help="sets a random delay between each authentication")
+    
+    output_parser = argparse.ArgumentParser(add_help=False, formatter_class=DisplayDefaultsNotNone)
+    output_group = output_parser.add_argument_group("Output", "Options to set verbosity levels and control output")
+    output_group.add_argument("--verbose", action="store_true", help="enable verbose output")
+    output_group.add_argument("--debug", action="store_true", help="enable debug level information")
+    output_group.add_argument("--no-progress", action="store_true", help="do not displaying progress bar during scan")
+    output_group.add_argument("--log", metavar="LOG", help="export result into a custom file")
+    
+    dns_parser = argparse.ArgumentParser(add_help=False, formatter_class=DisplayDefaultsNotNone)
+    dns_group = dns_parser.add_argument_group("DNS")
+    dns_group.add_argument("-6", dest="force_ipv6", action="store_true", help="Enable force IPv6")
+    dns_group.add_argument("--dns-server", action="store", help="Specify DNS server (default: Use hosts file & System DNS)")
+    dns_group.add_argument("--dns-tcp", action="store_true", help="Use TCP instead of UDP for DNS queries")
+    dns_group.add_argument("--dns-timeout", action="store", type=int, default=3, help="DNS query timeout in seconds")
+    
+    parser = argparse.ArgumentParser(
+        description=rf"""
      .   .
     .|   |.     _   _          _     _____
     ||   ||    | \ | |   ___  | |_  | ____| __  __   ___    ___
@@ -42,62 +65,53 @@ def gen_cli_args():
     {highlight('Version', 'red')} : {highlight(VERSION)}
     {highlight('Codename', 'red')}: {highlight(CODENAME)}
     {highlight('Commit', 'red')}  : {highlight(COMMIT)}
-    """, formatter_class=RawTextHelpFormatter)
-
-    parser.add_argument("-t", type=int, dest="threads", default=256, help="set how many concurrent threads to use (default: 256)")
-    parser.add_argument("--timeout", default=None, type=int, help="max timeout in seconds of each thread (default: None)")
-    parser.add_argument("--jitter", metavar="INTERVAL", type=str, help="sets a random delay between each authentication (default: None)")
-    parser.add_argument("--no-progress", action="store_true", help="Not displaying progress bar during scan")
-    parser.add_argument("--verbose", action="store_true", help="enable verbose output")
-    parser.add_argument("--debug", action="store_true", help="enable debug level information")
-    parser.add_argument("--version", action="store_true", help="Display nxc version")
-
-    dns_parser = parser.add_argument_group("DNS")
-    dns_parser.add_argument("-6", dest="force_ipv6", action="store_true", help="Enable force IPv6")
-    dns_parser.add_argument("--dns-server", action="store", help="Specify DNS server (default: Use hosts file & System DNS)")
-    dns_parser.add_argument("--dns-tcp", action="store_true", help="Use TCP instead of UDP for DNS queries")
-    dns_parser.add_argument("--dns-timeout", action="store", type=int, default=3, help="DNS query timeout in seconds (default: %(default)s)")
+    """,
+        formatter_class=RawTextHelpFormatter,
+        parents=[generic_parser, output_parser, dns_parser]
+    )
 
     # we do module arg parsing here so we can reference the module_list attribute below
-    module_parser = argparse.ArgumentParser(add_help=False)
-    mgroup = module_parser.add_mutually_exclusive_group()
+    module_parser = argparse.ArgumentParser(add_help=False, formatter_class=DisplayDefaultsNotNone)
+    mgroup = module_parser.add_argument_group("Modules", "Options for nxc modules")
     mgroup.add_argument("-M", "--module", choices=get_module_names(), action="append", metavar="MODULE", help="module to use")
-    module_parser.add_argument("-o", metavar="MODULE_OPTION", nargs="+", default=[], dest="module_options", help="module options")
-    module_parser.add_argument("-L", "--list-modules", action="store_true", help="list available modules")
-    module_parser.add_argument("--options", dest="show_module_options", action="store_true", help="display module options")
-    module_parser.add_argument("--server", choices={"http", "https"}, default="https", help="use the selected server (default: https)")
-    module_parser.add_argument("--server-host", type=str, default="0.0.0.0", metavar="HOST", help="IP to bind the server to (default: 0.0.0.0)")
-    module_parser.add_argument("--server-port", metavar="PORT", type=int, help="start the server on the specified port")
-    module_parser.add_argument("--connectback-host", type=str, metavar="CHOST", help="IP for the remote system to connect back to (default: same as server-host)")
-
-    subparsers = parser.add_subparsers(title="protocols", dest="protocol", description="available protocols")
-
-    std_parser = argparse.ArgumentParser(add_help=False)
-    std_parser.add_argument("target", nargs="+" if not (module_parser.parse_known_args()[0].list_modules or module_parser.parse_known_args()[0].show_module_options) else "*", type=str, help="the target IP(s), range(s), CIDR(s), hostname(s), FQDN(s), file(s) containing a list of targets, NMap XML or .Nessus file(s)")
-    std_parser.add_argument("-id", metavar="CRED_ID", nargs="+", default=[], type=str, dest="cred_id", help="database credential ID(s) to use for authentication")
-    std_parser.add_argument("-u", metavar="USERNAME", dest="username", nargs="+", default=[], help="username(s) or file(s) containing usernames")
-    std_parser.add_argument("-p", metavar="PASSWORD", dest="password", nargs="+", default=[], help="password(s) or file(s) containing passwords")
-    std_parser.add_argument("--ignore-pw-decoding", action="store_true", help="Ignore non UTF-8 characters when decoding the password file")
-    std_parser.add_argument("-k", "--kerberos", action="store_true", help="Use Kerberos authentication")
-    std_parser.add_argument("--no-bruteforce", action="store_true", help="No spray when using file for username and password (user1 => password1, user2 => password2")
-    std_parser.add_argument("--continue-on-success", action="store_true", help="continues authentication attempts even after successes")
-    std_parser.add_argument("--use-kcache", action="store_true", help="Use Kerberos authentication from ccache file (KRB5CCNAME)")
-    std_parser.add_argument("--log", metavar="LOG", help="Export result into a custom file")
-    std_parser.add_argument("--aesKey", metavar="AESKEY", nargs="+", help="AES key to use for Kerberos Authentication (128 or 256 bits)")
-    std_parser.add_argument("--kdcHost", metavar="KDCHOST", help="IP Address of the domain controller. If omitted it will use the domain part (FQDN) specified in the target parameter")
-
-    fail_group = std_parser.add_mutually_exclusive_group()
-    fail_group.add_argument("--gfail-limit", metavar="LIMIT", type=int, help="max number of global failed login attempts")
-    fail_group.add_argument("--ufail-limit", metavar="LIMIT", type=int, help="max number of failed login attempts per username")
-    fail_group.add_argument("--fail-limit", metavar="LIMIT", type=int, help="max number of failed login attempts per host")
+    mgroup.add_argument("-o", metavar="MODULE_OPTION", nargs="+", default=[], dest="module_options", help="module options")
+    mgroup.add_argument("-L", "--list-modules", action="store_true", help="list available modules")
+    mgroup.add_argument("--options", dest="show_module_options", action="store_true", help="display module options")
+
+    subparsers = parser.add_subparsers(title="Available Protocols", dest="protocol")
+
+    std_parser = argparse.ArgumentParser(add_help=False, parents=[generic_parser, output_parser, dns_parser], formatter_class=DisplayDefaultsNotNone)
+    std_parser.add_argument("target", nargs="+" if not (module_parser.parse_known_args()[0].list_modules or module_parser.parse_known_args()[0].show_module_options or generic_parser.parse_known_args()[0].version) else "*", type=str, help="the target IP(s), range(s), CIDR(s), hostname(s), FQDN(s), file(s) containing a list of targets, NMap XML or .Nessus file(s)")
+    credential_group = std_parser.add_argument_group("Authentication", "Options for authenticating")
+    credential_group.add_argument("-u", "--username", metavar="USERNAME", dest="username", nargs="+", default=[], help="username(s) or file(s) containing usernames")
+    credential_group.add_argument("-p", "--password", metavar="PASSWORD", dest="password", nargs="+", default=[], help="password(s) or file(s) containing passwords")
+    credential_group.add_argument("-id", metavar="CRED_ID", nargs="+", default=[], type=str, dest="cred_id", help="database credential ID(s) to use for authentication")
+    credential_group.add_argument("--ignore-pw-decoding", action="store_true", help="Ignore non UTF-8 characters when decoding the password file")
+    credential_group.add_argument("--no-bruteforce", action="store_true", help="No spray when using file for username and password (user1 => password1, user2 => password2)")
+    credential_group.add_argument("--continue-on-success", action="store_true", help="continues authentication attempts even after successes")
+    credential_group.add_argument("--gfail-limit", metavar="LIMIT", type=int, help="max number of global failed login attempts")
+    credential_group.add_argument("--ufail-limit", metavar="LIMIT", type=int, help="max number of failed login attempts per username")
+    credential_group.add_argument("--fail-limit", metavar="LIMIT", type=int, help="max number of failed login attempts per host")
+
+    kerberos_group = std_parser.add_argument_group("Kerberos", "Options for Kerberos authentication")
+    kerberos_group.add_argument("-k", "--kerberos", action="store_true", help="Use Kerberos authentication")
+    kerberos_group.add_argument("--use-kcache", action="store_true", help="Use Kerberos authentication from ccache file (KRB5CCNAME)")
+    kerberos_group.add_argument("--aesKey", metavar="AESKEY", nargs="+", help="AES key to use for Kerberos Authentication (128 or 256 bits)")
+    kerberos_group.add_argument("--kdcHost", metavar="KDCHOST", help="FQDN of the domain controller. If omitted it will use the domain part (FQDN) specified in the target parameter")
+    
+    server_group = std_parser.add_argument_group("Servers", "Options for nxc servers")
+    server_group.add_argument("--server", choices={"http", "https"}, default="https", help="use the selected server")
+    server_group.add_argument("--server-host", type=str, default="0.0.0.0", metavar="HOST", help="IP to bind the server to")
+    server_group.add_argument("--server-port", metavar="PORT", type=int, help="start the server on the specified port")
+    server_group.add_argument("--connectback-host", type=str, metavar="CHOST", help="IP for the remote system to connect back to")    
 
     p_loader = ProtocolLoader()
     protocols = p_loader.get_protocols()
 
     try:
         for protocol in protocols:
             protocol_object = p_loader.load_protocol(protocols[protocol]["argspath"])
-            subparsers = protocol_object.proto_args(subparsers, std_parser, module_parser)
+            subparsers = protocol_object.proto_args(subparsers, [std_parser, module_parser])
     except Exception as e:
         nxc_logger.exception(f"Error loading proto_args from proto_args.py file in protocol folder: {protocol} - {e}")
 
@@ -112,6 +126,10 @@ def gen_cli_args():
         print(f"{VERSION} - {CODENAME} - {COMMIT}")
         sys.exit(1)
 
+    # Multiply output_tries by 10 to enable more fine granural control, see exec methods
+    if hasattr(args, "get_output_tries"):
+        args.get_output_tries = args.get_output_tries * 10
+
     return args