blacklanternsecurity
diff --git a/‎nxc/cli.py‎
Lines changed: 2 additions & 2 deletions b/‎nxc/cli.py‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎nxc/helpers/misc.py‎
Lines changed: 21 additions & 1 deletion b/‎nxc/helpers/misc.py‎
Lines changed: 21 additions & 1 deletion
diff --git a/‎nxc/loaders/moduleloader.py‎
Lines changed: 4 additions & 0 deletions b/‎nxc/loaders/moduleloader.py‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎nxc/modules/adcs.py‎
Lines changed: 2 additions & 0 deletions b/‎nxc/modules/adcs.py‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎nxc/modules/add-computer.py‎
Lines changed: 2 additions & 0 deletions b/‎nxc/modules/add-computer.py‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎nxc/modules/aws-credentials.py‎
Lines changed: 4 additions & 0 deletions b/‎nxc/modules/aws-credentials.py‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎nxc/modules/backup_operator.py‎
Lines changed: 2 additions & 0 deletions b/‎nxc/modules/backup_operator.py‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎nxc/modules/badsuccessor.py‎
Lines changed: 16 additions & 21 deletions b/‎nxc/modules/badsuccessor.py‎
Lines changed: 16 additions & 21 deletions
diff --git a/‎nxc/modules/bitlocker.py‎
Lines changed: 2 additions & 0 deletions b/‎nxc/modules/bitlocker.py‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎nxc/modules/change-password.py‎
Lines changed: 2 additions & 0 deletions b/‎nxc/modules/change-password.py‎
Lines changed: 2 additions & 0 deletions
@@ -76,13 +76,13 @@ def gen_cli_args():
     mgroup = module_parser.add_argument_group("Modules", "Options for nxc modules")
     mgroup.add_argument("-M", "--module", choices=get_module_names(), action="append", metavar="MODULE", help="module to use")
     mgroup.add_argument("-o", metavar="MODULE_OPTION", nargs="+", default=[], dest="module_options", help="module options")
-    mgroup.add_argument("-L", "--list-modules", action="store_true", help="list available modules")
+    mgroup.add_argument("-L", "--list-modules", nargs="?", type=str, const="", help="list available modules")
     mgroup.add_argument("--options", dest="show_module_options", action="store_true", help="display module options")
 
     subparsers = parser.add_subparsers(title="Available Protocols", dest="protocol")
 
     std_parser = argparse.ArgumentParser(add_help=False, parents=[generic_parser, output_parser, dns_parser], formatter_class=DisplayDefaultsNotNone)
-    std_parser.add_argument("target", nargs="+" if not (module_parser.parse_known_args()[0].list_modules or module_parser.parse_known_args()[0].show_module_options or generic_parser.parse_known_args()[0].version) else "*", type=str, help="the target IP(s), range(s), CIDR(s), hostname(s), FQDN(s), file(s) containing a list of targets, NMap XML or .Nessus file(s)")
+    std_parser.add_argument("target", nargs="+" if not (module_parser.parse_known_args()[0].list_modules is not None or module_parser.parse_known_args()[0].show_module_options or generic_parser.parse_known_args()[0].version) else "*", type=str, help="the target IP(s), range(s), CIDR(s), hostname(s), FQDN(s), file(s) containing a list of targets, NMap XML or .Nessus file(s)")
     credential_group = std_parser.add_argument_group("Authentication", "Options for authenticating")
     credential_group.add_argument("-u", "--username", metavar="USERNAME", dest="username", nargs="+", default=[], help="username(s) or file(s) containing usernames")
     credential_group.add_argument("-p", "--password", metavar="PASSWORD", dest="password", nargs="+", default=[], help="password(s) or file(s) containing passwords")
 
@@ -1,10 +1,12 @@
+from enum import Enum
 import random
 import string
 import re
 import inspect
 import os
-
+from termcolor import colored
 from ipaddress import ip_address
+from nxc.logger import nxc_logger
 from time import strftime, gmtime
 
 
@@ -222,3 +224,21 @@ def convert(low, high, lockout=False):
     elif minutes == 1:
         time += f"{minutes} minute "
     return time
+
+
+def display_modules(args, modules):
+    for category, color in {CATEGORY.ENUMERATION: "green", CATEGORY.CREDENTIAL_DUMPING: "cyan", CATEGORY.PRIVILEGE_ESCALATION: "magenta"}.items():
+        # Add category filter for module listing
+        if args.list_modules and args.list_modules.lower() != category.name.lower():
+            continue
+        if len([module for module in modules.values() if module["category"] == category]) > 0:
+            nxc_logger.highlight(colored(f"{category.name}", color, attrs=["bold"]))
+        for name, props in sorted(modules.items()):
+            if props["category"] == category:
+                nxc_logger.display(f"{name:<25} {props['description']}")
+
+
+class CATEGORY(Enum):
+    ENUMERATION = "Enumeration"
+    CREDENTIAL_DUMPING = "Credential Dumping"
+    PRIVILEGE_ESCALATION = "Privilege Escalation"
@@ -30,6 +30,9 @@ def module_is_sane(self, module, module_path):
         elif not hasattr(module, "description"):
             self.logger.fail(f"{module_path} missing the description variable")
             module_error = True
+        elif not hasattr(module, "category"):
+            self.logger.fail(f"{module_path} missing the category variable")
+            module_error = True
         elif not hasattr(module, "supported_protocols"):
             self.logger.fail(f"{module_path} missing the supported_protocols variable")
             module_error = True
@@ -92,6 +95,7 @@ def get_module_info(self, module_path):
                     "description": module_spec.description,
                     "options": module_spec.options.__doc__,
                     "supported_protocols": module_spec.supported_protocols,
+                    "category": module_spec.category,
                     "requires_admin": bool(hasattr(module_spec, "on_admin_login") and callable(module_spec.on_admin_login)),
                 }
             }
 
@@ -1,6 +1,7 @@
 import re
 from impacket.ldap import ldap, ldapasn1
 from impacket.ldap.ldap import LDAPSearchError
+from nxc.helpers.misc import CATEGORY
 
 
 class NXCModule:
@@ -13,6 +14,7 @@ class NXCModule:
     name = "adcs"
     description = "Find PKI Enrollment Services in Active Directory and Certificate Templates Names"
     supported_protocols = ["ldap"]
+    category = CATEGORY.ENUMERATION
 
     def __init__(self, context=None, module_options=None):
         self.context = context
 
@@ -3,6 +3,7 @@
 import sys
 from impacket.dcerpc.v5 import samr, epm, transport
 from impacket.dcerpc.v5.rpcrt import RPC_C_AUTHN_GSS_NEGOTIATE
+from nxc.helpers.misc import CATEGORY
 
 
 class NXCModule:
@@ -16,6 +17,7 @@ class NXCModule:
     name = "add-computer"
     description = "Adds or deletes a domain computer"
     supported_protocols = ["smb"]
+    category = CATEGORY.PRIVILEGE_ESCALATION
 
     def options(self, context, module_options):
         """
 
@@ -1,3 +1,6 @@
+from nxc.helpers.misc import CATEGORY
+
+
 class NXCModule:
     """
     Search for aws credentials files on linux and windows machines
@@ -8,6 +11,7 @@ class NXCModule:
     name = "aws-credentials"
     description = "Search for aws credentials files."
     supported_protocols = ["ssh", "smb", "winrm"]
+    category = CATEGORY.CREDENTIAL_DUMPING
 
     def __init__(self):
         self.search_path_linux = "'/home/' '/tmp/'"
 
@@ -6,13 +6,15 @@
 from impacket.smbconnection import SessionError
 from impacket.dcerpc.v5 import transport, rrp
 from impacket.dcerpc.v5.rpcrt import RPC_C_AUTHN_GSS_NEGOTIATE
+from nxc.helpers.misc import CATEGORY
 from nxc.paths import NXC_PATH
 
 
 class NXCModule:
     name = "backup_operator"
     description = "Exploit user in backup operator group to dump NTDS @mpgn_x64"
     supported_protocols = ["smb"]
+    category = CATEGORY.PRIVILEGE_ESCALATION
 
     def __init__(self, context=None, module_options=None):
         self.context = context
 
@@ -1,4 +1,5 @@
 from impacket.ldap import ldaptypes
+from nxc.helpers.misc import CATEGORY
 from nxc.parsers.ldap_results import parse_result_attributes
 from ldap3.protocol.microsoft import security_descriptor_control
 
@@ -79,6 +80,7 @@ class NXCModule:
     name = "badsuccessor"
     description = "Check if vulnerable to bad successor attack (DMSA)"
     supported_protocols = ["ldap"]
+    category = CATEGORY.ENUMERATION
 
     def __init__(self):
         self.context = None
@@ -92,19 +94,18 @@ def is_excluded_sid(self, sid, domain_sid):
             return True
         return any(sid.startswith(domain_sid) and sid.endswith(suffix) for suffix in EXCLUDED_SIDS_SUFFIXES)
 
-    def get_domain_sid(self, ldap_session, base_dn):
+    def get_domain_sid(self):
         """Retrieve the domain SID from the domain object in LDAP"""
-        r = ldap_session.search(
-            searchBase=base_dn,
+        r = self.connection.search(
             searchFilter="(objectClass=domain)",
             attributes=["objectSid"]
         )
         parsed = parse_result_attributes(r)
         if parsed and "objectSid" in parsed[0]:
             return parsed[0]["objectSid"]
 
-    def find_bad_successor_ous(self, ldap_session, entries, base_dn):
-        domain_sid = self.get_domain_sid(ldap_session, base_dn)
+    def find_bad_successor_ous(self, entries):
+        domain_sid = self.get_domain_sid()
         results = {}
         parsed = parse_result_attributes(entries)
         for entry in parsed:
@@ -144,24 +145,21 @@ def find_bad_successor_ous(self, ldap_session, entries, base_dn):
                     results.setdefault(owner_sid, []).append(dn)
         return results
 
-    def resolve_sid_to_name(self, ldap_session, sid, base_dn):
+    def resolve_sid_to_name(self, sid):
         """
         Resolves a SID to a samAccountName using LDAP
 
         Args:
         ----
-            ldap_session: The LDAP connection
             sid: The SID to resolve
-            base_dn: The base DN for the LDAP search
 
         Returns:
         -------
             str: The samAccountName if found, otherwise the original SID
         """
         try:
             search_filter = f"(objectSid={sid})"
-            response = ldap_session.search(
-                searchBase=base_dn,
+            response = self.connection.search(
                 searchFilter=search_filter,
                 attributes=["sAMAccountName"]
             )
@@ -174,9 +172,10 @@ def resolve_sid_to_name(self, ldap_session, sid, base_dn):
             return sid
 
     def on_login(self, context, connection):
+        self.connection = connection
+
         # Check for a domain controller with Windows Server 2025
-        resp = connection.ldap_connection.search(
-            searchBase=connection.ldap_connection._baseDN,
+        resp = self.connection.search(
             searchFilter="(&(objectCategory=computer)(primaryGroupId=516))",
             attributes=["operatingSystem", "dNSHostName"]
         )
@@ -192,27 +191,23 @@ def on_login(self, context, connection):
 
         # Enumerate dMSA objects
         controls = security_descriptor_control(sdflags=0x07)  # OWNER_SECURITY_INFORMATION
-        resp = connection.ldap_connection.search(
-            searchBase=connection.ldap_connection._baseDN,
+        resp = self.connection.search(
             searchFilter="(objectClass=organizationalUnit)",
             attributes=["distinguishedName", "nTSecurityDescriptor"],
-            searchControls=controls)  # Fixed parameter name
+            searchControls=controls
+        )
 
         context.log.debug(f"Found {len(resp)} entries")
 
-        results = self.find_bad_successor_ous(connection.ldap_connection, resp, connection.ldap_connection._baseDN)
+        results = self.find_bad_successor_ous(resp)
 
         if results:
             context.log.success(f"Found {len(results)} results")
         else:
             context.log.highlight("No account found")
 
         for sid, ous in results.items():
-            samaccountname = self.resolve_sid_to_name(
-                connection.ldap_connection,
-                sid,
-                connection.ldap_connection._baseDN
-            )
+            samaccountname = self.resolve_sid_to_name(sid)
 
             for ou in ous:
                 if sid == samaccountname:
 
@@ -3,12 +3,14 @@
 from impacket.dcerpc.v5.dtypes import NULL
 from impacket.dcerpc.v5.dcomrt import DCOMConnection
 from impacket.dcerpc.v5.rpcrt import RPC_C_AUTHN_LEVEL_PKT_PRIVACY
+from nxc.helpers.misc import CATEGORY
 
 
 class NXCModule:
     name = "bitlocker"
     description = "Enumerating BitLocker Status on target(s) If it is enabled or disabled."
     supported_protocols = ["smb", "wmi"]
+    category = CATEGORY.ENUMERATION
 
     def __init__(self, context=None, module_options=None):
         self.context = context
 
@@ -1,6 +1,7 @@
 import sys
 from impacket.dcerpc.v5 import samr, epm, transport
 from impacket.dcerpc.v5.rpcrt import DCERPCException
+from nxc.helpers.misc import CATEGORY
 
 
 class NXCModule:
@@ -12,6 +13,7 @@ class NXCModule:
     name = "change-password"
     description = "Change or reset user passwords via various protocols"
     supported_protocols = ["smb"]
+    category = CATEGORY.PRIVILEGE_ESCALATION
 
     def options(self, context, module_options):
         """