Tenable Nessus - Stay a step ahead of cyber attackers

NetExec Modules

NetExec Modules: A Comprehensive Guide

NetExec offers a wide array of modules that extend its functionality and allow for protocol-specific operations. This guide provides an overview of available modules organized by protocol, helping you leverage NetExec's full potential for network security assessments and penetration testing.

Featured Modules

ms17-010 (SMB)

Scans for systems vulnerable to the EternalBlue exploit (MS17-010).

Learn More
mimikatz (SMB)

Executes Mimikatz commands to extract credentials from memory.

Learn More
mssql_priv (MSSQL)

Checks for MSSQL server privileges and attempts privilege escalation.

Learn More

Search Modules

All Modules
ms17-010 (SMB)
Intermediate

Scans for systems vulnerable to the EternalBlue exploit (MS17-010).

netexec smb 192.168.1.100 -u user -p pass -M ms17-010

Related Modules:

mimikatz
lsassy
mimikatz (SMB)
Advanced

Executes Mimikatz commands to extract credentials from memory.

netexec smb 192.168.1.100 -u user -p pass -M mimikatz

Related Modules:

lsassy
ms17-010
lsassy (SMB)
Advanced

Extracts credentials from lsass dumps using lsassy.

netexec smb 192.168.1.100 -u user -p pass -M lsassy

Related Modules:

mimikatz
ms17-010
smbspider (SMB)
Beginner

Searches for files matching specific patterns on accessible SMB shares.

netexec smb 192.168.1.100 -u user -p pass -M smbspider

Related Modules:

ms17-010
uac (WINRM)
Intermediate

Checks for and attempts to bypass User Account Control (UAC).

netexec winrm 192.168.1.100 -u user -p pass -M uac

Related Modules:

powerless
powerless (WINRM)
Advanced

Attempts privilege escalation using various PowerShell techniques.

netexec winrm 192.168.1.100 -u user -p pass -M powerless

Related Modules:

uac
mssql_priv (MSSQL)
Intermediate

Checks for MSSQL server privileges and attempts privilege escalation.

netexec mssql 192.168.1.100 -u user -p pass -M mssql_priv

Related Modules:

mssql_xpcmdshell
mssql_xpcmdshell (MSSQL)
Advanced

Attempts to enable and use xp_cmdshell for command execution.

netexec mssql 192.168.1.100 -u user -p pass -M mssql_xpcmdshell

Related Modules:

mssql_priv
MAQ (LDAP)
Advanced

Performs Machine Account Quota (MAQ) abuse for privilege escalation.

netexec ldap 192.168.1.100 -u user -p pass -M MAQ

Related Modules:

ldap-checker
ldap-checker (LDAP)
Intermediate

Checks for common LDAP misconfigurations and vulnerabilities.

netexec ldap 192.168.1.100 -u user -p pass -M ldap-checker

Related Modules:

MAQ
ssh_enumusers (SSH)
Beginner

Enumerates SSH users on the target system.

netexec ssh 192.168.1.100 -u user -p pass -M ssh_enumusers
ftp_check (FTP)
Beginner

Performs various checks on FTP servers for misconfigurations.

netexec ftp 192.168.1.100 -u user -p pass -M ftp_check
rdp_screenshot (RDP)
Intermediate

Captures screenshots of RDP login screens.

netexec rdp 192.168.1.100 -u user -p pass -M rdp_screenshot

Custom Module Development

NetExec allows you to create custom modules to extend its functionality. Here's a basic structure for a custom module:

from netexec.modules import Module

class CustomModule(Module):
    name = 'custom_module'
    description = 'Description of your custom module'
    supported_protocols = ['smb', 'mssql', 'winrm']
    opsec_safe = True
    multiple_hosts = True

    def options(self, context, module_options):
        '''
        Define any options for your module
        '''
        pass

    def on_login(self, context, connection):
        '''
        Perform actions when a successful login occurs
        '''
        context.log.success('Successful login')

    def on_admin_login(self, context, connection):
        '''
        Perform actions when a successful admin login occurs
        '''
        context.log.success('Successful admin login')

    def on_request(self, context, request):
        '''
        Perform actions for each request
        '''
        pass

    def on_response(self, context, response):
        '''
        Perform actions for each response
        '''
        pass

    def on_finish(self, context):
        '''
        Perform final actions when the module finishes
        '''
        context.log.success('Module finished')

To use your custom module, place it in the ~/.netexec/modules/ directory and run NetExec with the -M flag followed by your module name.

Using Modules Effectively

To maximize the effectiveness of NetExec modules:

  • Always use the latest version of NetExec to access the most up-to-date modules
  • Combine multiple modules for comprehensive assessments
  • Use the -M flag followed by the module name to execute a module
  • Some modules accept additional options; use netexec [protocol] -M [module] --options to view them
  • Be cautious when using modules that make changes to target systems
  • Test modules in a controlled environment before using them in real-world assessments
  • Keep detailed logs of module usage for reporting and analysis

Ready to explore NetExec modules in action?

View Usage ExamplesExplore Advanced Techniques
Enhance Your Cybersecurity Skills