netexec
network security tool for Windows/Active Directory environments
TLDR
Enumerate SMB shares
SYNOPSIS
netexec protocol target [-u user] [-p pass] [-H hash] [options]
DESCRIPTION
netexec (formerly CrackMapExec) is a network security tool for Windows/Active Directory environments. It tests credentials, enumerates resources, and executes commands across networks.
Multiple protocols are supported: SMB, WinRM, LDAP, SSH, MSSQL, and more. Each protocol has specific enumeration and exploitation modules.
Credential testing validates usernames and passwords across targets. Pass-the-hash uses NTLM hashes directly. Password spraying tests one password against many accounts.
Share enumeration reveals accessible network shares. User and group enumeration maps Active Directory structure. These provide reconnaissance for security assessments.
Command execution requires appropriate privileges. Results are collected across all targets for analysis.
The tool is designed for authorized penetration testing and security assessments.
PARAMETERS
smb
SMB protocol.winrm
WinRM protocol.ldap
LDAP protocol.ssh
SSH protocol.mssql
MSSQL protocol.-u USER
Username or file.-p PASS
Password or file.-H HASH
NTLM hash.-d DOMAIN
Domain name.-x CMD
Execute command.-X PSCMD_
Execute PowerShell.--shares
Enumerate shares.--users
Enumerate users.--groups
Enumerate groups.--local-auth
Use local authentication.--sam
Dump SAM database.--lsa
Dump LSA secrets.
CAVEATS
Only use with authorization. May trigger security alerts. Some features require administrative access. Heavy scanning can cause lockouts.
HISTORY
NetExec is the successor to CrackMapExec (CME), created by byt3bl33d3r around 2015. After CrackMapExec's development slowed, NetExec forked the project in 2023 to continue maintenance and development.
SEE ALSO
smbclient(1), rpcclient(1), ldapsearch(1), nmap(1)