nxc-ftp

Search for valid credentials by trying out every combination in the specified lists of usernames and passwords

$ nxc ftp [192.168.178.2] [[-u|--username]] [path/to/usernames.txt] [[-p|--password]] [path/to/passwords.txt]

$ nxc ftp [192.168.178.2] [[-u|--username]] [path/to/usernames.txt] [[-p|--password]] [path/to/passwords.txt] --continue-on-success

$ nxc ftp [192.168.178.0/24] [[-u|--username]] [username] [[-p|--password]] [password] --ls

$ nxc ftp [192.168.178.2] [[-u|--username]] [username] [[-p|--password]] [password] --get [path/to/file]

$ nxc ftp [192.168.178.2] [[-u|--username]] [username] [[-p|--password]] [password] --put [path/to/local_file] [path/to/remote_location]

nxc ftp target(s) [protocol_options] [authentication_options] [general_options]

Examples:
nxc ftp 192.168.1.100
nxc ftp 192.168.1.0/24 --module ftp_anon_enum
nxc ftp targets.txt --users user.txt --passwords pass.txt

target(s)
    IP address(es), CIDR range(s), hostnames, or a file containing targets specified with --targets-file. This is the primary input for which systems to audit.

--targets-file FILE
    Specify a file containing a list of targets (one per line) to be scanned.

--port PORT
    Specify a custom FTP port to connect to, overriding the default port 21.

--anonymous
    Explicitly attempt an anonymous FTP login. This is often the default behavior if no other authentication is provided.

--users USERS
    Provide a username or a path to a file containing a list of usernames to attempt for authentication.

--passwords PASSWORDS
    Provide a password or a path to a file containing a list of passwords to attempt for authentication. Often used in conjunction with --users for bruteforcing.

--no-bruteforce
    Disable brute-forcing attempts. Useful when only testing anonymous access or provided credentials.

--module MODULE_NAME
    Execute a specific NetExec module against the target(s) via the FTP protocol. Use --list-modules to see available options for FTP.

--list-modules
    List all available NetExec modules that can be run against FTP services.

--verbose
    Increase verbosity of output, showing more details about the ongoing scan and findings.

--output FILE
    Save the command's output to a specified file.

--lootdir DIRECTORY
    Specify a directory to store collected loot (e.g., credentials, files) from successful operations.

The nxc-ftp command is a module within the powerful NetExec (formerly CrackMapExec) security auditing tool. It is designed to interact with File Transfer Protocol (FTP) services on target systems, primarily for enumeration and vulnerability assessment during penetration testing engagements. Unlike a standard FTP client, nxc-ftp focuses on identifying common misconfigurations, such as anonymous login availability, and can be used to execute specialized NetExec modules against accessible FTP services. It simplifies the process of scanning multiple targets and can be integrated into broader security assessments to discover exploitable FTP endpoints.

nxc-ftp is a powerful penetration testing tool. It should only be used on systems for which you have explicit permission to test. Unauthorized use against any system is illegal and unethical. The success of its operations depends heavily on the target's network configuration and the specific FTP server implementation. Firewall rules, IDS/IPS systems, and strong security configurations can limit its effectiveness.

One of nxc-ftp's key strengths is its ability to execute specialized NetExec modules. While the base command can test for anonymous access, modules provide more in-depth functionality, such as enumerating directories, identifying specific server versions, or attempting to exploit known vulnerabilities through the FTP protocol. This modularity makes nxc-ftp highly extensible for various testing scenarios.

As part of the NetExec suite, nxc-ftp seamlessly integrates with other protocol modules (e.g., SMB, WinRM, SSH). This allows security professionals to use a consistent command-line interface and shared credential/target management across different network services, streamlining multi-protocol auditing and penetration testing workflows.

The nxc-ftp command is an integral part of NetExec, a successor to the highly popular CrackMapExec (CME) tool. CrackMapExec itself evolved from prior security tools, aiming to consolidate and improve on post-exploitation and enumeration techniques for various network protocols. NetExec's development continues this trajectory, providing a unified framework for pentesters. The FTP module specifically was developed to address the need for efficient and automated enumeration and exploitation of FTP services within this comprehensive toolkit, allowing users to leverage common NetExec features like module execution and credential management against FTP targets.

ftp(1), sftp(1), nxc(1), smbmap(1), enum4linux(1)