nxc-nfs

Detect the version of a remote NFS server

$ nxc nfs [192.168.178.0/24]

$ nxc nfs [192.168.178.2] --shares

$ nxc nfs [192.168.178.2] --enum-shares [5]

$ nxc nfs [192.168.178.2] --get-file [path/to/remote_file] [path/to/local_file]

$ nxc nfs [192.168.178.2] --put-file [path/to/local_file] [path/to/remote_file]

nxc nfs target(s) [ NFS_OPTIONS ] [ GLOBAL_OPTIONS ]

target(s)
    One or more targets specified as an IP address, CIDR range (e.g., 192.168.1.0/24), hostname, or a path to a file containing a list of targets.

--shares
    Lists all exported NFS shares on the target(s) and displays their respective options. This is the primary enumeration option.

--port
    Specifies the NFS port to connect to. Defaults to 2049.

--rpc-port
    Specifies the RPC port (portmapper) to connect to. Defaults to 111.

--show-versions
    Displays the supported NFS versions on the target system.

--show-info
    Shows additional NFS server information, often including mount points and other details.

-v, --verbose
    Increases verbosity of output, showing more details about the operations.

--threads
    Specifies the number of concurrent threads to use for scanning multiple targets. Defaults to 10.

--timeout
    Sets the connection timeout in seconds for target hosts. Defaults to 20.

nxc-nfs is a module within the NetExec (formerly CrackMapExec) framework, a powerful post-exploitation tool primarily used by penetration testers for auditing large networks. While NetExec is best known for its Windows/SMB/Active Directory capabilities, the nfs module specifically targets Network File System (NFS) services.

This module allows users to enumerate NFS exports on target systems, identify accessible shares, and gather information that could potentially lead to unauthorized access or data exposure. It's commonly used to discover weakly configured NFS shares, such as those with anonymous access (no_root_squash, insecure shares) or wide-open permissions, which are common vulnerabilities in network environments. It helps security professionals quickly assess the security posture of NFS implementations.

The `nxc-nfs` command is not a standalone Linux utility but a module within the `netexec` framework. It requires NetExec to be installed. It is primarily a penetration testing and security auditing tool; improper use may lead to unauthorized access or disruption of services. Always ensure you have explicit authorization before scanning any network or system.

To use `nxc nfs`, NetExec must first be installed. It can typically be installed via `pipx install nxc` or through package managers like `apt` (for Kali Linux) if available. After installation, the common usage pattern is `nxc nfs --shares` to quickly enumerate available NFS shares.

NFS shares, if misconfigured (e.g., world-readable, no_root_squash, or exported to untrusted networks), can pose significant security risks. `nxc nfs` is instrumental in identifying these misconfigurations, allowing administrators to secure their environments before they are exploited by malicious actors.

The `nxc` (NetExec) tool evolved from `CrackMapExec` (CME), a widely used penetration testing framework. The NFS module was integrated to provide comprehensive network service auditing capabilities beyond its initial focus on SMB/AD. Its development is community-driven, continually adding new modules and features to address various network protocols and vulnerabilities, including NFS.

netexec(1), showmount(8), mount(8), nfsstat(8)