# pennyw0rth/netexec

**Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/pennyw0rth-netexec).**

5,274 stars · 658 forks · Python · bsd-2-clause

## Links

- GitHub: https://github.com/Pennyw0rth/NetExec
- Homepage: https://netexec.wiki/
- awesome-repositories: https://awesome-repositories.com/repository/pennyw0rth-netexec.md

## Topics

`active-directory` `hacking` `infosec` `infosectools` `networks` `pentest` `pentest-tool` `pentest-tools` `pentesting` `python` `python3` `red-team` `security` `security-tools` `windows`

## Description

NetExec is a framework for concurrent credential spraying and remote command execution across network protocols. It provides input sanitization and command parsing to reduce injection risks, a plugin-based protocol abstraction that dispatches credentials and commands uniformly regardless of transport, and session and token lifecycle management for long-running multi-command operations. Results from concurrent executions are collected and normalized through a result aggregation pipeline.

The framework includes a concurrent job scheduler that manages worker threads for parallel execution across many hosts, and a credential spraying engine with configurable delay and lockout detection to avoid service disruption. It also automates lateral movement between hosts using discovered credentials, forming a post-exploitation toolkit for moving across networks once access is obtained.

NetExec enables remote command execution on hosts over supported network protocols without interactive logins, and provides credential validation and password spraying against network services such as SMB, SSH, and WinRM to discover valid accounts.

## Tags

### Part of an Awesome List

- [Password Spraying Tools](https://awesome-repositories.com/f/awesome-lists/security/password-spraying-tools.md) — Systematically tests one password against many usernames across network services without triggering lockouts.
- [Post-Exploitation and Lateral Movement](https://awesome-repositories.com/f/awesome-lists/security/post-exploitation-and-lateral-movement.md) — Automates moving between hosts by using discovered credentials and executing remote commands.
- [Input Validation and Sanitization](https://awesome-repositories.com/f/awesome-lists/security/input-validation-and-sanitization.md) — Strips shell metacharacters and validates command syntax to reduce injection risks before sending to remote handlers.

### DevOps & Infrastructure

- [Concurrent Job Schedulers](https://awesome-repositories.com/f/devops-infrastructure/job-scheduling/concurrent-job-schedulers.md) — Manages a pool of worker threads for parallel execution of protocol-specific command and authentication jobs across many hosts.
- [Remote Command Execution](https://awesome-repositories.com/f/devops-infrastructure/remote-command-execution.md) — Runs commands on remote hosts over network protocols without requiring interactive login. ([source](https://netexec.wiki/))

### Security & Cryptography

- [Multi-Protocol Credential Testers](https://awesome-repositories.com/f/security-cryptography/account-management/network-service-account-managers/multi-protocol-credential-testers.md) — Tests username and password combinations against SMB, SSH, and WinRM to discover valid login accounts.
- [Credential Automators](https://awesome-repositories.com/f/security-cryptography/credential-automators.md) — Automates sequential credential attempts across multiple targets with configurable delay and lockout detection.
- [Multi-Protocol](https://awesome-repositories.com/f/security-cryptography/identity-access-management/authentication-strategies/authorization-and-user-administration/access-control-authorization/authorization-services/service-account-authorization/credential-validators/multi-protocol.md) — Tests username and password combinations against multiple network services to discover valid accounts.
- [Multi-Protocol](https://awesome-repositories.com/f/security-cryptography/identity-based-access-control/credential-based-access-controls/credential-testing-utilities/multi-protocol.md) — Tests usernames and passwords against network services to discover valid login accounts. ([source](https://netexec.wiki/))
- [Post-Exploitation Toolkits](https://awesome-repositories.com/f/security-cryptography/post-exploitation-toolkits.md) — Provides capabilities for lateral movement and remote administration once valid credentials are obtained.
- [Multi-Command Session Lifecycles](https://awesome-repositories.com/f/security-cryptography/session-token-refreshers/multi-command-session-lifecycles.md) — Maintains per-target authenticated sessions by refreshing tokens or reconnecting on expiry for long-running operations.

### Networking & Communication

- [Modular Protocol Plugins](https://awesome-repositories.com/f/networking-communication/network-protocol-implementations/modular-protocol-plugins.md) — Encapsulates each network protocol behind a common plugin interface for uniform command and credential dispatch.
- [Non-Blocking Socket I/O](https://awesome-repositories.com/f/networking-communication/socket-networking/non-blocking-socket-i-o.md) — Uses non-blocking sockets and thread-pooled I/O to saturate network throughput across hundreds of endpoints.

### Software Engineering & Architecture

- [Task Result Aggregation](https://awesome-repositories.com/f/software-engineering-architecture/task-result-aggregation.md) — Collects and normalises output from concurrent remote executions into a unified report with per-target status.