Skip to content

[netexec] feat: add NetExec injector with contracts, helpers and tests (#170)#188

Open
Seb-MIGUEL wants to merge 5 commits intomainfrom
issue/170-add-netexec-injector
Open

[netexec] feat: add NetExec injector with contracts, helpers and tests (#170)#188
Seb-MIGUEL wants to merge 5 commits intomainfrom
issue/170-add-netexec-injector

Conversation

@Seb-MIGUEL
Copy link
Contributor

@Seb-MIGUEL Seb-MIGUEL commented Mar 5, 2026

Summary

  • Add full NetExec injector supporting SMB, LDAP, WinRM, SSH, FTP, MSSQL, RDP, VNC, WMI protocols
  • Support for base commands, options (e.g. --asreproast, --kerberoasting, --shares) and modules (e.g. spider_plus, mssql_priv)
  • Structured output parsing with domain-specific finding types (credentials, usernames, shares, groups, vulnerabilities, etc.)
  • Catalog compatibility via manifest metadata
  • Unit tests for contracts, command builder, output parser and credential extractors

Test plan

  • Unit tests pass (contracts, helpers, credential extractors, output parser)
  • Manual testing against live GOAD lab (SMB, LDAP with various options)
  • Docker image builds and runs successfully
  • Injector registers correctly with OpenAEV platform
  • Structured findings are properly extracted and displayed

Closes #170

@Seb-MIGUEL
feat: add netexec injector with contracts, helpers and configuration
553a551 
Add the netexec injector module including:
- Protocol-based contracts (SMB, SSH, FTP, etc.) with module support
- Command builder, output parser and process helpers
- Credential extractors and modules registry
- Docker and configuration setup
- Updated root .gitignore to exclude local dev files
@Seb-MIGUEL
test: add unit tests for netexec injector
27729c2 
89 tests covering:
- Contract ID parsing (base, option, module families)
- Command builder (credentials, options, modules, security)
- Output parser (filtering, dispatching, asset mapping)
- Credential extractors (SAM, LSA, NTDS, shares, groups, vulns)
@Seb-MIGUEL
feat: add catalog compatibility for netexec injector
0411850 
Add manifest-metadata.json and [tool.cmw] section required by the
OpenAEV catalog to discover and deploy the injector via the UI.
Also align pyproject.toml to PEP 621 format, standardize
docker-compose.yml with variable substitution, and add .env.sample.
@Seb-MIGUEL
fix: always send execution_output_structured in callback
0ad35cb
@Seb-MIGUEL
fix: sort imports and remove unused imports
cbd5e75
@Seb-MIGUEL Seb-MIGUEL linked an issue Mar 5, 2026 that may be closed by this pull request
Add Netexec Injector #170
Open
@Seb-MIGUEL Seb-MIGUEL changed the title [netexec] feat: add NetExec injector with contracts, helpers and tests [netexec] feat: add NetExec injector with contracts, helpers and tests (#170) Mar 5, 2026
ncarenton
ncarenton reviewed Mar 8, 2026
View reviewed changes
netexec/netexec/helpers/netexec_process.py
if input_data is not None:
kwargs["input"] = input_data

result = subprocess.run(cmd, **kwargs)
Copy link
Member

@ncarenton ncarenton Mar 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

subprocess.run(cmd, **kwargs) has no timeout. If netexec hangs on a slow/unreachable target, the thread running this inject will never terminate. Should we add a configurable timeout here (e.g. timeout read from config, defaulting to 3600s) and handle subprocess.TimeoutExpired with a clean error, similar to what the AWS injector does in pacu_executor.py?

Copy link
Contributor Author

@Seb-MIGUEL Seb-MIGUEL Mar 9, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @ncarenton good point, I didn't see neither on nuclei/Nmap nor Shodan don't you think we should define this kind of global injector good practices and applied them to the whole injectors and add it through something like "good_practices.md" to avoid that in the next injectors and the previous ones ?

netexec/netexec/openaev_netexec.py
options = parsed_data.get("options") if parsed_data else None
extra_args = parsed_data.get("extra_args") if parsed_data else None

self.helper.injector_logger.info("Data: " + str(content))
Copy link
Member

@ncarenton ncarenton Mar 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Two places might leak credentials:

  • line 90 logs the raw content dict which includes credentials
  • lines 100–113 pass command_args=cmd to build_execution_message,
    and cmd contains ["-p", "P@ssw0rd!", "-H", "aad3b435..."], so credentials are sent to the OpenAEV API.

Should we scrub credential fields before logging, and strip args following -p, -H, --password etc. from cmd before passing it to build_execution_message?

Copy link
Contributor Author

@Seb-MIGUEL Seb-MIGUEL Mar 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @ncarenton good point again, same feedback as the previous, that's a global "concern" to the whole injectors we could provide the "good practice" here and then apply on the others. About credentials we have planned on the roadmap "vertical 2" to add new kind of credentials assets which will involve integration team to define the best way to handle it

@ncarenton ncarenton requested a review from mariot March 8, 2026 20:03
@Kakudou Kakudou self-requested a review March 11, 2026 07:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ncarenton ncarenton ncarenton left review comments

@mariot mariot Awaiting requested review from mariot

@Kakudou Kakudou Awaiting requested review from Kakudou

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add Netexec Injector

2 participants

@Seb-MIGUEL @ncarenton