NetExec
NetExec is a command-line tool for executing commands and performing reconnaissance across Windows networks and Active Directory environments. It is the community-maintained successor to CrackMapExec, designed for penetration testing and red-team operations.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | Pennyw0rth/NetExec |
| Owner | Pennyw0rth |
| Primary language | Python |
| License | BSD-2-Clause — OSI-approved |
| Stars | 5.7k |
| Forks | 727 |
| Open issues | 166 |
| Latest release | v1.5.1 (2026-02-23) |
| Last updated | 2026-07-05 |
| Source | https://github.com/Pennyw0rth/NetExec |
What NetExec is
Python 3.10+ multi-protocol network execution framework supporting SMB, WinRM, LDAP, and other protocols for authentication, enumeration, and lateral movement in enterprise Windows/AD infrastructure. BSD-2-Clause licensed open-source project with active community contributions.
Get the NetExec source
Clone the repository and explore it locally.
git clone https://github.com/Pennyw0rth/NetExec.gitcd NetExec# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Requires Python 3.10+; install via pipx or distribution package managers for isolation from system Python dependencies.
- Needs network connectivity and appropriate credentials or authentication vectors (SMB, WinRM, LDAP, SSH) to target systems; plan credential/credstash management securely.
- Configure execution to operate within organizational policy; ensure logging and monitoring are not bypassed without authorization from management/security team.
- Test thoroughly in isolated lab environments before running against production; improper credential spraying or command execution can lock accounts or trigger incident response.
- Maintain awareness of evasion vs. detection trade-offs; tool capabilities may trigger EDR/SIEM alerting depending on detection maturity of target environment.
When to avoid it — and what to weigh
- Unauthorized Access — Do not use this tool against systems you do not own or have explicit written authorization to test. The tool is designed for offensive security work and misuse is illegal.
- Non-Windows Environments — If your infrastructure is primarily Linux, cloud-native, or containerized, NetExec may have limited utility without Windows/AD targets. Consider alternatives for cross-platform needs.
- Production Incident Response — While useful for assessment, this tool is optimized for testing scenarios, not forensic analysis or live incident containment. Defensive/forensic tools may be more appropriate.
- Lack of Internal Expertise — Effective use requires solid understanding of Windows authentication, AD architecture, and network protocols. Misapplication can cause service outages or detection evasion failures.
License & commercial use
BSD-2-Clause (Simplified): Permissive OSI-approved license. Allows use, modification, and distribution in proprietary/commercial contexts with minimal restrictions (retain copyright notice and disclaimer).
BSD-2-Clause permits commercial use without restriction or royalty. However, use of NetExec for unauthorized access is illegal regardless of licensing; commercial security firms must maintain proper client authorization and legal compliance. Resale or bundling with proprietary tools is permitted under the license terms alone.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Adequate |
| License clarity | Clear |
| Deployment complexity | Low |
| DEV.co fit | Good |
| Assessment confidence | High |
Tool is designed for offensive security; operator responsibility to use only on authorized targets. No claims made regarding tool security posture (e.g., encryption, audit logging, anti-tampering). Operational security depends on user discipline: avoid credential exposure in logs, sanitize output, restrict access to machines running NetExec. Consider network segregation for lab/test environments. Community-maintained code should be audited before use in high-assurance contexts.
Alternatives to consider
CrackMapExec (CME)
Original predecessor project; legacy codebase under different maintainer. NetExec is the recommended successor with community momentum and active development.
Impacket (Python library)
Lower-level protocol library; requires custom scripting but offers fine-grained control over SMB, Kerberos, LDAP interactions. Better for custom tooling; steeper learning curve.
BloodHound + SharpHound
Complementary for AD enumeration and visualization; focuses on graph-based discovery vs. command execution. Often used alongside NetExec in holistic AD assessments.
Build on NetExec with DEV.co software developers
NetExec is ideal for authorized penetration testing and red-team exercises in Windows/AD environments. Ensure proper authorization, lab testing, and operational security practices before deployment. Contact our security services team to assess fit for your infrastructure.
Talk to DEV.coRelated on DEV.co
Explore the category and the services that help you build with it.
NetExec FAQ
Is NetExec legal to use?
What's the difference between NetExec and CrackMapExec?
Do I need domain credentials to use NetExec?
Will NetExec trigger EDR/SIEM alerts?
Work with a software development agency
DEV.co is a software development agency delivering custom software development services to companies building on open source. Our software developers and web developers design, integrate, and ship production systems — spanning web development, APIs, AI, data, and cloud. If NetExec is part of your open-source security roadmap, our team can implement, customize, migrate, and maintain it.
Evaluate NetExec for Your Security Testing?
NetExec is ideal for authorized penetration testing and red-team exercises in Windows/AD environments. Ensure proper authorization, lab testing, and operational security practices before deployment. Contact our security services team to assess fit for your infrastructure.