DEV.co
Open-Source Security · Pennyw0rth

NetExec

NetExec is a command-line tool for executing commands and performing reconnaissance across Windows networks and Active Directory environments. It is the community-maintained successor to CrackMapExec, designed for penetration testing and red-team operations.

Source: GitHub — github.com/Pennyw0rth/NetExec
5.7k
GitHub stars
727
Forks
Python
Primary language
BSD-2-Clause
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
RepositoryPennyw0rth/NetExec
OwnerPennyw0rth
Primary languagePython
LicenseBSD-2-Clause — OSI-approved
Stars5.7k
Forks727
Open issues166
Latest releasev1.5.1 (2026-02-23)
Last updated2026-07-05
Sourcehttps://github.com/Pennyw0rth/NetExec

What NetExec is

Python 3.10+ multi-protocol network execution framework supporting SMB, WinRM, LDAP, and other protocols for authentication, enumeration, and lateral movement in enterprise Windows/AD infrastructure. BSD-2-Clause licensed open-source project with active community contributions.

Quickstart

Get the NetExec source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/Pennyw0rth/NetExec.gitcd NetExec# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Active Directory Penetration Testing

Enumerate users, groups, domain controllers, and credentials; perform lateral movement and privilege escalation checks across AD environments during authorized security assessments.

Red Team Network Operations

Execute commands across multiple Windows hosts simultaneously, manage persistence mechanisms, and automate post-exploitation discovery tasks during authorized adversary simulation exercises.

Security Compliance & Vulnerability Assessment

Rapidly identify misconfigurations, weak credentials, and unpatched systems across Windows infrastructure in authorized internal security audits and compliance testing.

Implementation considerations

  • Requires Python 3.10+; install via pipx or distribution package managers for isolation from system Python dependencies.
  • Needs network connectivity and appropriate credentials or authentication vectors (SMB, WinRM, LDAP, SSH) to target systems; plan credential/credstash management securely.
  • Configure execution to operate within organizational policy; ensure logging and monitoring are not bypassed without authorization from management/security team.
  • Test thoroughly in isolated lab environments before running against production; improper credential spraying or command execution can lock accounts or trigger incident response.
  • Maintain awareness of evasion vs. detection trade-offs; tool capabilities may trigger EDR/SIEM alerting depending on detection maturity of target environment.

When to avoid it — and what to weigh

  • Unauthorized Access — Do not use this tool against systems you do not own or have explicit written authorization to test. The tool is designed for offensive security work and misuse is illegal.
  • Non-Windows Environments — If your infrastructure is primarily Linux, cloud-native, or containerized, NetExec may have limited utility without Windows/AD targets. Consider alternatives for cross-platform needs.
  • Production Incident Response — While useful for assessment, this tool is optimized for testing scenarios, not forensic analysis or live incident containment. Defensive/forensic tools may be more appropriate.
  • Lack of Internal Expertise — Effective use requires solid understanding of Windows authentication, AD architecture, and network protocols. Misapplication can cause service outages or detection evasion failures.

License & commercial use

BSD-2-Clause (Simplified): Permissive OSI-approved license. Allows use, modification, and distribution in proprietary/commercial contexts with minimal restrictions (retain copyright notice and disclaimer).

BSD-2-Clause permits commercial use without restriction or royalty. However, use of NetExec for unauthorized access is illegal regardless of licensing; commercial security firms must maintain proper client authorization and legal compliance. Resale or bundling with proprietary tools is permitted under the license terms alone.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationAdequate
License clarityClear
Deployment complexityLow
DEV.co fitGood
Assessment confidenceHigh
Security considerations

Tool is designed for offensive security; operator responsibility to use only on authorized targets. No claims made regarding tool security posture (e.g., encryption, audit logging, anti-tampering). Operational security depends on user discipline: avoid credential exposure in logs, sanitize output, restrict access to machines running NetExec. Consider network segregation for lab/test environments. Community-maintained code should be audited before use in high-assurance contexts.

Alternatives to consider

CrackMapExec (CME)

Original predecessor project; legacy codebase under different maintainer. NetExec is the recommended successor with community momentum and active development.

Impacket (Python library)

Lower-level protocol library; requires custom scripting but offers fine-grained control over SMB, Kerberos, LDAP interactions. Better for custom tooling; steeper learning curve.

BloodHound + SharpHound

Complementary for AD enumeration and visualization; focuses on graph-based discovery vs. command execution. Often used alongside NetExec in holistic AD assessments.

Software development agency

Build on NetExec with DEV.co software developers

NetExec is ideal for authorized penetration testing and red-team exercises in Windows/AD environments. Ensure proper authorization, lab testing, and operational security practices before deployment. Contact our security services team to assess fit for your infrastructure.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

NetExec FAQ

Is NetExec legal to use?
Yes, if used only on systems you own or have explicit written authorization to test. Unauthorized access is illegal. The tool itself is licensed under BSD-2-Clause; legality depends on use context.
What's the difference between NetExec and CrackMapExec?
NetExec is the community-maintained successor (forked/rebrand Sept 2023) with active development, merged community features, and unified codebase. CrackMapExec is the legacy project; NetExec is recommended for new deployments.
Do I need domain credentials to use NetExec?
Not always. Tools support null-session enumeration, credential spraying, relay attacks, and pass-the-hash. However, capabilities are expanded with valid credentials; supported auth methods include SMB, WinRM, LDAP, SSH, and Kerberos.
Will NetExec trigger EDR/SIEM alerts?
Likely, depending on target environment maturity. Tools performs credential testing, lateral movement, and command execution—all common IOCs. EDR/SIEM tuning, detection evasion techniques, and operational security planning required in mature environments.

Work with a software development agency

DEV.co is a software development agency delivering custom software development services to companies building on open source. Our software developers and web developers design, integrate, and ship production systems — spanning web development, APIs, AI, data, and cloud. If NetExec is part of your open-source security roadmap, our team can implement, customize, migrate, and maintain it.

Evaluate NetExec for Your Security Testing?

NetExec is ideal for authorized penetration testing and red-team exercises in Windows/AD environments. Ensure proper authorization, lab testing, and operational security practices before deployment. Contact our security services team to assess fit for your infrastructure.