High-Performance Network Execution Framework (Rust)
NetExec-RS (nxc-rs) is a high-performance network execution framework built in Rust, designed for modern red team operations at scale.
Inspired by NetExec and CrackMapExec, nxc-rs reimagines network exploitation with:
- massive concurrency
- intelligent orchestration
- memory-safe native implementations
Traditional tooling in this space is:
- Python-heavy
- dependency-fragile
- slow at scale
nxc-rs changes that:
- Pure Rust core → zero runtime dependencies
- Async-first architecture → scan and execute across thousands of hosts
- Protocol-native implementations → no wrappers, no overhead
- Designed for automation → integrates seamlessly into pipelines and AI workflows
- Tokio-powered async runtime for extreme concurrency
- Optimized for large enterprise network operations
- Low memory footprint with predictable performance
- No Python, no Impacket
- Native implementations of:
- NTLM SSP
- Kerberos
- SMB protocol stack
- Built-in Elite Reaper engine
- Control operations using natural language
- Supports:
- Gemini
- OpenAI
- Anthropic
- Ollama
- Lockout-aware authentication strategies
- Configurable jitter and randomized delays
- Secure TLS handling
- Reduced detection footprint
- Active Directory enumeration (LDAP, AD CS)
- BloodHound data collection
- WMI-based system intelligence
- Credential and privilege discovery
nxc-rs supports 22 protocols and 135+ modules, built for both reconnaissance and post-exploitation.
| Protocol | Status | Capabilities |
|---|---|---|
| SMB | ✅ | NTLM auth, shares, smbexec, lsassy, NTDS dumping |
| LDAP | ✅ | AD CS, BloodHound, LAPS/gMSA, Kerberoasting |
| WinRM | ✅ | NTLM/Kerberos, PSRP execution |
| MSSQL | ✅ | Query execution, xp_cmdshell, impersonation |
| WMI | ✅ | Remote execution & system enumeration |
| SSH | ✅ | Auth auditing, command execution |
| RDP / VNC / ADB | ✅ | Remote access, screenshots |
| Web / DNS / FTP | ✅ | Enumeration & recon |
| Cloud / Kube | ✅ | Kubernetes & infrastructure probing |
Linux / macOS
curl -sSf https://raw.githubusercontent.com/thrive-spectrexq/nxc-rs/master/install.sh | bashWindows (PowerShell)
iex (New-Object System.Net.WebClient).DownloadString('https://raw.githubusercontent.com/thrive-spectrexq/nxc-rs/master/install.ps1')Requires Rust 1.94.0+
git clone https://github.com/thrive-spectrexq/nxc-rs.git
cd nxc-rs
cargo build --release --package nxcnxc --helpProtocol-specific help:
nxc smb --help
nxc winrm --helpWinRM Command Execution
nxc winrm <target> -u Admin -p Pass123 -x "Get-Process"SMB Credential Dumping
nxc smb 192.168.1.0/24 -u Admin -H <hash> -M lsassyNFS Enumeration
nxc nfs <target> --enum-sharesControl operations using natural language.
Set one provider:
export GEMINI_API_KEY=...
export OPENAI_API_KEY=...
export ANTHROPIC_API_KEY=...
export OLLAMA_API_BASE=...nxc ai "Scan 10.0.0.0/24 for port 445 and identify OS versions"
nxc ai "Enumerate all GPO names using LDAP"
nxc ai "Find hosts with SMB signing disabled"nxc-rs is built as a modular Rust workspace:
/nxc→ CLI + orchestration/protocols→ SMB, LDAP, SSH, etc./auth→ NTLM, Kerberos engine/ai→ Elite Reaper AI engine/modules→ Recon & post-exploitation modules/db→ Credential storage (SQLite)
- Modular & extensible
- Async-first
- Protocol-driven architecture
- Clean separation of concerns
Contributions are welcome.
- Fork the repo
- Create a feature branch
- Submit a PR
For major changes, open an issue first.
Licensed under the BSD 2-Clause License. See LICENSE for details.
This tool is intended strictly for authorized security testing and educational purposes.
- Unauthorized use against systems without explicit permission is illegal.
- The authors are not responsible for misuse or damages.