Which integrations are available for this server?

Provides AI assistants with access to NetExec, a network execution and penetration testing tool, via SSH to a Kali Linux machine. Supports protocols like SMB, WinRM, SSH, LDAP, MSSQL, RDP, WMI for enumeration, credential dumping, command execution, password spraying, and more.

How do I use sec-netexec-mcp?

1. Click on "Install Server". 2. Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state. 3. In the chat, type @ followed by the MCP server name and your instructions, e.g., "@sec-netexec-mcp Enumerate SMB hosts in 192.168.1.0/24" That's it! The server will respond to your query, and you can continue using it as needed. Here is a step-by-step guide with screenshots.

sec-netexec-mcp

by schwarztim

Overview Schema Related Servers Score Discussions

JavaScript

Remote

NetExec MCP Server

MCP License: MIT TypeScript NetExec

A Model Context Protocol (MCP) server that provides AI assistants with access to NetExec (nxc), the powerful network execution and penetration testing tool formerly known as CrackMapExec.

Features

This MCP server enables AI assistants to execute NetExec commands via SSH to a Kali Linux machine, supporting:

Protocol	Capabilities
SMB	Windows enumeration, credential dumping (SAM/LSA/NTDS), command execution, pass-the-hash
WinRM	Remote Windows management, PowerShell execution, credential dumping
SSH	Linux/Unix authentication, key-based auth, remote command execution
LDAP	Active Directory enumeration, Kerberoasting, ASREPRoast, BloodHound collection
MSSQL	SQL Server queries, xp_cmdshell execution, login enumeration
RDP	Credential validation, screenshot capture
WMI	Windows Management Instrumentation command execution

Additional features:

Password spraying across all protocols
Module management and execution
SMB share enumeration and file operations
NetExec credential database queries

Prerequisites

Node.js 18+
SSH access to a Kali Linux machine with NetExec installed
SSH key-based authentication (recommended) or password

Installation

# Clone the repository
git clone https://github.com/schwarztim/sec-netexec-mcp.git
cd sec-netexec-mcp

# Install dependencies
npm install

# Build the project
npm run build

Configuration

Environment Variables

Variable	Description	Default
`KALI_HOST`	SSH hostname or IP for Kali machine	`kali`
`SSH_USER`	SSH username	(none)
`SSH_KEY`	Path to SSH private key file	(none)
`SSH_TIMEOUT`	Command timeout in seconds	`300`

Claude Desktop Configuration

Add to your claude_desktop_config.json:

{
  "mcpServers": {
    "netexec": {
      "command": "node",
      "args": ["/path/to/sec-netexec-mcp/dist/index.js"],
      "env": {
        "KALI_HOST": "your-kali-host",
        "SSH_USER": "kali",
        "SSH_KEY": "/path/to/ssh/key"
      }
    }
  }
}

Available Tools

`nxc_smb`

SMB protocol operations including enumeration, share listing, user/group/session enumeration, credential dumping (SAM, LSA, NTDS), and command execution.

`nxc_winrm`

WinRM remote management for authentication testing, cmd/PowerShell execution, and credential dumping.

`nxc_ssh`

SSH protocol for authentication testing, key-based auth, and remote command execution.

`nxc_ldap`

LDAP/Active Directory operations including user/group/computer enumeration, Kerberoasting, ASREPRoast, BloodHound collection, and trust enumeration.

`nxc_mssql`

SQL Server operations including queries, xp_cmdshell execution, and login enumeration.

`nxc_rdp`

RDP credential validation and screenshot capture.

`nxc_wmi`

WMI-based command execution on Windows targets.

`nxc_modules`

List and query available NetExec modules for each protocol.

`nxc_spray`

Password spraying with configurable options including user/password lists, jitter, and continue-on-success.

`nxc_shares`

SMB share enumeration and file operations (spider, get, put).

`nxc_raw`

Execute raw NetExec commands for advanced scenarios not covered by other tools.

`nxc_database`

Query the NetExec credential database for stored hosts and credentials.

Usage Examples

Enumerate SMB Hosts

{
  "tool": "nxc_smb",
  "arguments": {
    "target": "192.168.1.0/24"
  }
}

List Shares with Credentials

{
  "tool": "nxc_smb",
  "arguments": {
    "target": "192.168.1.10",
    "username": "admin",
    "password": "P@ssw0rd",
    "domain": "CORP",
    "action": "shares"
  }
}

Pass-the-Hash Attack

{
  "tool": "nxc_smb",
  "arguments": {
    "target": "192.168.1.10",
    "username": "admin",
    "hash": "aad3b435b51404eeaad3b435b51404ee:5fbc3d5fec8206a30f4b6c473d68ae76",
    "domain": "CORP",
    "action": "shares"
  }
}

Password Spray

{
  "tool": "nxc_spray",
  "arguments": {
    "protocol": "smb",
    "target": "192.168.1.0/24",
    "userList": "/tmp/users.txt",
    "password": "Summer2024!",
    "domain": "CORP",
    "continueOnSuccess": true
  }
}

BloodHound Collection

{
  "tool": "nxc_ldap",
  "arguments": {
    "target": "dc01.corp.local",
    "username": "user",
    "password": "password",
    "domain": "CORP",
    "action": "bloodhound",
    "bloodhoundCollection": "All"
  }
}

Dump NTDS from Domain Controller

{
  "tool": "nxc_smb",
  "arguments": {
    "target": "dc01.corp.local",
    "username": "admin",
    "password": "P@ssw0rd",
    "domain": "CORP",
    "action": "ntds"
  }
}

Security Considerations

This tool is intended for authorized security testing only. Always ensure you have:

Written authorization to test target systems
Proper scope definition for penetration testing engagements
Compliance with applicable laws and regulations

Never use this tool against systems you do not have explicit permission to test.

Development

# Watch mode for development
npm run dev

# Build for production
npm run build

# Start the server
npm start

Architecture

┌─────────────────┐     ┌──────────────────┐     ┌────────────────┐
│   AI Assistant  │────▶│  NetExec MCP     │────▶│  Kali Linux    │
│  (Claude, etc.) │     │  Server (Node.js)│ SSH │  (nxc)         │
└─────────────────┘     └──────────────────┘     └────────────────┘
                              │
                              │ stdio
                              ▼
                        ┌──────────────┐
                        │ MCP Protocol │
                        └──────────────┘

References

License

This project is licensed under the MIT License - see the LICENSE file for details.

Disclaimer

This software is provided for educational and authorized security testing purposes only. The authors are not responsible for any misuse or damage caused by this program. Users are responsible for ensuring compliance with all applicable laws and regulations.

Install Server

license - permissive license

quality

maintenance

How are these scores calculated?

Maintenance

–Maintainers

–Response time

–Release cycle

–Releases (12mo)

Commit activity

Resources

GitHub Repository

Need Help?

Related Servers

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Tools

View all tools

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/schwarztim/sec-netexec-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server