1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
|
import subprocess
import argparse
VULNS = {
'zerologon': (False, True),
'printnightmare': (False, True),
'ms17-010': (False, True),
'smbghost': (False, True),
'petitpotam': (False, True),
'nopac': (True, True),
'ntlm_reflection': (True, True),
'spooler': (True, False),
}
def run_scan(target, user, passwd, domain, module):
cmd = ['nxc', 'smb', target]
if user:
cmd += ['-u', user, '-p', passwd]
if domain:
cmd += ['-d', domain]
else:
cmd += ['-u', '', '-p', '']
cmd += ['-M', module]
try:
result = subprocess.run(cmd, capture_output=True, text=True, timeout=60)
output = result.stdout + result.stderr
print(output)
return output
except Exception as e:
error_msg = f"Error scanning {module}: {str(e)}"
print(error_msg)
return error_msg
def main():
parser = argparse.ArgumentParser(description='NXC Vulnerability Scanner')
parser.add_argument('-t', '--target', required=True, help='Target IP')
parser.add_argument('-u', '--username', default='', help='Username')
parser.add_argument('-p', '--password', default='', help='Password')
parser.add_argument('-d', '--domain', default='', help='Domain')
args = parser.parse_args()
print(f"\n[*] Scanning {args.target}\n")
vulnerable = []
safe = []
for module, (needs_creds, is_critical) in VULNS.items():
if needs_creds and not args.username:
print(f"[!] Skipping {module} - needs credentials\n")
continue
print(f"[*] Checking {module}...")
output = run_scan(args.target, args.username, args.password, args.domain, module)
print(output)
if 'VULNERABLE' in output.upper():
vulnerable.append((module, is_critical))
else:
safe.append(module)
print()
print("=========================================================================================================================================================================================")
if vulnerable:
print(f"\n[!] FOUND {len(vulnerable)} VULNERABILITY(IES):\n")
for mod, crit in vulnerable:
tag = " [CRITICAL]" if crit else ""
print(f" - {mod}{tag}")
else:
print("\n[+] No vulnerabilities found")
if safe:
print("\n[+] NOT VULNERABLE:")
for mod in safe:
print(f" - {mod}")
print("==================================================================================================================================================================================================")
if __name__ == '__main__':
main()
|
