NetExec icon indicating copy to clipboard operation
NetExec copied to clipboard
verified publisher icon Pennyw0rth

Skip-self or exclude single IP

Open L1-0 opened this issue 8 months ago • 2 comments

Please Describe The Problem To Be Solved Currently, NetExec does not support excluding specific hosts or networks from scans. So when scanning a network during an engagement where the attacker host is present, sometimes funny things happen. Additionally this leads to scanning of potentially sensitive infrastucture.

(Optional): Suggest A Solution Add the ability to exclude one or more IPs, hostnames or CIDRs via --exclude HOST[, HOST] This could be done by tweaking the internal target generation.

Optionally add a --skip-self flag for convenience.

Detection of the local IP could be done through something like this i suppose:

import socket

try:
    with socket.socket(socket.AF_INET, socket.SOCK_DGRAM) as s:
        s.connect(("172.31.255.254", 80))
        local_ip = s.getsockname()[0]
except OSError as e:
    print(f"Failed to determine local IP: {e}")
    local_ip = None

if local_ip:
    print("Local IP:", local_ip)

L1-0 avatar May 05 '25 12:05 L1-0

Hi, thanks for the idea! Sounds like a good option!

As i usually would think that you would like to either always or never scan yourself imo a config option would be better suited for this. However, i think you should specify IP addresses when blacklisting hosts, otherwise you might run into situations where you still scan the blacklisted hosts if you have a weird DNS setup.

NeffIsBack avatar May 05 '25 13:05 NeffIsBack

Yes, you're probably right here, so the --skip-self flag could probably be omitted.

L1-0 avatar May 05 '25 13:05 L1-0