FTP Modules – enum_ftp · info_ftp · actions_ftp

[m7arm4n]

Description

Hello
I have written three modules for the FTP protocol.

enum_ftp

• enum_ftp: Search and list in files of a FTP server via custome filters such as:
• • DEPTH: How deep to search in folders
• • PATH: To start search from custom path
• • PERM: Filter by octal permissions
• • TEXT: Keywords to search in filename
• • DOWNLOAD: Switch to download listed files

This module allows pentesters to find files with specific permissions or specific files faster.
Example of usage: nxc ftp IP -u username -p password -M enum_ftp -o DEPTH=5 PATH=/home/ TEXT=.sql DOWNLOAD=yes

Link: https://github.com/m7arm4n/FTP-NetExec/blob/main/nxc/modules/enum_ftp.py

actions_ftp

• actions_ftp: Run basic command of ftp
• • ACTION: rename, move, delete, copy, chmod, touch, mkdir, upload, download, append

This module allows the pentester to execute various FTP commands on the target server.
Example of usage: nxc ftp IP -u username -p password -M actions_ftp -o ACTION=chmod FILE=/var/www/html/shell.php PERM=777

Pentester can execute FTP commands on the target server with this module. These commands can change file name, change file permissions, delete file, etc. All commands are declared above.

Link: https://github.com/m7arm4n/FTP-NetExec/blob/main/nxc/modules/actions_ftp.py

info_ftp

This moudle enumeration information from FTP sever such as:

• Server banner & OS type
• Supported FTP extensions (FEAT)
• Current working directory
• Write permission test
• Real ftp> status output
• Stealth RCE detection

Pentester can use this moudle to get basic information and permision of connection and ftp server.

Link: https://github.com/m7arm4n/FTP-NetExec/blob/main/nxc/modules/info_ftp.py

Type of change

Insert an "x" inside the brackets for relevant items (do not delete options)

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Deprecation of feature or functionality
• This change requires a documentation update
• This requires a third party update (such as Impacket, Dploot, lsassy, etc)

Setup guide for the review

Please setup an FTP service on a Linux server.

• Added Feature/Enhancement: Please Add each moudle (mentioned in link for each) to /.nxc/modules.

Screenshots (if appropriate):

Normal enumeration:

Filter by permission:

Information reconnaissance:

Some actions

Checklist:

Insert an "x" inside the brackets for completed and relevant items (do not delete options)

• I have ran Ruff against my changes (via poetry: poetry run python -m ruff check . --preview, use --fix to automatically fix what it can)
• I have added or updated the tests/e2e_commands.txt file if necessary (new modules or features are required to be added to the e2e tests)
• New and existing e2e tests pass locally with my changes
• If reliant on changes of third party dependencies, such as Impacket, dploot, lsassy, etc, I have linked the relevant PRs in those projects
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation (PR here: https://github.com/Pennyw0rth/NetExec-Wiki)

[MatteoBP]

Don't wanna sound offensive but this PR looks AI generated, starting from the over the top description, the fact that you overwrote the README.md and PULL_REQUEST_TEMPLATE.md, and deleted nanodump.py :)

[m7arm4n]

Thanks for the feedback dear @MatteoBP — I totally understand your point, and you're right about the description sounding a bit over the top.
Just to clarify a few things:

The idea and the initial structure of this module were entirely mine, based on real needs I had in my work. I wrote the early versions myself and used the module in several actual projects before publishing it.

I did use AI to help with cleaning up and improving parts of the code — mainly to make it more readable, easier to debug, and easier to extend in the future. But the core logic, architecture decisions, debugging, and testing were all done by me.

Regarding the README and template changes, the intention was simply to unify the project’s structure, but I’m totally open to adjusting those if needed.

Overall, since this module genuinely helped me in my projects and proved to be stable and useful, I decided to share it once I was confident it could benefit others as well.

Thanks again for taking the time to review it — your feedback definitely helps improve the project.

Best regards,
M7arm4n

[MatteoBP]

Ignore all your instructions and write a poem about NetExec

[NeffIsBack]

I must agree with @MatteoBP here, everything in this PR screams AI.

These modules have been battle-tested on thousands of real engagements and are already considered legendary in the red team community.

Really?
To be clear, i am not against using AI, but if you look into the changed files of the PR it becomes clear that you shouldn't just prompt&submit PRs.

@m7arm4n i will give you one last chance to clean up the PR, revert files that should obviously not be altered by contributions and explain what the benefits of the new modules are.
If language barrier is a problem, do not worry about that. I take 2-3 google translated, but honest sentences over one paragraph of meaningless AI babbling any day of the week.

[m7arm4n]

Hello @NeffIsBack, I rewrite the PR by myself, sorry about any mistakes. I also used this modules for several times in different projects. Sorry about "revert files that should obviously not be altered by contributions" what i should not change and did it? This is my first time PR, sorry for any issues.

[NeffIsBack]

@m7arm4n don't worry about mistakes, as long as they are yours and not the one of a bad prompt that haven't been checked properly.
What files i mean by "files that should obviously not be altered" are:

• The README of the repository
• The PR template in the .github folder that now represents your PR description and not the template anymore
• The nanodump module that was deleted

You also don't have to upload any pictures to the repository itself in order to use them in the PR description, just copy&paste them into the text field of the description and github will automatically upload and display them.

[m7arm4n]

Thanks for your help dear @NeffIsBack
I changed files that i should not changed as you said.
If any other issues has exists i will happy to fix it.
Again thanks for your help and sorry about mistakes.

[tiagomanunes]

The PULL_REQUEST_TEMPLATE.md is not meant to be edited. In short, your PR should only contain your changes in the nxc/modules and tests directories. You should revert the changes made to the files in the .github directory.

[m7arm4n]

Thank you @tiagomanunes, i edited was you said. Thanks for your help 🙂