SMB: add optional share report output under --shares

[Dovendyrr]

Description

Adds SMB share reporting enhancements under --shares so NetExec can generate aggregated share reports without requiring a separate standalone action.

AI Usage Disclosure

• AI tool(s) used: ChatGPT Codex (GPT-5)
• AI-assisted scope:
  • design iteration for CLI/report UX
  • implementation support for reporting and HTML filtering logic
  • drafting/refinement of contribution text
• Human verification performed:
  • reviewed and edited all generated code and text
  • ran lint checks (ruff) on changed files
  • manually validated behavior in local SMB test environment

Implemented

• Added --shares-output [path] as an optional output switch tied to --shares
• Added --shares-output-format {markdown,json,html}
• Added --shares-output-high-risk <names...>
• Added report engine in nxc/protocols/smb/share_report.py
• Integrated report generation into SMB share enumeration flow in nxc/protocols/smb.py
• Added host-aware keying (host:port) to avoid localhost multi-port overwrite collisions
• Added enhanced HTML report UX:
  • Summary cards
  • Share pivot (click share -> see hosts)
  • Host breakdown collapsibles
  • Detailed shares host dropdown filter

Files changed

• nxc/protocols/smb/proto_args.py
• nxc/protocols/smb.py
• nxc/protocols/smb/share_report.py (new)
• tests/test_smb_share_report.py (new)

Type of change

• New feature (non-breaking change)
• Refactor (CLI behavior: reporting now option under --shares)
• Test updates

Setup guide for the review

1. Run SMB share enumeration with report output:

   nxc smb <targets> -u <user> -p <pass> \
     --shares \
     --shares-output /tmp/smb_report \
     --shares-output-format html

2. Validate output behavior:

• Summary renders host/share/read/write/high-risk totals
• Share Pivot section allows clicking a share name to display affected hosts
• Host Breakdown section shows per-host share details
• Detailed Shares dropdown filters rows by host

3. Optional high-risk tuning:

   nxc smb <targets> -u <user> -p <pass> \
     --shares \
     --shares-output /tmp/smb_report \
     --shares-output-format html \
     --shares-output-high-risk c$ admin$ wwwroot inetpub backups

4. Validation commands used:

   /Users/safetynet/Tools/contributions/venv/bin/ruff check --isolated \
     nxc/protocols/smb.py \
     nxc/protocols/smb/proto_args.py \
     nxc/protocols/smb/share_report.py \
     tests/test_smb_share_report.py

Checklist

• I have performed a self-review of my own code
• I have added or updated tests where appropriate
• Ruff lint checks pass for changed files
• Existing --shares behavior remains functional
• Help text and usage flow were updated to match CLI behavior
• AI usage is fully disclosed (tool/model/scope)

[NeffIsBack]

Hi and thanks for the PR.

This looks highly AI generated. What parts were done by you? As per the template:

If you have used AI in any form, please state the tool you used (e.g. Claude Code, Cursor, Amp) along with the extent that the work was AI-assisted. See the project's AI policy for more details: https://github.com/Pennyw0rth/NetExec/blob/main/AI_POLICY.md

Second thing, i don't really understand what the benefit of adding such a report is. What is a "high risk" share? And what does this functionality provide what isn't already provided by nxc or the nxcdb?

[Dovendyrr]

Hey NeffIsBack, Ah thanks for sharing the AI policy, will update the body of my PR accordingly, first time attempting to contribute on github so getting the hang of things. This was vibed for sure (not the most knowledgable, wanting to change this however and learn to code better!), I had used Codex 5.3 and majority of the changes were done by it, with some minor tweaks I did where it would overwrite data due to ingesting based off of the host only, so when doing a test on my localhost with numerous ports it would only ingest the latest scan. As to your second point, the reason for the PR is when doing an internal obviously NXC is at the forefront of the tools being used, but when it comes to SMB share enum I feel its a bit lacking. I would then tend to use something like PowerHuntShares. In my case I'd honestly rather have this functionality within NXC itself. In it's current form all its done is make better formatting output for pentest reports, it also aggregates so if I scan multiple hosts and output to the same file it will be contained within it. I'd like to work with actual smart people (lol) on this to maybe make it better in the sense of doing light "spidering" to try and get "juicy" files, although this gets done manually anyways so its maybe not that high of a priority. High risk shares can also be changed within the context of the assessment, but I'd say if a low level user had access to Admin$ or C$ due to a misconfiguration of adding authenticated users to local admins group for example, then those would be high risk. Happy to hear your opinions on this, if using AI for the majority isn't really accepted then I understand that too! Gives me a project to work toward then, just wanted to add something to the tool that makes the general internal (and reporting) experience more streamlined :D

[NeffIsBack]

first time attempting to contribute on github so getting the
hang of things.

Welcome to the Open Source world then :)

This was vibed for sure (not the most knowledgable, wanting
to change this however and learn to code better!), I had used Codex 5.3 and
majority of the changes were done by it, with some minor tweaks I did where
it would overwrite data due to ingesting based off of the host only

So i know everyone is screaming "Do everything with AI" right now, but if you want my opinion (yes you didn't ask, but i give it to you anyway lol) learning how to code is better done without AI or at least not with prompting. AI tends to produce a lot of bloat and that can be seen in this code as well. Also, using prompts to generate code often skips the step where you need to think about the structure of the solution, which is one of the most important parts of coding.

The problem with AI generated code is that the code needs heavy reviewing and the bloat consumes a lot of time to trim down. In addition, AI most often does not respect the structure of a project and just places the code somewhere into existing functionality, where it does not make a lot of sense. So all in all, I don't think this will be merged in the current state. We do have spidering as you said as well as the nxcdb that contains and is able to export this kind of information. Not as HTML, but as CSV. We should first have a discussion what exactly is needed and where and in which form we would integrate it. For this a feature request issue would likely be better suited than a PR.

[Dovendyrr]

Thank you for taking the time to respond! I get your point and this has made me go back to the drawing board, I do still think there is some value to be added, and its important for me to do this the right way! After I get some clear direction I'll be sure to open a feature request. Thanks again o7

…

On Sat, 21 Mar 2026, 12:00 Alex, ***@***.***> wrote: *NeffIsBack* left a comment (Pennyw0rth/NetExec#1167) <#1167 (comment)> first time attempting to contribute on github so getting the hang of things. Welcome to the Open Source world then :) This was vibed for sure (not the most knowledgable, wanting to change this however and learn to code better!), I had used Codex 5.3 and majority of the changes were done by it, with some minor tweaks I did where it would overwrite data due to ingesting based off of the host only So i know everyone is screaming "Do everything with AI" right now, but if you want my opinion (yes you didn't ask, but i give it to you anyway lol) learning how to code is better done without AI or at least not with prompting. AI tends to produce a lot of bloat and that can be seen in this code as well. Also, using prompts to generate code often skips the step where you need to think about the structure of the solution, which is one of the most important parts of coding. The problem with AI generated code is that the code needs heavy reviewing and the bloat consumes a lot of time to trim down. In addition, AI most often does not respect the structure of a project and just places the code somewhere into existing functionality, where it does not make a lot of sense. So all in all, I don't think this will be merged in the current state. We do have spidering as you said as well as the nxcdb that contains and is able to export this kind of information. Not as HTML, but as CSV. We should first have a discussion what exactly is needed and where and in which form we would integrate it. For this a feature request issue would likely be better suited than a PR. — Reply to this email directly, view it on GitHub <#1167?email_source=notifications&email_token=BHKB3B6PN6Y5MGYM5ELVGFT4RZR23A5CNFSNUABFM5UWIORPF5TWS5BNNB2WEL2JONZXKZKDN5WW2ZLOOQXTIMJQGI4TQMJWGU22M4TFMFZW63VGMF2XI2DPOKSWK5TFNZ2KYZTPN52GK4S7MNWGSY3L#issuecomment-4102981655>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/BHKB3B6WGBZRK7KWLQQILAL4RZR23AVCNFSM6AAAAACWZJXL5OVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHM2DCMBSHE4DCNRVGU> . You are receiving this because you authored the thread.Message ID: ***@***.***>

[NeffIsBack]

Sounds good! What would be your goal? I guess an HTML, but what should that contain? Are write/read privs enough data or do you want/need something else?

My initial intuition would be to use the data from the nxcdb since it is already stored in there when enumerating shares (and prone to changes for future data collection). We also already have some kind of export functionality for a csv and iirc text format that could be extended.