CrackMapExec Executor¶
Category: Pentesting
Script: crackmapexec.py
Integration: CLI
Faraday Plugin: Raw JSON (no plugin — generates Faraday JSON directly)
Website: byt3bl33d3r/CrackMapExec
Description¶
Runs CrackMapExec against a /24 network range using the SMB protocol. Parses stdout to extract host information, operating systems, SMB signing status, and credential validation results. Optionally supports Meterpreter injection via the met_inject module.
Prerequisites¶
- CrackMapExec installed and available in
$PATH - Verify:
crackmapexec --version
Configuration¶
Environment Variables (Setup)¶
(none required)
Execution Arguments¶
| Parameter | Type | Mandatory | Description |
|---|---|---|---|
CRACKMAPEXEC_IP |
ip | Yes | Target IP address (the executor scans the entire /24 subnet) |
CRACKMAPEXEC_USER |
string | No | SMB username for authentication testing |
CRACKMAPEXEC_PASS |
password | No | SMB password for authentication testing |
CRACKMAPEXEC_LHOST |
string | No | Local handler host IP (for Meterpreter injection) |
CRACKMAPEXEC_LPORT |
integer | No | Local handler port (for Meterpreter injection) |
YAML Configuration Example¶
executors:
cme_scan:
repo_executor: crackmapexec.py
max_size: 65536
varenvs: {}
params:
CRACKMAPEXEC_IP:
mandatory: true
type: ip
base: string
CRACKMAPEXEC_USER:
mandatory: false
type: string
base: string
CRACKMAPEXEC_PASS:
mandatory: false
type: password
base: string
How It Works¶
- Runs
crackmapexec smb <ip>/24(with optional-u <user> -p <pass>for auth testing) - If
LHOSTandLPORTare provided, adds--local-auth -M met_inject -o LHOST=<ip> LPORT=<port> - Parses stdout line-by-line to extract:
- Host IPs and hostnames
- Operating system versions
- SMB signing status
- Credential validation results
- Constructs Faraday JSON with hosts, services (SMB/445), and credentials
Notes¶
- The executor always scans the full /24 subnet of the provided IP
- Meterpreter injection (
met_inject) requires a running Metasploit handler - Use this executor only in authorized pentesting engagements