-
-
Notifications
You must be signed in to change notification settings - Fork 1
Troubleshooting & FAQ
This page outlines common issues, known limitations, and OS compatibility considerations when using NetSentinel in red team environments or internal assessments.
Cause: You used --kerberos-scan but did not provide required domain information.
Fix:
- Ensure
utils/config.jsonexists with all required fields (domain,username,password,dc_ip) - Or set the following environment variables:
export NetSentinel_DOMAIN=corp.local
export NetSentinel_USER=lowpriv
export NetSentinel_PASS='Spring2025!'
export NetSentinel_DC=10.0.0.5Cause: The impacket library is missing.
Fix:
pip install impacketIf using a virtual environment, ensure you're inside it before running the tool.
Cause: The subnet may not have PTR records, or reverse lookups are blocked.
Fix:
- Try running without
--resolve-hostnames - Consider DNS brute-force if authorized, but this is not currently part of NetSentinel’s scope
Cause: Ports 139/445 may be firewalled, or hosts require authentication.
Fix:
- Verify access to target ports with
telnetornc - Use packet captures to confirm SMB negotiation attempts
- Authenticated SMB support is not yet implemented
Cause: Scanning is limited to local subnet ARP by default (in stealth mode).
Fix:
- Ensure you're in the same Layer 2 segment as the target range
- For routed networks, consider extending
recon.pyto use ICMP or TCP-based discovery - Run
--scan-type fullwhen aggressive scanning is implemented
NetSentinel prioritizes stealth and modularity. Some limitations are by design, while others are in-progress improvements.
| Limitation | Status | Notes |
|---|---|---|
| No remote ICMP/TCP discovery | Partial | ARP only in stealth mode |
| No authenticated SMB scan | Not implemented | Only anonymous share enumeration supported |
| No LDAP querying | Not implemented | Kerberos-only for now |
| No GUI or web dashboard | Not planned | CLI only by design |
| No parallel threading | Minimal | Serial logic for predictability |
| Windows support (partial) | Limited | Built/tested primarily on Linux |
| OS | Status | Notes |
|---|---|---|
| Kali Linux | ✅ Supported | Primary dev environment |
| Ubuntu / Debian | ✅ Supported | Tested on 20.04+ |
| Arch / Manjaro | ✅ Supported | Ensure required packages installed |
| macOS | May require interface tweaks (e.g. en0) |
|
| Windows 10/11 (WSL) | SMB/Kerberos may behave unpredictably | |
| Native Windows | ❌ Unsupported | Not supported/tested natively |
-
scapymay require elevated privileges to send ARP packets -
impacketKerberos modules rely on Python 3.7+ compatibility - WSL support may be limited due to lack of full Layer 2/3 networking stack access
A: Only if you have written authorization under clearly defined Rules of Engagement. This tool is for lawful red team and pentesting use only.
A: No. NetSentinel performs reconnaissance only. It does not include any offensive modules or exploit payloads.
A: Only with modifications. The default recon mode relies on ARP, which is local to the Layer 2 segment. You may add ICMP or TCP scanning in recon.py if your RoE allows it.
A: See the Creating New Modules wiki page for a full guide. All modules follow the same interface and structure.
A: By default, no — logging is console-only. You can modify logger.py to add file output if required for audits or automation.
If you're encountering persistent issues, feel free to:
- Open an issue
- Include your platform, Python version, and console output
- Indicate if you're using a virtual environment
This project is under active development. If you’d like to request a feature or report a bug, use the GitHub Issues tab with as much detail as possible.