EvilNFSClient

Built with the tools and technologies:

A modern, fast, and pentester-friendly NFS client built for red teams, security researchers, and anyone who wants full control over remote NFS exports — without needing to mount them.

Repository: github.com/AnvithLobo/EvilNFSClient

📑 Table of Contents

• 📑 Table of Contents
• 🚀 What it does
• ⚡ Quick start
  • 🔧 Build from source
  • 📥 Download binaries
• 🧰 Features
  • 🌐 Remote NFS operations
  • 💻 Local operations (prefix l)
  • 🎛️ Session control
• 📘 Commands (high level)
  • 🔎 Navigation
  • 📤 Upload
  • 📥 Download
  • 📦 Multi-file
  • 🗂 Directory mgmt
  • 💻 Local commands
• 🧪 Examples
• 🔐 Permissions & SUID/SGID Notes
  • Priv-Esc scenario
• 📦 Installation
  • 🛠 Prerequisites
  • 🔨 Build
• ⚙️ Usage & options
• 💡 Tips & behavior
• 📌 Project Roadmap
• ⚠️ Disclaimer
• 👤 Author
• 📄 License

🚀 What it does

EvilNFSClient is a TUI-powered, and powerful NFS client designed for offensive security workflows and regular use.

Use it as:

• A post-exploitation helper
• A privilege escalation tool
• A standalone NFS file manager (no mount needed!)
• A fast recursive uploader/downloader

✨ Features at a glance:

• Full file manipulation (read, write, delete)
• Upload/download directories with -r
• Set SUID/SGID/Sticky bit permissions
• Interactive shell with history + scrolling

⚡ Quick start

🔧 Build from source

git clone https://github.com/AnvithLobo/EvilNFSClient
cd EvilNFSClient
go build -o evilnfsclient
./evilnfsclient <server-ip> <export-path>

📥 Download binaries

➡️ Pre-built releases: https://github.com/AnvithLobo/EvilNFSClient/releases

🧰 Features

🌐 Remote NFS operations

• ls [path] — colorized directory listing
• cd <path> — switch directories
• tree [path] — recursive view
• get [-r] <remote> [<local>] — download
• mget <pattern> [<dest_dir>] — multi-download
• put [-r] <local> [<remote>] — upload
• mput <pattern> [<dest_path>] — multi-upload
• rm [-r] <path> — delete files/folders
• mkdir [-p] <path> — create directories
• chmod <mode> <file> — permission editing w/ SUID/SGID

💻 Local operations (prefix l)

• lls [path], lcd <path>, lmkdir [-p] <path>

🎛️ Session control

• help → show commands
• Arrow keys → history
• PgUp/PgDn → scroll
• Ctrl + C, exit, quit → exit

📘 Commands (high level)

🔎 Navigation

nfs> ls
nfs> cd public
nfs> tree

📤 Upload

nfs> put /tmp/shell.sh payload.sh
nfs> put -r ./tools /shared/tools

📥 Download

nfs> get payload.sh ./downloaded.sh
nfs> get -r /shared/sensitive /tmp/data

📦 Multi-file

nfs> mget *.log ./logs/
nfs> mput /tmp/*.elf /shared/payloads/

🗂 Directory mgmt

nfs> mkdir -p /shared/a/b/c
nfs> rm -r /shared/old_stuff

💻 Local commands

nfs> lcd /tmp
nfs> lmkdir -p workspace/subdir
nfs> lls

🧪 Examples

# Connect to NFS server with the export /shared
./evilnfsclient 192.168.1.100 /shared
# List available NFS exports on the server
./evilnfsclient --list 192.168.1.100
# Connect with overridden UID and GID
./evilnfsclient 192.168.1.100 /shared --uid 0 --gid 0
# Run a single command non-interactively
./evilnfsclient 192.168.1.100 /shared -c "ls /"

🔐 Permissions & SUID/SGID Notes

Supported modes include full SUID, SGID, and sticky bit manipulation.

Examples:

• chmod 4755 file → SUID
• chmod 2755 file → SGID
• chmod 6777 file → SUID + SGID

Priv-Esc scenario

nfs> put ./shell /shared/shell
nfs> chmod 6755 /shared/shell

Then on the target:

/shared/shell

⚠️ Whether the target honors SUID/SGID over NFS depends on mount + OS settings.

📦 Installation

🛠 Prerequisites

• Go 1.24.x+
• Access to NFS server/export

🔨 Build

git clone https://github.com/AnvithLobo/EvilNFSClient
cd EvilNFSClient
go build -o evilnfsclient

⚙️ Usage & options

./evilnfsclient <server> <export> [options]

Options:

• --uid <uid> — override UID
• --gid <gid> — override GID
• -c <cmd> — run command (non-interactive)

💡 Tips & behavior

• Remote paths → resolved against remote CWD
• Local paths → resolved against local CWD
• ~ expansion supported
• PgUp/PgDn scrolls output
• Use -r with caution (recursive delete!)

📌 Project Roadmap

• Task 1: General NFS Commands.
• Task 2: List NFS Exports.
• Task 3: Check for Root File System Escape.

⚠️ Disclaimer

This tool is intended strictly for authorized security testing and penetration testing. Unauthorized access to computer systems, networks, or data is illegal. Use EvilNFSClient only on systems you own or for which you have explicit permission.

By using this software you accept responsibility for your actions.

👤 Author

Anvith Lobo — https://github.com/AnvithLobo

📄 License

See LICENSE for details.

✨ Built for red teamers and power users who need full control over NFS exports.