diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix
index 875b9a22c8c4..448c34f1e0f7 100644
--- a/maintainers/maintainer-list.nix
+++ b/maintainers/maintainer-list.nix
@@ -19612,7 +19612,15 @@
     githubId = 13259982;
     name = "Vanessa McHale";
   };
-
+  vncsb = {
+    email = "viniciusbernardino1@hotmail.com";
+    github = "vncsb";
+    githubId = 19562240;
+    name = "Vinicius Bernardino";
+    keys = [{
+      fingerprint = "F0D3 920C 722A 541F 0CCD  66E3 A7BA BA05 3D78 E7CA";
+    }];
+  };
   voidless = {
     email = "julius.schmitt@yahoo.de";
     github = "voidIess";
diff --git a/pkgs/tools/security/bloodhound-py/default.nix b/pkgs/development/python-modules/bloodhound-py/default.nix
similarity index 59%
rename from pkgs/tools/security/bloodhound-py/default.nix
rename to pkgs/development/python-modules/bloodhound-py/default.nix
index 197be429bee9..8d2c8e3ad444 100644
--- a/pkgs/tools/security/bloodhound-py/default.nix
+++ b/pkgs/development/python-modules/bloodhound-py/default.nix
@@ -2,15 +2,14 @@
 , fetchPypi
 , python3
 }:
-
-python3.pkgs.buildPythonApplication rec {
+python3.pkgs.buildPythonPackage rec {
   pname = "bloodhound-py";
-  version = "1.6.1";
+  version = "1.7.1";
 
   src = fetchPypi {
     inherit version;
     pname = "bloodhound";
-    hash = "sha256-SRP74I5euKJErnSkm6OSdAwznv/ZQeEtNG4XofnIEec=";
+    hash = "sha256-BryByUo9FCSrrJgXoXoVPBjpmh32I0xRoeKBsYj8nSE=";
   };
 
   propagatedBuildInputs = with python3.pkgs; [
@@ -23,8 +22,8 @@ python3.pkgs.buildPythonApplication rec {
   doCheck = false;
 
   meta = with lib; {
-    description = "Ingestor for BloodHound";
-    homepage = "https://github.com/fox-it/BloodHound.py";
+    description = "Python based ingestor for BloodHound, based on Impacket.";
+    homepage = "https://github.com/dirkjanm/BloodHound.py";
     license = licenses.mit;
     maintainers = with maintainers; [ exploitoverload ];
   };
diff --git a/pkgs/tools/security/netexec/default.nix b/pkgs/tools/security/netexec/default.nix
new file mode 100644
index 000000000000..d5925365a87a
--- /dev/null
+++ b/pkgs/tools/security/netexec/default.nix
@@ -0,0 +1,172 @@
+{ lib
+, fetchFromGitHub
+, python3
+, buildPythonPackage
+, fetchPypi
+}:
+let
+  python = python3.override {
+    packageOverrides = self: super: {
+      impacket = super.impacket.overridePythonAttrs {
+        version = "0.12.0.dev1";
+        src = fetchFromGitHub {
+          owner = "Pennyw0rth";
+          repo = "impacket";
+          rev = "d370e6359a410063b2c9c68f6572c3b5fb178a38";
+          hash = "sha256-Jozn4lKAnLQ2I53+bx0mFY++OH5P4KyqVmrS5XJUY3E=";
+        };
+      };
+      bloodhound-py = super.bloodhound-py.overridePythonAttrs (old: {
+        propagatedBuildInputs =
+          lib.lists.remove super.impacket old.propagatedBuildInputs
+          ++ [ self.impacket ];
+      });
+    };
+  };
+
+  python-easyconfig = buildPythonPackage rec {
+    pname = "python-easyconfig";
+    version = "0.1.7";
+    src = fetchPypi {
+      inherit version;
+      pname = "Python-EasyConfig";
+      hash = "sha256-tUjxmrhQtVFU9hFi8xTj27J24R47JpUbio+gaDwGuyk=";
+    };
+    propagatedBuildInputs = with python.pkgs; [
+      six
+      pyyaml
+    ];
+  };
+
+  jsonform = buildPythonPackage rec {
+    pname = "jsonform";
+    version = "0.0.2";
+    doCheck = false;
+    src = fetchPypi {
+      inherit version;
+      pname = "JsonForm";
+      hash = "sha256-cfi3ohU44wyphLad3gTwKYDNbNwhg6GKp8oC2VCZiOY=";
+    };
+    propagatedBuildInputs = with python.pkgs; [
+      jsonschema
+    ];
+  };
+
+  jsonsir = buildPythonPackage rec {
+    pname = "jsonsir";
+    version = "0.0.2";
+    doCheck = false;
+    src = fetchPypi {
+      inherit version;
+      pname = "JsonSir";
+      hash = "sha256-QBRHxekx94h4Uc6b8kB/401aqwsUZ7sku787dg5b0/s=";
+    };
+  };
+
+  dploot = buildPythonPackage rec {
+    pname = "dploot";
+    version = "2.2.4";
+    pyproject = true;
+    src = fetchPypi {
+      inherit pname version;
+      hash = "sha256-40/5KOlEFvPL9ohCfR3kqoikpKFfJO22MToq3GhamKM=";
+    };
+    nativeBuildInputs = with python.pkgs; [
+      poetry-core
+    ];
+    propagatedBuildInputs = with python.pkgs; [
+      impacket
+      cryptography
+      pyasn1
+      lxml
+    ];
+  };
+
+  resource = buildPythonPackage rec {
+    pname = "resource";
+    version = "0.2.1";
+    doCheck = false;
+    src = fetchPypi {
+      inherit version;
+      pname = "Resource";
+      hash = "sha256-mDVKvY7+c9WhDyEJnYC774Xs7ffKIqQW/yAlClGs2RY=";
+    };
+    propagatedBuildInputs = with python.pkgs; [
+      python-easyconfig
+      jsonform
+      jsonsir
+    ];
+  };
+in
+python.pkgs.buildPythonApplication rec {
+  pname = "netexec";
+  version = "1.1.0";
+  pyproject = true;
+  doCheck = true;
+  pythonRelaxDeps = true;
+
+  src = fetchFromGitHub {
+    owner = "Pennyw0rth";
+    repo = "NetExec";
+    rev = "refs/tags/v${version}";
+    hash = "sha256-cNkZoIdfrKs5ZvHGKGBybCWGwA6C4rqjCOEM+pX70S8=";
+  };
+
+  nativeBuildInputs = with python.pkgs; [
+    poetry-core
+    pythonRelaxDepsHook
+  ];
+
+  propagatedBuildInputs = with python.pkgs; [
+    requests
+    beautifulsoup4
+    lsassy
+    termcolor
+    msgpack
+    neo4j
+    pylnk3
+    pypsrp
+    paramiko
+    impacket
+    dsinternals
+    xmltodict
+    terminaltables
+    aioconsole
+    pywerview
+    minikerberos
+    pypykatz
+    aardwolf
+    dploot
+    bloodhound-py
+    asyauth
+    masky
+    sqlalchemy
+    aiosqlite
+    pyasn1-modules
+    rich
+    python-libnmap
+    resource
+    oscrypto
+  ];
+
+  nativeCheckInputs = with python.pkgs; [
+    pytest
+  ];
+
+  postPatch = ''
+    substituteInPlace pyproject.toml \
+      --replace '{ git = "https://github.com/Pennyw0rth/impacket.git", branch = "gkdi" }' '"*"'
+
+    substituteInPlace pyproject.toml \
+      --replace '{ git = "https://github.com/Pennyw0rth/oscrypto" }' '"*"'
+  '';
+
+  meta = with lib; {
+    description = "Network service exploitation tool (Maintaned fork of CrackMapExec)";
+    homepage = "https://github.com/Pennyw0rth/NetExec";
+    changelog = "https://github.com/Pennyw0rth/NetExec/releases/tag/v${version}";
+    license = with licenses; [ bsd2 ];
+    mainProgram = "nxc";
+    maintainers = with maintainers; [ vncsb ];
+  };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index fc8aed93a803..0bc53c7d5d01 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -379,7 +379,7 @@ with pkgs;
 
   bloom = qt6Packages.callPackage ../development/tools/bloom { };
 
-  bloodhound-py = callPackage ../tools/security/bloodhound-py { };
+  bloodhound-py = with python3Packages; toPythonApplication bloodhound-py;
 
   bodyclose = callPackage ../development/tools/bodyclose { };
 
@@ -10265,6 +10265,8 @@ with pkgs;
 
   ncrack = callPackage ../tools/security/ncrack { };
 
+  netexec = python3Packages.callPackage ../tools/security/netexec { };
+
   nerdctl = callPackage ../applications/networking/cluster/nerdctl { };
 
   netdata = callPackage ../tools/system/netdata {
diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix
index 3bf50f9e186a..c198d5b041e3 100644
--- a/pkgs/top-level/python-packages.nix
+++ b/pkgs/top-level/python-packages.nix
@@ -1556,6 +1556,8 @@ self: super: with self; {
 
   blocksat-cli = callPackage ../development/python-modules/blocksat-cli { };
 
+  bloodhound-py = callPackage ../development/python-modules/bloodhound-py { };
+
   blosc2 = callPackage ../development/python-modules/blosc2 { };
 
   bluemaestro-ble = callPackage ../development/python-modules/bluemaestro-ble { };