{"id":18099489,"url":"https://github.com/jeffhacks/smbscan","last_synced_at":"2025-04-13T15:55:32.605Z","repository":{"id":37019898,"uuid":"421252646","full_name":"jeffhacks/smbscan","owner":"jeffhacks","description":"SMBScan is a tool to enumerate file shares on an internal network.","archived":false,"fork":false,"pushed_at":"2025-03-24T01:55:30.000Z","size":156,"stargazers_count":44,"open_issues_count":18,"forks_count":6,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-03-24T02:36:20.076Z","etag":null,"topics":["pentest","redteam","security","security-audit","security-tools","smb"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jeffhacks.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-10-26T02:28:34.000Z","updated_at":"2025-03-24T01:55:33.000Z","dependencies_parsed_at":"2023-02-15T14:16:06.767Z","dependency_job_id":"7006e70a-8c50-4286-a921-56b49a801df5","html_url":"https://github.com/jeffhacks/smbscan","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jeffhacks%2Fsmbscan","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jeffhacks%2Fsmbscan/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jeffhacks%2Fsmbscan/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jeffhacks%2Fsmbscan/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jeffhacks","download_url":"https://codeload.github.com/jeffhacks/smbscan/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248741144,"owners_count":21154250,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["pentest","redteam","security","security-audit","security-tools","smb"],"created_at":"2024-10-31T21:09:27.634Z","updated_at":"2025-04-13T15:55:32.577Z","avatar_url":"https://github.com/jeffhacks.png","language":"Python","funding_links":[],"categories":["\u003ca name=\"networking\"\u003e\u003c/a\u003eNetworking"],"sub_categories":[],"readme":"# SMBScan\r\n\r\n### Overview\r\nSMBScan is a tool developed to enumerate file shares on an internal network.\r\n\r\nIt's primary objectives are:\r\n\r\n* Scan a single target or hundreds of targets\r\n* Enumerate all accessible shares and files\r\n* Identify files that potentially contain credentials or secrets\r\n* Try to avoid detection by blue teams\r\n\r\n### Table of Contents\r\n1. [Getting Started](#getting-started)\r\n2. [Running Scans](#running-scans)\r\n3. [Scan Output](#scan-output)\r\n4. [Analysing Output](#analysing-output)\r\n5. [Authors](#authors)\r\n6. [Acknowledgements](#acknowledgments)\r\n\r\n---\r\n## Getting Started\r\nClone or download from the git repo.\r\n\r\n### Installation\r\n```bash\r\npip3 install -r requirements.txt\r\n```\r\n\r\n---\r\n## Running scans\r\nScan a single target as guest\r\n```bash\r\npython3 src/smbscan.py 192.168.0.0/24\r\n```\r\n\r\n```log\r\n[2022-05-21 22:14:17 INFO] src/smbscan.py 192.168.0.26\r\n[2022-05-22 20:45:36 INFO] Scanning 192.168.0.26\r\n[2022-05-21 22:14:17 INFO] 192.168.0.26 (TESTSERVER) Connected as tester, Target OS: eWeblrdS\r\n[2022-05-21 22:14:17 INFO] 192.168.0.26 (TESTSERVER) Scanning \\\\TESTSERVER\\TESTER\r\n[2022-05-21 22:14:17 CRITICAL] Suspicous file: \\\\TESTSERVER\\TESTER\\.ssh\\id_rsa.pub (Sat May 21 21:12:21 2022, 563)\r\n[2022-05-21 22:14:17 CRITICAL] Suspicous file: \\\\TESTSERVER\\TESTER\\.ssh\\id_rsa (Sat May 21 21:12:21 2022, 2590)\r\n[2022-05-21 22:14:18 CRITICAL] Suspicous file: \\\\TESTSERVER\\TESTER\\.aws\\credentials (Sat May 21 21:12:23 2022, 119)\r\n[2022-05-21 22:14:26 INFO] Scan completed\r\n```\r\n\r\nScan a range of targets as a specific domain user with a random delay of 1-3 seconds between targets and operations on targets:\r\n```bash\r\npython3 src/smbscan.py 192.168.0.0/24 -u tester -p Monkey123 ---download-files --max-depth 3 --exclude-hosts 192.168.0.18\r\n```\r\n\r\n```log\r\n[2022-05-21 22:14:17 INFO] src/smbscan.py 192.168.0.0/24 -u tester -p Monkey123 ---download-files --max-depth 3 --exclude-hosts 192.168.0.18\r\n[2022-05-21 22:14:17 INFO] Scanning 192.168.0.0/24\r\n[2022-05-21 22:14:17 WARNING] Skipping 192.168.0.18 (on exclusion list)\r\n[2022-05-21 22:14:17 INFO] 192.168.0.26 (TESTSERVER) Connected as tester, Target OS: eWeblrdS\r\n[2022-05-21 22:14:17 INFO] 192.168.0.26 (TESTSERVER) Scanning \\\\TESTSERVER\\TESTER\r\n[2022-05-21 22:14:17 CRITICAL] Suspicous file: \\\\TESTSERVER\\TESTER\\.ssh\\id_rsa.pub (Sat May 21 21:12:21 2022, 563)\r\n[2022-05-21 22:14:17 CRITICAL] Suspicous file: \\\\TESTSERVER\\TESTER\\.ssh\\id_rsa (Sat May 21 21:12:21 2022, 2590)\r\n[2022-05-21 22:14:18 CRITICAL] Suspicous file: \\\\TESTSERVER\\TESTER\\.aws\\credentials (Sat May 21 21:12:23 2022, 119)\r\n[2022-05-21 22:14:18 INFO] Scanning 192.168.0.35\r\n[2022-05-21 22:14:19 INFO] 192.168.0.35 (desktop-9kolkm4) Connected as tester, Target OS: Windows 10.0 Build 19041\r\n[2022-05-21 22:14:19 INFO] 192.168.0.35 (desktop-9kolkm4) Scanning \\\\desktop-9kolkm4\\ADMIN$\r\n[2022-05-21 22:14:19 INFO] 192.168.0.35 (desktop-9kolkm4) Error accessing ADMIN$\r\n[2022-05-21 22:14:19 INFO] 192.168.0.35 (desktop-9kolkm4) Scanning \\\\desktop-9kolkm4\\Backups\r\n[2022-05-21 22:14:19 INFO] 192.168.0.35 (desktop-9kolkm4) Scanning \\\\desktop-9kolkm4\\C$\r\n[2022-05-21 22:14:19 INFO] 192.168.0.35 (desktop-9kolkm4) Error accessing C$\r\n[2022-05-21 22:14:20 INFO] 192.168.0.35 (desktop-9kolkm4) Scanning \\\\desktop-9kolkm4\\E$\r\n[2022-05-21 22:14:20 INFO] 192.168.0.35 (desktop-9kolkm4) Error accessing E$\r\n[2022-05-21 22:14:20 INFO] 192.168.0.35 (desktop-9kolkm4) Scanning \\\\desktop-9kolkm4\\inetpub\r\n[2022-05-21 22:14:24 CRITICAL] Suspicous file: \\\\desktop-9kolkm4\\inetpub\\wwwroot\\web.config (Sat May 21 20:48:54 2022, 31506)\r\n[2022-05-21 22:14:24 INFO] 192.168.0.35 (desktop-9kolkm4) Scanning \\\\desktop-9kolkm4\\Users\r\n[2022-05-21 22:14:26 CRITICAL] Suspicous file: \\\\desktop-9kolkm4\\Users\\tester\\Documents\\Passwords.kdbx (Fri May 20 21:57:30 2022, 1870)\r\n[2022-05-21 22:14:26 INFO] Scan completed\r\n```\r\n\r\n---\r\n## Scan Output\r\nSMBScan produces a number of files.\r\n\r\n* Primary logfile\r\n  * A primary logfile for each scan - records everything that's output to the terminal\r\n* CSV index files\r\n  * A listing of all accessible shares and files. One CSV file per target\r\n* Downloaded files\r\n  * A collection of downloaded suspicious files (if download is enabled). Structured by TARGET\\SHARE\\DIRECTORY\\FILE\r\n\r\n```\r\nlogs\r\n│   smbscan-20220518-075257.log\r\n│   smbscan-desktop-9kolm4-20220518-075257.csv\r\n│   smbscan-testserver-20220518-075257.csv\r\n│\r\n└───\u003cTARGET\u003e\r\n│   └───\u003cSHARE\u003e\r\n│       └───\u003cDIRECTORY\u003e\r\n│           │   suspicious-file\r\n|\r\n└───DESKTOP-9KOLKM4\r\n│   └───inetpub\r\n│   |   └───wwwroot\r\n│   |       │   web.config\r\n│   └───Users\r\n│       └───tester\r\n│           └───Documents\r\n│               │   Passwords.kdbx\r\n│   \r\n└───TESTSERVER\r\n│   └───TESTER\r\n│       └───.aws\r\n│           |   credentials\r\n│       └───.ssh\r\n│           |   id_rsa.pub\r\n```\r\n\r\n---\r\n## Analysing Output\r\n\r\n### Search Downloaded Files\r\nUse grep, or speed up the process with graudit (https://github.com/wireghoul/graudit)\r\n```bash\r\ngraudit -d secrets -x *.csv logs/\r\n```\r\n\r\n### View CSV Files\r\n```bash\r\ncat logs/smbscan-desktop-9kolm4-20220518-075257.csv | sed -e 's/,,/, ,/g' | column -s, -t | less -#5 -N -S\r\n```\r\n\r\n```\r\n1 tester  DESKTOP-9KOLKM4  desktop-9kolkm4  192.168.0.35  Backups  \\MSSQL\r\n2 tester  DESKTOP-9KOLKM4  desktop-9kolkm4  192.168.0.35  Backups  \\MSSQL\\BookingSystem.bak\r\n3 tester  DESKTOP-9KOLKM4  desktop-9kolkm4  192.168.0.35  inetpub  \\wwwroot\r\n4 tester  DESKTOP-9KOLKM4  desktop-9kolkm4  192.168.0.35  inetpub  \\wwwroot\\index.cs\r\n5 tester  DESKTOP-9KOLKM4  desktop-9kolkm4  192.168.0.35  inetpub  \\wwwroot\\Robots.txt\r\n6 tester  DESKTOP-9KOLKM4  desktop-9kolkm4  192.168.0.35  inetpub  \\wwwroot\\web.config\r\n```\r\n\r\n### Search CSV Files\r\n```bash\r\ngrep -i -e \\.bak *.csv\r\n\r\ntester,DESKTOP-9KOLKM4,desktop-9kolkm4,192.168.0.35,Backups,\\MSSQL\\BookingSystem.bak.....\r\n```\r\n\r\n---\r\n## Authors\r\n* Jeff Thomas - https://github.com/jeffhacks\r\n* Yianna Paris - https://github.com/nekosoft\r\n\r\n---\r\n## Acknowledgments\r\n* Wireghoul - https://github.com/wireghoul\r\n* Justin Steven - https://github.com/justinsteven\r\n* Impacket - https://github.com/SecureAuthCorp/impacket\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjeffhacks%2Fsmbscan","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjeffhacks%2Fsmbscan","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjeffhacks%2Fsmbscan/lists"}