├── README.md └── wsmb /README.md: -------------------------------------------------------------------------------- 1 | # SMBScan - Current Version 3.0.3 2 | 3 |

  4 |  __      __        .__       .___         _________   _____ __________ 
  5 | /  \    /  \_____  |  |    __| _/____    /   _____/  /     \\______   \
  6 | \   \/\/   /\__  \ |  |   / __ |/  _ \   \_____  \  /  \ /  \|    |  _/
  7 |  \        /  / __ \|  |__/ /_/ (  <_> )  /        \/    Y    \    |   \
  8 |   \__/\  /  (____  /____/\____ |\____/  /_______  /\____|__  /______  /
  9 |        \/        \/           \/                \/         \/       \/ 
 10 |

11 | 12 | 13 | Scans SMB for Vulnerabilities Assessment 14 |
15 |
16 | Work in progress, looking to implement several things still. 17 | Uses nmap but packages all the NSE scans in one script for quick assessment as well as enumerating shares/smb servers and banner grabbing. 18 | Also does Enum4linux with -e flag and nbtscan with -n flag. 19 | 20 | Please use responsibly and with permission only. I do not condone unauthorized uses and will not be responsible for anything unethical commited with these. 21 |
22 |
23 | Uses Nmap, Enum4linux, NBTSCAN, etc. in order to scan smb for vulnerabilities and enumerating shares and samba servers. The script will check if you have these dependencies installed and offer to install them if you don't. 24 |
25 |
26 | It can scan a subrange since it just uses nmap for the heavy lifting. 27 |
28 |
29 | Usage: wsmb [options] 30 |
31 | options: 32 |
33 | -h, --help Show Brief Help 34 |
35 | -l List SMB NSE Scripts 36 |
37 | -n Include NBTScan 38 |
39 | -e Include Enum4Linux Scan 40 |
41 | -map Enumerate with smbmap 42 |
43 | -sh or -sh='Share' List and login to an SMB Share 44 |
45 | -s Run a full subnet SMB Scan without Banner Grabbing 46 |
47 | -qs Run a quick SMB Scan 48 |
49 | -sb Run a full subnet SMB Scan with Banner Grabbing (slow scan) 50 |
51 | -c Run scan and empty directory 52 |
53 | -cx Empty dir without scan 54 |
55 | -brute Brute force SMB 56 |
57 | -i Do a full intensive scan of SMB on the machine 58 |
59 | -v Verbose output 60 |
61 | --update Updates WSMB 62 |
63 | --version Displays current installed version and checkes for updates 64 |
65 |
66 | # Usage Examples 67 |
68 |
69 | It has the ability to check for ports 139,445 SMB. You can search for all servers with these ports open by running: 70 |
71 |
72 | EX: wsmb 192.168.1.* -qs 73 |
74 |
75 | This does a quick scan in order to get an idea of every machine with ports 139,445 open on your subnet. -s defaults to a full scan with hostname enumeration and -sb includes nmap banner grabbing as well. 76 |
77 |
78 | Once you've decided on a target, you can run every smb nse script available on your system against the target with: 79 |
80 |
81 | EX: wsmb 192.168.1.1 82 |
83 |
84 | And if you'd like you can include enum4linux with -e and an NBTScan with -n. An intensive scan can be run with -i, doing enum4linux, nbtscan, banner grabbing, and enumerating all samba shares (by checking if anon login is allowed) as well as running all NSE scripts against target. 85 |
86 |
87 | EX: wsmb 192.168.1.1 -e -n (Runs NSE Scripts, enum4linux, and nbtscan) 88 |
89 |
90 | EX: wsmb 192.168.1.1 -i (Does a full run SMB enumeration) 91 |
92 |
93 | Everything you scan will be saved in a corresponding file with the scan name in a folder named (last 2 digits of IP)/hostname-SMBScan on your Desktop. 94 |
95 |
96 | Several more features to come so a --update feature was added to automatically update your script from the github version. Checks your current version against github version and if current version doesnt match, updates your file. 97 | 98 | #Changelog 99 | *3.0.3 100 |

Verbosity addition -vv

103 | 104 | *3.0.2 105 |

Cleaned up dependency checks

108 | 109 | *3.0.1 110 |

Folder naming fixes

113 | 114 | *3.0 115 |

Added new intensive scan option (-i)
Added dependency checks, for best experience allows you to install all dependencies quickly
Removed constant Version check against the git, --update or --version must now be ran to check for and run updates.
When updating with --update you are now prompted before accepting the update
Minor Fixes

122 | 123 | *2.0.2-2.0.3 124 |

Fixed help Menu
Minor Fixes

128 | 129 | *2.0.1 130 |

Enhanced SMB Share login to accept a Share as an argument for an expedited login. EX: wsmb 192.168.1.1 -sh="Admin"

133 | 134 | *2.0.0 135 |

Complete restructure with functions to handle bulkwork. Further optimization planned to come.
Verbosity now works more effictively and as planned. Continued plans to improve.
Minor bug fixes including SMB Brute force fix

140 | 141 | *1.0.62 142 |

New ASCII intro.

145 | 146 | *1.0.61 147 |

Minor fixes.

150 | 151 | *1.0.6 152 |

Added a verbosity level for more detailed output. Plans to update the output significantly for detailed info.

155 | 156 | *1.0.51 157 |

Minor Bug Fixes

160 | 161 | *1.0.5 162 |

SMB Brute Forcing Capabilities have been added using Kali built in acccheck

165 | 166 | *1.0.4 167 |

Added Automatic Version checking (updates are done manually in case you'd like to wait for whatever reason)
Fixed folder naming system for certain hosts
Now set to properly update Locate DB

172 | -------------------------------------------------------------------------------- /wsmb: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | #Nmap Full Vuln Scan 3 | 4 | Rand=$(( ( RANDOM % 3 ) + 1 )) 5 | if [ "$Rand" == "1" ]; then 6 | cat << "EndOfMessage" 7 | █ █░ ▄▄▄ ██▓ ▓█████▄ ▒█████ 8 | ▓█░ █ ░█░▒████▄ ▓██▒ ▒██▀ ██▌▒██▒ ██▒ 9 | ▒█░ █ ░█ ▒██ ▀█▄ ▒██░ ░██ █▌▒██░ ██▒ 10 | ░█░ █ ░█ ░██▄▄▄▄██ ▒██░ ░▓█▄ ▌▒██ ██░ 11 | ░░██▒██▓ ▓█ ▓██▒░██████▒░▒████▓ ░ ████▓▒░ 12 | ░ ▓░▒ ▒ ▒▒ ▓▒█░░ ▒░▓ ░ ▒▒▓ ▒ ░ ▒░▒░▒░ 13 | ▒ ░ ░ ▒ ▒▒ ░░ ░ ▒ ░ ░ ▒ ▒ ░ ▒ ▒░ 14 | ░ ░ ░ ▒ ░ ░ ░ ░ ░ ░ ░ ░ ▒ 15 | ░ ░ ░ ░ ░ ░ ░ ░ 16 | ██████ ███▄ ▄███▓ ▄▄▄▄ ░ 17 | ▒██ ▒ ▓██▒▀█▀ ██▒▓█████▄ 18 | ░ ▓██▄ ▓██ ▓██░▒██▒ ▄██ 19 | ▒ ██▒▒██ ▒██ ▒██░█▀ 20 | ▒██████▒▒▒██▒ ░██▒░▓█ ▀█▓ 21 | ▒ ▒▓▒ ▒ ░░ ▒░ ░ ░░▒▓███▀▒ 22 | ░ ░▒ ░ ░░ ░ ░▒░▒ ░ 23 | ░ ░ ░ ░ ░ ░ ░ 24 | ░ ░ ░ 25 | ░ 26 | 27 | [*] Running wsmb! 28 | EndOfMessage 29 | elif [ "$Rand" == "2" ]; then 30 | cat << "EndOfMessage" 31 | ██╗ ██╗ █████╗ ██╗ ██████╗ ██████╗ 32 | ██║ ██║██╔══██╗██║ ██╔══██╗██╔═══██╗ 33 | ██║ █╗ ██║███████║██║ ██║ ██║██║ ██║ 34 | ██║███╗██║██╔══██║██║ ██║ ██║██║ ██║ 35 | ╚███╔███╔╝██║ ██║███████╗██████╔╝╚██████╔╝ 36 | ╚══╝╚══╝ ╚═╝ ╚═╝╚══════╝╚═════╝ ╚═════╝ 37 | ███████╗███╗ ███╗██████╗ 38 | ██╔════╝████╗ ████║██╔══██╗ 39 | ███████╗██╔████╔██║██████╔╝ 40 | ╚════██║██║╚██╔╝██║██╔══██╗ 41 | ███████║██║ ╚═╝ ██║██████╔╝ 42 | ╚══════╝╚═╝ ╚═╝╚═════╝ 43 | 44 | [*] Running wsmb! 45 | EndOfMessage 46 | elif [ "$Rand" == "3" ]; then 47 | cat << "EndOfMessage" 48 | ▄▄▌ ▐ ▄▌ ▄▄▄· ▄▄▌ ·▄▄▄▄ 49 | ██· █▌▐█▐█ ▀█ ██• ██▪ ██▪ 50 | ██▪▐█▐▐▌▄█▀▀█ ██▪ ▐█· ▐█▌▄█▀▄ 51 | ▐█▌██▐█▌▐█ ▪▐▌▐█▌▐▌██. ██▐█▌.▐▌ 52 | ▀▀▀▀ ▀▪ ▀ ▀ .▀▀▀ ▀▀▀▀▀• ▀█▄▀▪ 53 | .▄▄ · • ▌ ▄ ·. ▄▄▄▄· 54 | ▐█ ▀. ·██ ▐███▪▐█ ▀█▪ 55 | ▄▀▀▀█▄▐█ ▌▐▌▐█·▐█▀▀█▄ 56 | ▐█▄▪▐███ ██▌▐█▌██▄▪▐█ 57 | ▀▀▀▀ ▀▀ █▪▀▀▀·▀▀▀▀ 58 | 59 | [*] Running wsmb! 60 | EndOfMessage 61 | fi 62 | 63 | 64 | 65 | #First part checks to make sure we have a host or any variable given. If not, help options are displayed 66 | if [ -z "$1" ]; then 67 | echo "[*] SMB Scanning Tool" 68 | echo "[*] Checks SMB for openings, no options scans against NSE scripts for vulns." 69 | echo "[*] Usage: wsmb [options]" 70 | echo "options:" 71 | echo "-h, --help Show Brief Help" 72 | echo "-l List SMB NSE Scripts" 73 | echo "-n Include NBTScan" 74 | echo "-e Include Enum4Linux Scan" 75 | echo "-map Enumerate with smbmap" 76 | echo "-sh or -sh='Share' List and login to an SMB Share" 77 | echo "-s Run a full subnet SMB Scan without Banner Grabbing" 78 | echo "-qs Run a quick SMB Scan" 79 | echo "-sb Run a full subnet SMB Scan with Banner Grabbing (slow scan)" 80 | echo "-c Run scan and empty directory" 81 | echo "-cx Empty dir without scan" 82 | echo "-brute Brute force SMB" 83 | echo "-i Do a full intensive scan of SMB on the machine" 84 | echo "-v Verbose output" 85 | echo "-vv Increase verbosity" 86 | echo "--update Updates WSMB" 87 | echo "--version Displays current wsmb Version and checks for updates" 88 | exit 0 89 | fi 90 | 91 | #setting global variables 92 | ABSOLUTE_PATH=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/$(basename "${BASH_SOURCE[0]}") 93 | VERSION=3.0.3 94 | 95 | ########################### 96 | ####Setting up functions[*] 97 | # Use `$echoLog` everywhere you print verbose logging messages to console 98 | # By default, it is disabled and will be enabled with the `-v` or `--verbose` flags 99 | declare echoLog='silentEcho' 100 | function silentEcho() { 101 | : 102 | } 103 | 104 | #Locates smb nse scripts on your pc 105 | loc () { 106 | #$echoLog "[+verbose] finding nmap/scripts/smb " 107 | locate nmap/scripts/smb | cut -d"/" -f6 | grep "vuln" | cut -d"." -f1 | sort -r 108 | } 109 | 110 | #here we do a check to see if the directory this script makes already exists. 111 | direxist () { 112 | $echoLog "[+verbose] Checking to see if directory exists for creation." 113 | if [ ! -d ~/Desktop/$host-SMBScan/NSE ]; then 114 | $echoLog "[+verbose] mkdir ~/Desktop/$host-SMBScan" 115 | mkdir ~/Desktop/$host-SMBScan 116 | $echoLog "[+verbose] ~/Desktop/$host-SMBScan/NSE" 117 | mkdir ~/Desktop/$host-SMBScan/NSE 118 | fi 119 | } 120 | 121 | cleandirexist () { 122 | if [ -d ~/Desktop/$host-SMBScan ]; then 123 | echo "[*] Cleaning Directory" 124 | rm -rf ~/Desktop/$host-SMBScan/* & 125 | else 126 | echo "[*] Directory Does Not Exist!" 127 | fi 128 | } 129 | 130 | snapshot () { 131 | read -p " : y/N: " CONDITION; 132 | if [ "$CONDITION" == "y" ] || [ "$CONDITION" == "Y" ]; then 133 | gnome-screenshot --window -f ~/Desktop/$host-SMBScan/$1.jpg 134 | fi 135 | } 136 | 137 | dependencychecks () { 138 | $echoLog "[+verbose] Checking if $2 is installed." 139 | if [ ! -f "$1" ]; then 140 | read -p "< [$2] Not installed, required for full functionality. Install now?> Y/n: " CONDITION; 141 | if [ "$CONDITION" == "Y" ] || [ "$CONDITION" == "y" ] || [ -z "$CONDITION" ]; then 142 | sudo apt-get install "$2" -y 143 | else 144 | echo "[*] Must install $2 to continue." 145 | exit 0 146 | fi 147 | fi 148 | } 149 | 150 | checkarg () { 151 | if [ "$1" == "$2" ]; then 152 | echo "[*] $3" 153 | exit 0 154 | fi 155 | } 156 | 157 | checkonlyarg () { 158 | if [ -z "$4" ] || [ "$4" == "-v" ] && [ "$1" == "$2" ]; then 159 | : 160 | else 161 | echo "[*] $3" 162 | exit 0 163 | fi 164 | } 165 | 166 | checkupdate () { 167 | $echoLog "[+verbose] Checking github for version updates." 168 | git=$(curl --silent https://github.com/waldo-irc/SMBScan/blob/master/wsmb | grep 'VERSION=' | cut -d">" -f2 | cut -d"<" -f1 | cut -d"=" -f 2) 169 | if [ "$git" == "$VERSION" ]; then 170 | echo "[*] Current version is latest." 171 | else 172 | echo "[****] Update Available" 173 | echo "[****] Version update from $VERSION to $git" 174 | echo "[****] Read Changelog for more info. https://github.com/waldo-irc/SMBScan/blob/master/README.md" 175 | update="1" 176 | fi 177 | } 178 | ####End Functions[*] 179 | #################### 180 | 181 | #store our final octet for final naming into $host 182 | $echoLog "[+verbose] Grepping Host for foldername creation." 183 | if [[ $1 == *[/]* ]]; then 184 | hostl=$(echo $1 | cut -d"." -f4 | cut -d"/" -f2) 185 | host="sub$hostl" 186 | elif echo "$1" | grep '[0-9]' >/dev/null; then 187 | host=$(echo $1 | cut -d"." -f4) 188 | elif echo "$1" | grep '*' >/dev/null; then 189 | host="SubScan" 190 | else 191 | host=$1 192 | fi 193 | 194 | #These arguments need to run very first as they must run alone. 195 | for arg; do 196 | case $arg in 197 | -l) checkonlyarg "$1" "-l" "Error, -l must be the only argument" "$2" ;; 198 | -i) checkonlyarg "$2" "-i" "Error, -i cannot be run with anything else." "$3" ;; 199 | --update) checkonlyarg "$1" "--update" "Error, --update cannot be run with anything else." "$2" ;; 200 | esac 201 | done 202 | 203 | #These arguments need to run next. 204 | for arg; do 205 | case $arg in 206 | -v) checkarg $1 -v "Error, must specify a target" 207 | echoLog='echo'; ;; 208 | -vv) checkarg $1 -vv "Error, must specify a target" 209 | set -x;; 210 | -c) checkarg $1 -c "Error, must specifiy which directory to clear with target name Ex: wsmb 192.168.1.25 -c" 211 | cleandirexist;; 212 | -cx) checkarg $1 -cx "Error, must specifiy which directory to clear with target name Ex: wsmb 192.168.1.25 -cx" 213 | if [ "$3" ]; then 214 | echo "[!!!] No other arguments can be used with '-cx'." 215 | exit 0 216 | else 217 | cleandirexist 218 | fi 219 | exit 0;; 220 | esac 221 | done 222 | 223 | #update Locate DB 224 | $echoLog "[+verbose] Running updatedb." 225 | updatedb 226 | 227 | #checking for dependencies. There are lines like these at the beggining of any argument that requires such a dependency. 228 | dependencychecks /usr/bin/nmap nmap 229 | 230 | #Here we set up our options and arguments 231 | for arg in "$@"; do 232 | case $arg in 233 | -v) echo "[/*\]" 234 | $echoLog "[+verbose] Running in Verbose Mode" ;; 235 | -i) echo "[*] Running Intensive Scan Against Target" 236 | dependencychecks /usr/bin/enum4linux enum4linux 237 | dependencychecks /usr/bin/nbtscan nbtscan 238 | dependencychecks /usr/bin/smbclient smbclient 239 | direxist 240 | checkarg $1 -i "Error, must specify a target" 241 | $echoLog "[+verbose] Running NBTScan" 242 | nbtscan $1 > ~/Desktop/$host-SMBScan/nbtscan.txt & 243 | $echoLog "[+verbose] Enumerating Shares" 244 | smbclient -L $1 -N > ~/Desktop/$host-SMBScan/shares.txt 245 | grep -i "disk" ~/Desktop/$host-SMBScan/shares.txt 246 | wait 247 | $echoLog "[+verbose] Running Enum4Linux (this scan takes the longest)" 248 | enum4linux $1 > ~/Desktop/$host-SMBScan/enum4linux.txt & 249 | wait 250 | grep -i os= ~/Desktop/$host-SMBScan/enum4linux.txt 251 | wait ;; 252 | -l) echo "[*] Following SMB NSE scripts are available on your computer: " 253 | $echoLog "[+verbose] Running Locate on nmap/scripts" 254 | loc 255 | echo "[*] End" 256 | exit 0;; 257 | -n) echo "[*] Running NBTScan Against Target" 258 | dependencychecks /usr/bin/nbtscan nbtscan 259 | direxist 260 | checkarg $1 -n "Error, must specify a target" 261 | $echoLog "[+verbose] Running NBTScans" 262 | nbtscan $1 > ~/Desktop/$host-SMBScan/nbtscan.txt & 263 | wait ;; 264 | -map) echo "[*] Mapping Shares with SMBMap" 265 | dependencychecks /usr/bin/smbmap smbmap 266 | checkarg $1 -map "Error, must specify a target Ex: wsmb 192.168.1.25 -map" 267 | smbmap -H $1 268 | exit 0;; 269 | -e) echo "[*] Running Enum4Linux Against Target - This could take a while." 270 | dependencychecks /usr/bin/enum4linux enum4linux 271 | direxist 272 | checkarg $1 -e "Error, must specify a target" 273 | enum4linux $1 > ~/Desktop/$host-SMBScan/enum4linux.txt & 274 | wait 275 | grep -i os= ~/Desktop/$host-SMBScan/enum4linux.txt ;; 276 | -c) echo "[/*\]";; 277 | -sb) echo "[*] Checking for All SMB Servers in subnet with banner grabbing (slower scan):" 278 | checkarg $1 -sb "Error! Must be used with a target IP, Scanner will search for ALL IPS in subnet range of target Ex: wsmb 192.168.25.1 -sb" 279 | echo "[*]Open SMB Servers" > ~/Desktop/SMBScan.txt 280 | for a in $(seq 0 254); do 281 | b=$(echo $1 | cut -d"." -f1,2,3) 282 | c=$(nmap -p139,445 $b.$a --open | grep "for" | cut -d" " -f5,6) 283 | $echoLog "[*] Scanning $b.$a" 284 | if [ -z "$c" ]; then 285 | : 286 | else 287 | d=$(nmap -p139,445 -sV $b.$a --open | grep "139/tcp" | cut -d' ' -f5,6 ) 288 | e=$(host $c | cut -d" " -f5) 289 | echo "$c $e [+$d]" >> ~/Desktop/SMBScan.txt 290 | echo "$c $e [+$d]" 291 | fi 292 | done 293 | echo "[*]End" >> ~/Desktop/SMBScan.txt 294 | exit 0;; 295 | -s) echo "[*] Checking for All SMB Servers in subnet:" 296 | checkarg $1 -s "Error! Must be used with a target IP, Scanner will search for ALL IPS in subnet range of target Ex: wsmb 192.168.25.1 -s" 297 | echo "[*]Open SMB Servers" > ~/Desktop/SMBScan.txt 298 | for a in $(seq 0 254); do 299 | b=$(echo $1 | cut -d"." -f1,2,3) 300 | c=$(nmap -p139,445 $b.$a --open | grep "for" | cut -d" " -f5,6) 301 | $echoLog "[*] Scanning $b.$a" 302 | if [ -z "$c" ]; then 303 | : 304 | else 305 | d=$(host $c | cut -d" " -f5) 306 | echo "$c $d" >> ~/Desktop/SMBScan.txt 307 | echo "$c $d" 308 | fi 309 | done 310 | echo "[*]End" >> ~/Desktop/SMBScan.txt 311 | exit 0;; 312 | -qs) echo "[*] Checking for SMB Servers:" 313 | checkarg $1 -qs "Error! Must be used with a target IP, Scanner will search for ALL IPS in subnet range of target Ex: wsmb 192.168.25.* -qs" 314 | a=$(echo $1 | cut -d"." -f4 | cut -d"/" -f1) 315 | if [[ "$a" != "*" ]] && [[ "$a" != "0" ]]; then 316 | smb=$(nmap -p139,445 $1 --open | grep "for" | cut -d" " -f5,6) 317 | echo "$smb [+OPEN]" 318 | else 319 | smb=$(nmap -p139,445 $1 --open | grep "for" | cut -d" " -f5,6) 320 | echo "$smb" 321 | echo "[*]Scan Finished" 322 | fi 323 | exit 0;; 324 | -sh=*|-sh) echo "[*] Listing SMB Shares" 325 | dependencychecks /usr/bin/smbclient smbclient 326 | checkarg $1 -sh "Error! Must be used with a target host or IP! Usage: wsmb -sh" 327 | $echoLog "[+verbose] Running SMBClient to check shares." 328 | SHARE="${arg#*=}" 329 | if [ -z "$SHARE" ] || [ "$SHARE" == "-sh" ]; then 330 | smbclient -L $1 -N 331 | read -p "[*] Would you like to access smb share? (Y/n): " answer; 332 | else 333 | answer=Y 334 | fi 335 | if [ "$answer" == y ] || [ "$answer" == Y ] || [ -z "$answer" ]; then 336 | if [ -z "$SHARE" ] || [ "$SHARE" == "-sh" ]; then 337 | read -p "[*] Choose an SMB share to access: " smb; 338 | else 339 | smb="$SHARE" 340 | fi 341 | read -p "[*] Choose a user to login with (leave blank for anon): " user; 342 | read -p "[*] Enter user password (leave blank for anon): " pass; 343 | smbclient //"$1"/"$smb" -U "$user"%"$pass" 344 | else 345 | exit 346 | fi 347 | shift 348 | exit 0;; 349 | -brute) echo "[*] Running SMB Brute Force Attack" 350 | dependencychecks /usr/bin/acccheck acccheck 351 | direxist 352 | checkarg $1 -brute "Error! Must specify a target EX: wsmb 192.168.5.5 -brute" 353 | $echoLog "[+verbose] Checking to see if directory exists for creation." 354 | read -p "[->] Enter a user to brute force or a .txt file: " BRUTEUSER; 355 | read -p "[->] Enter a password to brute force with or a .txt file: " BRUTEPASS; 356 | CHECK1=$(echo $BRUTEUSER | cut -d'.' -f2) 357 | CHECK2=$(echo $BRUTEPASS | cut -d'.' -f2) 358 | $echoLog "[+verbose] Checking to see if any files are .txt or not for brute forcing" 359 | if [ "$CHECK1" == "txt" ]; then 360 | u="U" 361 | elif [ "$CHECK1" != "txt" ]; then 362 | u="u" 363 | elif [ "$CHECK2" == "txt" ]; then 364 | p="P" 365 | elif [ "$CHECK2" != "txt" ]; then 366 | p="p" 367 | fi 368 | $echoLog "[+verbose] Running acccheck using creds user:$BRUTEUSER pass:$BRUTEPASS" 369 | acccheck -t $1 -$p $BRUTEPASS -$u $BRUTEUSER 370 | snapshot "smbbrute" 371 | exit 0;; 372 | --update) echo "[*] wsmb Version $VERSION" 373 | echo "[*] Updating WSMB" 374 | checkupdate 375 | echo "$git Git Version" 376 | echo "$VERSION Installed Version" 377 | #Uncomment below for debugging 378 | #echo "$ABSOLUTE_PATH" 379 | if [ "$update" != "1" ]; then 380 | exit 0; 381 | else 382 | echo "[*] Needs an update!" 383 | read -p "[*] Update script? Y/n: " CONDITION; 384 | if [ "$CONDITION" == "Y" ] || [ "$CONDITION" == "y" ] || [ -z "$CONDITION" ]; then 385 | git clone https://github.com/waldo-irc/SMBScan.git 386 | echo "[*] Installing to $ABSOLUTE_PATH" 387 | mv SMBScan/wsmb $ABSOLUTE_PATH 388 | echo "[*] Cleaning up" 389 | wait 390 | rm -R SMBScan 391 | echo "[*] Installed Version updated to $git" 392 | else 393 | echo "[*] Exiting, not updating from $VERSION" 394 | fi 395 | fi 396 | exit 0;; 397 | --version) checkupdate 398 | echo "[*] Version $VERSION" 399 | echo "[*] Exiting" 400 | exit 0;; 401 | -*) $echoLog "[+verbose] Running Help Menu" 402 | echo "[*] SMB Scanning Tool" 403 | echo "[*] Checks SMB for openings, no options scans against NSE scripts for vulns." 404 | echo "[*] Usage: wsmb -options" 405 | echo "options:" 406 | echo "-h, --help show brief help" 407 | echo "-l list SMB NSE Scripts" 408 | echo "-n Include NBTScan" 409 | echo "-e Include Enum4Linux Scan" 410 | echo "-map Enumerate with smbmap" 411 | echo "-sh or -sh='Share' List and login to an SMB Share" 412 | echo "-s Run a full subnet SMB Scan without Banner Grabbing" 413 | echo "-qs Run a quick SMB Scan" 414 | echo "-sb Run a full subnet SMB Scan with Banner Grabbing (slow scan)" 415 | echo "-c Run scan and empty directory" 416 | echo "-cx Empty dir without scan" 417 | echo "-brute Brute force SMB" 418 | echo "-i Do a full intensive scan of SMB on the machine" 419 | echo "-v Verbose output" 420 | echo "-vv Increase verbosity" 421 | echo "--update Updates WSMB" 422 | echo "--version Displays current wsmb Version and checks for updates" 423 | exit 0;; 424 | *) dir=$arg ;; #This line is required to pass the target when given. Gives anything given as an argument without a slash and passes it through to be used for the program. 425 | esac 426 | done 427 | 428 | direxist 429 | 430 | $echoLog "[+verbose] Running NMap NSE Scripts against target [<-]" 431 | #Finally, we take the IP here and run it against every SMB NSE Vuln script found on your host machine and output it into a file in our folder and grep to see if we found a vuln 432 | for a in $(loc); do 433 | nmap -p139,445 -script $a $1 --open > ~/Desktop/$host-SMBScan/NSE/$a.txt & 434 | $echoLog "[*] Running $a" 435 | wait 436 | if grep -q "VULNERABLE" ~/Desktop/$host-SMBScan/NSE/$a.txt; then 437 | echo "[!!] $1 Seems Vulnerable to $a!" 438 | fi 439 | done 440 | 441 | echo "[*] Executed Successfully! Check folder in ~/Desktop/$host-SMBScan for results" 442 | --------------------------------------------------------------------------------