{"id":96,"date":"2015-05-21T21:08:42","date_gmt":"2015-05-21T19:08:42","guid":{"rendered":"http:\/\/bastardo.de\/?p=96"},"modified":"2015-05-21T21:08:42","modified_gmt":"2015-05-21T19:08:42","slug":"smbscan-version-1-2","status":"publish","type":"post","link":"https:\/\/bastardo.de\/index.php\/2015\/05\/21\/smbscan-version-1-2\/","title":{"rendered":"SMBScan version 1.2"},"content":{"rendered":"<p>Simple Smb Scanner written in Bash for linux for newer systems with zmap support<br \/>\n<a href=\"https:\/\/bastardo.de\/wp-content\/uploads\/2015\/05\/smbscan-1.2.tar.gz\">smbscan-1.2.tar.gz<\/a><br \/>\n(Download all) for new systems (2015) with zmap and so on<br \/>\n&#8211; added zmap support<br \/>\n&#8211; replaced smbmount with mount<br \/>\n&#8211; removed dialog an whiptail<\/p>\n<pre class=\"brush:bash\">#!\/bin\/bash\n# This script scans smb servers a given network\n# and mounts anonymous shared directories\n# example: .\/smbscan.sh or .\/smbscan iprange\n# http:\/\/www.bastardo.de\/ \n\n# clean old temp files\nrm -f *.out\n\nif [ `id -u` -ne 0 ]; then\n  echo \"You must be root to use this script.\"\n  exit 1\nfi\n\nFILESYSTEM=cifs\nMNT=\/bin\/mount\nSMBC=\/usr\/bin\/smbclient\nNMBL=\/usr\/bin\/nmblookup\nNMAP=\/usr\/bin\/nmap\nGREP=\/bin\/grep\nSED=\/bin\/sed\nZMAP=\/usr\/sbin\/zmap\nCHARSET=\"iso8859-1\"\nTIMEOUT=2\nusage() { echo \"Usage: $0 [-z number of hosts (zmap)] [-n ip\/range (nmap)]\" 1&gt;&amp;2; exit 1; }\n\nwhile getopts \"n:z:\" opt; do\n  case \"$opt\" in\n    n)\n      echo \"using nmap with ${OPTARG}\" &gt;&amp;2\n      NMAPSCAN=1\n      test -x $NMAP || { echo -e 'nmap not found !';exit 1; }\n      IP=${OPTARG}\n      ;;\n    \n    z)\n      echo \"using zmap with ${OPTARG} hosts\" &gt;&amp;2\n      ZMAPSCAN=1\n      test -x $ZMAP || { echo -e 'zmap not found !';exit 1; }\n      z=${OPTARG}\n      ;;\n    h)\n      echo \"Invalid option: -$OPTARG\" &gt;&amp;2\n      usage\n      ;;\n    *)\n      echo \"Option -$OPTARG requires an argument. \" &gt;&amp;2\n      usage\n      exit 1\n      ;;\n  esac\n\ndone\n\nif [ -z $ZMAPSCAN ] &amp;&amp; [ -z $NMAPSCAN ]; then\n   usage\nfi\n\nshift $((OPTIND-1))\n\n\ntest -x $MNT || { echo -e 'mount not found !';exit 1; }\ntest -x $SMBC || { echo -e 'smbclient not found !';exit 1; }\ntest -x $NMBL || { echo -e 'nmblookup not found !';exit 1; }\ntest -x $GREP || { echo -e 'grep not found !';exit 1; }\ntest -x $SED || { echo -e 'sed not found !';exit 1; }\n\n\nfunction check_it(){\nSUM=0\nX=`cat .\/out | wc -c`\nSUM=`expr $SUM + $X`\n}\n        echo \"Written by cd ;)\"\n        echo \"Scan started against to $1 on port 139\"\n        echo \"This can take a while\"\n\n\nif [ \"$NMAPSCAN\" = 1 ] \n    then\n          echo \"search via nmap at ip\/range ${n} for hosts who has opened port 139\"\n      $NMAP -p 139 -PN -T 5 -sT -v -v $IP  -oG .\/$IP.out | $GREP Host\n      cat .\/$IP.out | $GREP \"139\/open\" | cut '-d ' -f 2 &gt; .\/out\nelse\n          echo \"search via zmap for ${z} hosts who has opened port 139\"\n      $ZMAP -N ${z} -p 139 -B 1M -q -o .\/out \n          sed -i '1d' .\/out #delete first line \"saddr\" for csv\nfi\nshift $((OPTIND-1))\n\n    \nrm -f .\/$IP.out\ncheck_it\n\nif [ $SUM = 0 ]\n    then \n    echo \"Sorry\n    No SMB Server found !\n        \n      Thanks for use ... \"\n   rm -f .\/out\n   exit 1\nfi\n\n    echo \"Please wait...\n      Searching 4 Shared Directories\"\nwhile read host ;\n    do\n    # Get Computer name\n    echo \"Try $host...\"\n        echo \"Searching Name via nmblookup (B)\"\n    name=`$NMBL -A $host | $GREP \"&lt;00&gt; -         B &lt;ACTIVE&gt;\" | awk '{print $1}'`\n\n    # Get Workgroup name\n    workgroup=`$NMBL -A $host | $GREP \"&lt;00&gt; - &lt;GROUP&gt;\" | awk '{print $1}'`\n\n    # if name not set so use this one\n    workgroup=${workgroup:=WORKGROUP}\n\n    name=${name:=IG_IT_IG_IT}\n\nif [ $name = \"IG_IT_IG_IT\" ]\n    then\n    echo \"Searching name via nmblookup (M)\"\n    name=`$NMBL -A $host | $GREP \"&lt;00&gt; -         M &lt;ACTIVE&gt;\" | awk '{print $1}'`\n    fi \n    name=${name:=NONAME}\n\nif [ $name = \"NONAME\" ]\n    then\n    echo \"Searching Name via nmblookup (H)\"\n    name=`$NMBL -A $host | $GREP \"&lt;00&gt; -         H &lt;ACTIVE&gt;\" | awk '{print $1}'`\n    fi\n    name=${name:=NO_NAME}\n\nif [ $name = \"NO_NAME\" ]\n    then\n    echo \"Searching Name via Smbclient ... using Servername\"\n    name=`$SMBC -N -L $host -g | grep Server | awk {'print $1'} | cut -d '|' -f 2`\n    fi\n    name=${name:=NAME_NOT_FOUND}\n\n\n    \n    # search for shared folders\n    echo \"looking for shared directorys on $host\"\n    # kill old sleep process\n    kill -9 `pidof sleep` 2&amp;&gt;1\n    $SMBC -W \"$workgroup\" -n \"fuckup\" -N  -L $host -g -p 139 | grep Disk | cut -f 2 -d '|'  &gt; .\/$host.shares \n        # set Timeout to kill connections that take to long 10 sec is ok i think\n    sleep $TIMEOUT || kill -9 `pidof $SMBC` 2&amp;&gt;1\n        \n        exist=0\n        while read LIST ;\n                do\n            exist=1\n            #make directory for the shares\n            mkdir -p .\/\"$name-$host\/$LIST\"\n            #add a logfile\n            #touch .\/\"$name-$host\/ip-is-$host\"\n                    $MNT -t cifs -o guest,iocharset=utf8,_netdev \/\/$host\/$LIST .\/$name-$host\/$LIST\n                    $MNT -t cifs -o user=nobody,iocharset=utf8,_netdev \/\/$host\/$LIST .\/$name-$host\/$LIST\n                    $MNT -t nfs $host:\/$LIST .\/$name-$host\/$LIST\n\n\n        echo \"trying to mount \/\/$host\/$LIST into .\/$name-$host\/$LIST\"\n        if [ $exist = 1 ]\n        then\n            #write some useful or not very useful informations into a log \n            echo \" \n            $name - $host\n            Last found: `date`\n            Mapped    : `df -h | grep $host`\" &gt;&gt; .\/\"$name-$host\/ip-is-$host\" \n        fi\n        done &lt; .\/$host.shares\n\nrm -f .\/$host.shares\ndone &lt; .\/out\n\nmount | $GREP $FILESYSTEM &gt; .\/mounts\n    echo \"\nSMBScan v 1.2 -&gt; listing mounted smb file systems\n\n`cat .\/mounts | more`\n\"\nrm -f .\/mounts\nrm -f .\/out<\/pre>\n<p>umountall.sh<\/p>\n<pre class=\"brush:bash\">#!\/bin\/sh\n#get forced\necho \"unmounting smb file systems (force)\"\numount -f *\/*\n<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>Simple Smb Scanner written in Bash for linux for newer systems with zmap support smbscan-1.2.tar.gz (Download all) for new systems (2015) with zmap and so on &#8211; added zmap support &#8211; replaced smbmount with mount &#8211; removed dialog an whiptail #!\/bin\/bash # This script scans smb servers a given network # and mounts anonymous shared [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-96","post","type-post","status-publish","format-standard","hentry","category-allgemein"],"_links":{"self":[{"href":"https:\/\/bastardo.de\/index.php\/wp-json\/wp\/v2\/posts\/96","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bastardo.de\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bastardo.de\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bastardo.de\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/bastardo.de\/index.php\/wp-json\/wp\/v2\/comments?post=96"}],"version-history":[{"count":0,"href":"https:\/\/bastardo.de\/index.php\/wp-json\/wp\/v2\/posts\/96\/revisions"}],"wp:attachment":[{"href":"https:\/\/bastardo.de\/index.php\/wp-json\/wp\/v2\/media?parent=96"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bastardo.de\/index.php\/wp-json\/wp\/v2\/categories?post=96"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bastardo.de\/index.php\/wp-json\/wp\/v2\/tags?post=96"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}