bash:examples:smbscan
Differences
This shows you the differences between two versions of the page.
|
bash:examples:smbscan [2013/01/10 10:14] 158.181.88.241 |
bash:examples:smbscan [2024/02/16 01:04] (current) |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | ====== smbscan.sh ====== | ||
| + | |||
| + | Requirements\\ | ||
| + | smbmount, smbclient,nmblookup (samba tools)\\ | ||
| + | nmap (Network Mapper)\\ | ||
| + | grep, sed, dialog\\ | ||
| + | |||
| + | |||
| + | a smb scanner written in shell by me \\ | ||
| + | <file bash smbscan.sh> | ||
| + | #!/bin/bash | ||
| + | # This script scans smb servers a given network | ||
| + | # and mounts anonymous shared directories | ||
| + | # example: ./smbscan.sh or ./smbscan iprange | ||
| + | # http://www.code-reference.com/ | ||
| + | |||
| + | # clean old temp files | ||
| + | #rm -f *.out | ||
| + | |||
| + | if [ `id -u` -ne 0 ]; then | ||
| + | echo "You must be root to use this script." | ||
| + | exit 1 | ||
| + | fi | ||
| + | |||
| + | FILESYSTEM=cifs | ||
| + | SMBM=/usr/bin/smbmount | ||
| + | SMBC=/usr/bin/smbclient | ||
| + | NMBL=/usr/bin/nmblookup | ||
| + | NMAP=/usr/bin/nmap | ||
| + | GREP=/bin/grep | ||
| + | SED=/bin/sed | ||
| + | DIALOG=/usr/bin/dialog | ||
| + | #WHIP=/usr/bin/whiptail | ||
| + | CHARSET="iso8859-1" | ||
| + | # BUNT 1 = Console | ||
| + | # BUNT 0 = with Whiptail or dialog graphics | ||
| + | BUNT=1 | ||
| + | TIMEOUT=5 | ||
| + | |||
| + | #test -x $WHIP | ||
| + | test -x $DIALOG && DIALOG=$DIALOG | ||
| + | #test -x $WHIP || BUNT=0 | ||
| + | test -x $SMBM || { echo -e 'smbmount not found !';exit 1; } | ||
| + | test -x $SMBC || { echo -e 'smbclient not found !';exit 1; } | ||
| + | test -x $NMBL || { echo -e 'nmblookup not found !';exit 1; } | ||
| + | test -x $NMAP || { echo -e 'nmap not found !';exit 1; } | ||
| + | test -x $GREP || { echo -e 'grep not found !';exit 1; } | ||
| + | test -x $SED || { echo -e 'sed not found !';exit 1; } | ||
| + | # hehe i know that suxx ;) | ||
| + | clear | ||
| + | |||
| + | function script_kiddie() { | ||
| + | if [ $BUNT -eq 1 ] | ||
| + | then | ||
| + | echo "ScR1p7k1dDi3 Pr0t3c7 Sy5t3m v 1.1" | ||
| + | else | ||
| + | $DIALOG --title "v 1.1" --infobox " ScR1p7k1dDi3 Pr0t3c7 Sy5t3m" 6 20 | ||
| + | fi | ||
| + | exit 1 | ||
| + | } | ||
| + | script_kiddie | ||
| + | |||
| + | if [ $# -eq 1 ] | ||
| + | then | ||
| + | echo "$1" > ./out | ||
| + | else | ||
| + | $DIALOG --title "SMBscan v.1.1" --inputbox " Written by cd ;) | ||
| + | |||
| + | Please enter IP range | ||
| + | e.g 10.0.0.1-24 or 10.0.1-255.5-30 | ||
| + | or type ./smbscan 10.0.0.1-254 | ||
| + | |||
| + | http://code-reference.com <- get newest version" 13 50 2> ./out | ||
| + | fi | ||
| + | |||
| + | function check_it(){ | ||
| + | SUM=0 | ||
| + | X=`cat ./out | wc -c` | ||
| + | SUM=`expr $SUM + $X` | ||
| + | } | ||
| + | if [ $BUNT -eq 1 ] | ||
| + | then | ||
| + | # test -e $1 || { echo -e "$0 [ip room]"; exit 1; } | ||
| + | echo "Written by cd ;)" | ||
| + | echo "Scan started against to $1 on port 139" | ||
| + | echo "This can take a while" | ||
| + | fi | ||
| + | |||
| + | check_it | ||
| + | IP=`cat ./out` | ||
| + | rm -f ./out | ||
| + | # i think that is the fastest, we whant to scan only 1 port ... not more | ||
| + | $NMAP -p 139 -PN -T 5 -sT -v -v $IP -oG ./$IP.out | $GREP Host | ||
| + | cat ./$IP.out | $GREP "139/open" | cut '-d ' -f 2 > ./out | ||
| + | rm -f ./$IP.out | ||
| + | check_it | ||
| + | if [ $SUM = 0 ] | ||
| + | then | ||
| + | if [ $BUNT -eq 1 ] | ||
| + | then | ||
| + | echo " | ||
| + | No SMB Server found. | ||
| + | |||
| + | Thanks for use ..." | ||
| + | rm -f ./out | ||
| + | exit 1 | ||
| + | else | ||
| + | $DIALOG --title "Sorry" --infobox " | ||
| + | No SMB Server found ! | ||
| + | |||
| + | Thanks for use ... " 7 30 | ||
| + | rm -f ./out | ||
| + | exit 1 | ||
| + | fi | ||
| + | fi | ||
| + | |||
| + | if [ $BUNT -eq 1 ] | ||
| + | then | ||
| + | echo "Please wait... | ||
| + | Searching 4 Shared Directories" | ||
| + | else | ||
| + | $DIALOG --infobox "Please wait ! | ||
| + | Searching 4 Shared Directories..." 5 40 | ||
| + | fi | ||
| + | while read host ; | ||
| + | do | ||
| + | # Get Computer name | ||
| + | echo "Try $host..." | ||
| + | echo "Searching Name via nmblookup (B)" | ||
| + | name=`$NMBL -A $host | $GREP "<00> - B <ACTIVE>" | awk '{print $1}'` | ||
| + | |||
| + | # Get Workgroup name | ||
| + | workgroup=`$NMBL -A $host | $GREP "<00> - <GROUP>" | awk '{print $1}'` | ||
| + | |||
| + | # if name not set so use this one | ||
| + | workgroup=${workgroup:=WORKGROUP} | ||
| + | |||
| + | name=${name:=IG_IT_IG_IT} | ||
| + | |||
| + | if [ $name = "IG_IT_IG_IT" ] | ||
| + | then | ||
| + | echo "Searching name via nmblookup (M)" | ||
| + | name=`$NMBL -A $host | $GREP "<00> - M <ACTIVE>" | awk '{print $1}'` | ||
| + | fi | ||
| + | name=${name:=NONAME} | ||
| + | |||
| + | if [ $name = "NONAME" ] | ||
| + | then | ||
| + | echo "Searching Name via nmblookup (H)" | ||
| + | name=`$NMBL -A $host | $GREP "<00> - H <ACTIVE>" | awk '{print $1}'` | ||
| + | fi | ||
| + | name=${name:=NO_NAME} | ||
| + | |||
| + | if [ $name = "NO_NAME" ] | ||
| + | then | ||
| + | echo "Searching Name via Smbclient ... using Servername" | ||
| + | name=`$SMBC -N -L $host -g | grep Server | awk {'print $1'} | cut -d '|' -f 2` | ||
| + | fi | ||
| + | name=${name:=NAME_NOT_FOUND} | ||
| + | |||
| + | |||
| + | |||
| + | # search for shared folders | ||
| + | echo "looking for shared directorys on $host" | ||
| + | # kill old sleep process | ||
| + | kill -9 `pidof sleep` 2&>1 | ||
| + | $SMBC -W "$workgroup" -n "fuckup" -N -L $host -g -p 139 | grep Disk | cut -f 2 -d '|' > ./$host.shares | ||
| + | # set Timeout to kill connections that take to long 10 sec is ok i think | ||
| + | sleep $TIMEOUT || kill -9 `pidof $SMBC` 2&>1 | ||
| + | |||
| + | exist=0 | ||
| + | while read LIST ; | ||
| + | do | ||
| + | exist=1 | ||
| + | #make directory for the shares | ||
| + | mkdir -p ./"$name-$host/$LIST" | ||
| + | #add a logfile | ||
| + | #touch ./"$name-$host/ip-is-$host" | ||
| + | $SMBM "//$host/$LIST" "./$name-$host/$LIST" -o defaults,guest,iocharset=utf8 | ||
| + | |||
| + | if [ $BUNT -eq 1 ] | ||
| + | then | ||
| + | echo "trying to mount //$host/$LIST into ./$name-$host/$LIST" | ||
| + | else | ||
| + | $DIALOG --infobox "trying to mount //$host/$LIST into ./$name/$LIST" 10 60 | ||
| + | fi | ||
| + | if [ $exist = 1 ] | ||
| + | then | ||
| + | #write some useful or not very useful informations into a log | ||
| + | echo " | ||
| + | $name - $host | ||
| + | Last found: `date` | ||
| + | Mapped : `df -h | grep $host`" >> ./"$name-$host/ip-is-$host" | ||
| + | fi | ||
| + | done < ./$host.shares | ||
| + | # echo `mount | $GREP cifs | grep $host` >> ./"$name-$host/ip-is-$host" | ||
| + | |||
| + | rm -f ./$host.shares | ||
| + | done < ./out | ||
| + | |||
| + | mount | $GREP $FILESYSTEM > ./mounts | ||
| + | if [ $BUNT -eq 1 ] | ||
| + | then | ||
| + | echo " | ||
| + | SMBScan v 1.1 -> listing mounted smb file systems | ||
| + | |||
| + | `cat ./mounts | more` | ||
| + | " | ||
| + | else | ||
| + | $DIALOG --title "SMBScan v 1.1 -> listing mounted smb file systems" --textbox mounts 10 60 | ||
| + | fi | ||
| + | rm -f ./mounts | ||
| + | rm -f ./out | ||
| + | </file> | ||
| + | \\ | ||
| + | and the umount script for this smb scanner\\ | ||
| + | \\ | ||
| + | <file bash umountall.sh> | ||
| + | #!/bin/sh | ||
| + | #get forced | ||
| + | echo "unmounting smb file systems (force)" | ||
| + | umount */*/* | ||
| + | #umount `mount | grep smbfs | awk '{print $3}'` | ||
| + | kill -9 `ps aux | grep mount.cifs | awk '{print $2}'` | ||
| + | </file> | ||
on the occasion of the current invasion of Russia in Ukraine
bash/examples/smbscan.txt · Last modified: 2024/02/16 01:04 (external edit)
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 3.0 Unported
