This shows you the differences between two versions of the page.
bash:examples:smbscan [2013/01/10 10:15] 158.181.88.241 |
bash:examples:smbscan [2024/02/16 01:04] (current) |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== smbscan.sh ====== | ||
+ | |||
+ | Requirements\\ | ||
+ | smbmount, smbclient,nmblookup (samba tools)\\ | ||
+ | nmap (Network Mapper)\\ | ||
+ | grep, sed, dialog\\ | ||
+ | |||
+ | |||
+ | a smb scanner written in shell by me \\ | ||
+ | <file bash smbscan.sh> | ||
+ | #!/bin/bash | ||
+ | # This script scans smb servers a given network | ||
+ | # and mounts anonymous shared directories | ||
+ | # example: ./smbscan.sh or ./smbscan iprange | ||
+ | # http://www.code-reference.com/ | ||
+ | |||
+ | # clean old temp files | ||
+ | #rm -f *.out | ||
+ | |||
+ | if [ `id -u` -ne 0 ]; then | ||
+ | echo "You must be root to use this script." | ||
+ | exit 1 | ||
+ | fi | ||
+ | |||
+ | FILESYSTEM=cifs | ||
+ | SMBM=/usr/bin/smbmount | ||
+ | SMBC=/usr/bin/smbclient | ||
+ | NMBL=/usr/bin/nmblookup | ||
+ | NMAP=/usr/bin/nmap | ||
+ | GREP=/bin/grep | ||
+ | SED=/bin/sed | ||
+ | DIALOG=/usr/bin/dialog | ||
+ | #WHIP=/usr/bin/whiptail | ||
+ | CHARSET="iso8859-1" | ||
+ | # BUNT 1 = Console | ||
+ | # BUNT 0 = with Whiptail or dialog graphics | ||
+ | BUNT=1 | ||
+ | TIMEOUT=5 | ||
+ | |||
+ | #test -x $WHIP | ||
+ | test -x $DIALOG && DIALOG=$DIALOG | ||
+ | #test -x $WHIP || BUNT=0 | ||
+ | test -x $SMBM || { echo -e 'smbmount not found !';exit 1; } | ||
+ | test -x $SMBC || { echo -e 'smbclient not found !';exit 1; } | ||
+ | test -x $NMBL || { echo -e 'nmblookup not found !';exit 1; } | ||
+ | test -x $NMAP || { echo -e 'nmap not found !';exit 1; } | ||
+ | test -x $GREP || { echo -e 'grep not found !';exit 1; } | ||
+ | test -x $SED || { echo -e 'sed not found !';exit 1; } | ||
+ | # hehe i know that suxx ;) | ||
+ | clear | ||
+ | |||
+ | function script_kiddie() { | ||
+ | if [ $BUNT -eq 1 ] | ||
+ | then | ||
+ | echo "ScR1p7k1dDi3 Pr0t3c7 Sy5t3m v 1.1" | ||
+ | else | ||
+ | $DIALOG --title "v 1.1" --infobox " ScR1p7k1dDi3 Pr0t3c7 Sy5t3m" 6 20 | ||
+ | fi | ||
+ | exit 1 | ||
+ | } | ||
+ | script_kiddie | ||
+ | |||
+ | if [ $# -eq 1 ] | ||
+ | then | ||
+ | echo "$1" > ./out | ||
+ | else | ||
+ | $DIALOG --title "SMBscan v.1.1" --inputbox " Written by cd ;) | ||
+ | |||
+ | Please enter IP range | ||
+ | e.g 10.0.0.1-24 or 10.0.1-255.5-30 | ||
+ | or type ./smbscan 10.0.0.1-254 | ||
+ | |||
+ | http://code-reference.com <- get newest version" 13 50 2> ./out | ||
+ | fi | ||
+ | |||
+ | function check_it(){ | ||
+ | SUM=0 | ||
+ | X=`cat ./out | wc -c` | ||
+ | SUM=`expr $SUM + $X` | ||
+ | } | ||
+ | if [ $BUNT -eq 1 ] | ||
+ | then | ||
+ | # test -e $1 || { echo -e "$0 [ip room]"; exit 1; } | ||
+ | echo "Written by cd ;)" | ||
+ | echo "Scan started against to $1 on port 139" | ||
+ | echo "This can take a while" | ||
+ | fi | ||
+ | |||
+ | check_it | ||
+ | IP=`cat ./out` | ||
+ | rm -f ./out | ||
+ | # i think that is the fastest, we whant to scan only 1 port ... not more | ||
+ | $NMAP -p 139 -PN -T 5 -sT -v -v $IP -oG ./$IP.out | $GREP Host | ||
+ | cat ./$IP.out | $GREP "139/open" | cut '-d ' -f 2 > ./out | ||
+ | rm -f ./$IP.out | ||
+ | check_it | ||
+ | if [ $SUM = 0 ] | ||
+ | then | ||
+ | if [ $BUNT -eq 1 ] | ||
+ | then | ||
+ | echo " | ||
+ | No SMB Server found. | ||
+ | |||
+ | Thanks for use ..." | ||
+ | rm -f ./out | ||
+ | exit 1 | ||
+ | else | ||
+ | $DIALOG --title "Sorry" --infobox " | ||
+ | No SMB Server found ! | ||
+ | |||
+ | Thanks for use ... " 7 30 | ||
+ | rm -f ./out | ||
+ | exit 1 | ||
+ | fi | ||
+ | fi | ||
+ | |||
+ | if [ $BUNT -eq 1 ] | ||
+ | then | ||
+ | echo "Please wait... | ||
+ | Searching 4 Shared Directories" | ||
+ | else | ||
+ | $DIALOG --infobox "Please wait ! | ||
+ | Searching 4 Shared Directories..." 5 40 | ||
+ | fi | ||
+ | while read host ; | ||
+ | do | ||
+ | # Get Computer name | ||
+ | echo "Try $host..." | ||
+ | echo "Searching Name via nmblookup (B)" | ||
+ | name=`$NMBL -A $host | $GREP "<00> - B <ACTIVE>" | awk '{print $1}'` | ||
+ | |||
+ | # Get Workgroup name | ||
+ | workgroup=`$NMBL -A $host | $GREP "<00> - <GROUP>" | awk '{print $1}'` | ||
+ | |||
+ | # if name not set so use this one | ||
+ | workgroup=${workgroup:=WORKGROUP} | ||
+ | |||
+ | name=${name:=IG_IT_IG_IT} | ||
+ | |||
+ | if [ $name = "IG_IT_IG_IT" ] | ||
+ | then | ||
+ | echo "Searching name via nmblookup (M)" | ||
+ | name=`$NMBL -A $host | $GREP "<00> - M <ACTIVE>" | awk '{print $1}'` | ||
+ | fi | ||
+ | name=${name:=NONAME} | ||
+ | |||
+ | if [ $name = "NONAME" ] | ||
+ | then | ||
+ | echo "Searching Name via nmblookup (H)" | ||
+ | name=`$NMBL -A $host | $GREP "<00> - H <ACTIVE>" | awk '{print $1}'` | ||
+ | fi | ||
+ | name=${name:=NO_NAME} | ||
+ | |||
+ | if [ $name = "NO_NAME" ] | ||
+ | then | ||
+ | echo "Searching Name via Smbclient ... using Servername" | ||
+ | name=`$SMBC -N -L $host -g | grep Server | awk {'print $1'} | cut -d '|' -f 2` | ||
+ | fi | ||
+ | name=${name:=NAME_NOT_FOUND} | ||
+ | |||
+ | |||
+ | |||
+ | # search for shared folders | ||
+ | echo "looking for shared directorys on $host" | ||
+ | # kill old sleep process | ||
+ | kill -9 `pidof sleep` 2&>1 | ||
+ | $SMBC -W "$workgroup" -n "fuckup" -N -L $host -g -p 139 | grep Disk | cut -f 2 -d '|' > ./$host.shares | ||
+ | # set Timeout to kill connections that take to long 10 sec is ok i think | ||
+ | sleep $TIMEOUT || kill -9 `pidof $SMBC` 2&>1 | ||
+ | |||
+ | exist=0 | ||
+ | while read LIST ; | ||
+ | do | ||
+ | exist=1 | ||
+ | #make directory for the shares | ||
+ | mkdir -p ./"$name-$host/$LIST" | ||
+ | #add a logfile | ||
+ | #touch ./"$name-$host/ip-is-$host" | ||
+ | $SMBM "//$host/$LIST" "./$name-$host/$LIST" -o defaults,guest,iocharset=utf8 | ||
+ | |||
+ | if [ $BUNT -eq 1 ] | ||
+ | then | ||
+ | echo "trying to mount //$host/$LIST into ./$name-$host/$LIST" | ||
+ | else | ||
+ | $DIALOG --infobox "trying to mount //$host/$LIST into ./$name/$LIST" 10 60 | ||
+ | fi | ||
+ | if [ $exist = 1 ] | ||
+ | then | ||
+ | #write some useful or not very useful informations into a log | ||
+ | echo " | ||
+ | $name - $host | ||
+ | Last found: `date` | ||
+ | Mapped : `df -h | grep $host`" >> ./"$name-$host/ip-is-$host" | ||
+ | fi | ||
+ | done < ./$host.shares | ||
+ | # echo `mount | $GREP cifs | grep $host` >> ./"$name-$host/ip-is-$host" | ||
+ | |||
+ | rm -f ./$host.shares | ||
+ | done < ./out | ||
+ | |||
+ | mount | $GREP $FILESYSTEM > ./mounts | ||
+ | if [ $BUNT -eq 1 ] | ||
+ | then | ||
+ | echo " | ||
+ | SMBScan v 1.1 -> listing mounted smb file systems | ||
+ | |||
+ | `cat ./mounts | more` | ||
+ | " | ||
+ | else | ||
+ | $DIALOG --title "SMBScan v 1.1 -> listing mounted smb file systems" --textbox mounts 10 60 | ||
+ | fi | ||
+ | rm -f ./mounts | ||
+ | rm -f ./out | ||
+ | </file> | ||
+ | \\ | ||
+ | and the umount script for this smb scanner\\ | ||
+ | \\ | ||
+ | <file bash umountall.sh> | ||
+ | #!/bin/sh | ||
+ | #get forced | ||
+ | echo "unmounting smb file systems (force)" | ||
+ | umount */*/* | ||
+ | #umount `mount | grep smbfs | awk '{print $3}'` | ||
+ | kill -9 `ps aux | grep mount.cifs | awk '{print $2}'` | ||
+ | </file> | ||