User Tools

Site Tools


bash:examples:smbscan
click
to support this page (eg 0,42 € or so) Thanks.

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

bash:examples:smbscan [2013/01/10 10:14]
158.181.88.241
bash:examples:smbscan [2013/01/10 10:15] (current)
158.181.88.241
Line 1: Line 1:
 +====== smbscan.sh ======
 +
 +Requirements\\
 +smbmount, smbclient,nmblookup (samba tools)\\
 +nmap (Network Mapper)\\
 +grep, sed, dialog\\
 +
 +
 + a smb scanner written in shell by me \\
 +<file bash smbscan.sh>
 +#!/bin/bash
 +# This script scans smb servers a given network
 +# and mounts anonymous shared directories
 +# example: ./smbscan.sh or ./smbscan iprange
 +# http://www.code-reference.com/ 
 +
 +# clean old temp files
 +#rm -f *.out
 +
 +if [ `id -u` -ne 0 ]; then
 +  echo "You must be root to use this script."
 +  exit 1
 +fi
 +
 +FILESYSTEM=cifs
 +SMBM=/usr/bin/smbmount
 +SMBC=/usr/bin/smbclient
 +NMBL=/usr/bin/nmblookup
 +NMAP=/usr/bin/nmap
 +GREP=/bin/grep
 +SED=/bin/sed
 +DIALOG=/usr/bin/dialog
 +#WHIP=/usr/bin/whiptail
 +CHARSET="iso8859-1"
 +# BUNT 1 = Console
 +# BUNT 0 = with Whiptail or dialog graphics
 +BUNT=1
 +TIMEOUT=5
 +
 +#test -x $WHIP
 +test -x $DIALOG && DIALOG=$DIALOG
 +#test -x $WHIP || BUNT=0
 +test -x $SMBM || { echo -e 'smbmount not found !';exit 1; }
 +test -x $SMBC || { echo -e 'smbclient not found !';exit 1; }
 +test -x $NMBL || { echo -e 'nmblookup not found !';exit 1; }
 +test -x $NMAP || { echo -e 'nmap not found !';exit 1; }
 +test -x $GREP || { echo -e 'grep not found !';exit 1; }
 +test -x $SED || { echo -e 'sed not found !';exit 1; }
 +# hehe i know that suxx ;)
 +clear
 +
 +function script_kiddie() {
 +if [ $BUNT -eq 1 ]
 +then
 +    echo "ScR1p7k1dDi3 Pr0t3c7 Sy5t3m v 1.1"
 + else
 +     $DIALOG --title "v 1.1" --infobox " ScR1p7k1dDi3 Pr0t3c7 Sy5t3m" 6 20
 +fi
 +exit 1 
 +}
 +script_kiddie
 +
 +if [ $# -eq 1 ]
 +then
 +    echo "$1" > ./out
 +        else
 +     $DIALOG --title "SMBscan v.1.1" --inputbox "                Written by cd ;)
 +
 +Please enter IP range
 +e.g 10.0.0.1-24 or 10.0.1-255.5-30
 +or type ./smbscan 10.0.0.1-254
 +
 +http://code-reference.com <- get newest version" 13 50 2> ./out
 +fi
 +
 +function check_it(){
 +SUM=0
 +X=`cat ./out | wc -c`
 +SUM=`expr $SUM + $X`
 +}
 +if [ $BUNT -eq 1 ]
 +    then
 +# test -e $1 || { echo -e "$0 [ip room]"; exit 1; }
 +     echo "Written by cd ;)"
 +     echo "Scan started against to $1 on port 139"
 +     echo "This can take a while"
 +fi
 +
 +check_it
 +IP=`cat ./out`
 +rm -f ./out
 +# i think that is the fastest, we whant to scan only 1 port ... not more 
 +$NMAP -p 139 -PN -T 5 -sT -v -v $IP  -oG ./$IP.out | $GREP Host
 +cat ./$IP.out | $GREP "139/open" | cut '-d ' -f 2 > ./out
 +rm -f ./$IP.out
 +check_it
 +if [ $SUM = 0 ]
 +    then 
 + if [ $BUNT -eq 1 ]
 +     then
 +echo "
 +    No SMB Server found.
 +
 +      Thanks for use ..."
 + rm -f ./out
 + exit 1
 +     else
 + $DIALOG --title "Sorry" --infobox "
 +    No SMB Server found !
 +     
 +      Thanks for use ... " 7 30
 + rm -f ./out
 + exit 1
 + fi
 +fi
 +
 +if [ $BUNT -eq 1 ]
 +    then
 + echo "Please wait...
 +      Searching 4 Shared Directories"
 + else
 +     $DIALOG --infobox "Please wait !
 +Searching 4 Shared Directories..." 5 40
 +fi
 +while read host ;
 +    do
 + # Get Computer name
 + echo "Try $host..."
 +        echo "Searching Name via nmblookup (B)"
 + name=`$NMBL -A $host | $GREP "<00> -         B <ACTIVE>" | awk '{print $1}'`
 +
 + # Get Workgroup name
 + workgroup=`$NMBL -A $host | $GREP "<00> - <GROUP>" | awk '{print $1}'`
 +
 + # if name not set so use this one
 + workgroup=${workgroup:=WORKGROUP}
 +
 + name=${name:=IG_IT_IG_IT}
 +
 +if [ $name = "IG_IT_IG_IT" ]
 +    then
 + echo "Searching name via nmblookup (M)"
 + name=`$NMBL -A $host | $GREP "<00> -         M <ACTIVE>" | awk '{print $1}'`
 +    fi 
 +    name=${name:=NONAME}
 +
 +if [ $name = "NONAME" ]
 +    then
 + echo "Searching Name via nmblookup (H)"
 + name=`$NMBL -A $host | $GREP "<00> -         H <ACTIVE>" | awk '{print $1}'`
 +    fi
 +    name=${name:=NO_NAME}
 +
 +if [ $name = "NO_NAME" ]
 +    then
 + echo "Searching Name via Smbclient ... using Servername"
 + name=`$SMBC -N -L $host -g | grep Server | awk {'print $1'} | cut -d '|' -f 2`
 +    fi
 +    name=${name:=NAME_NOT_FOUND}
 +
 +
 +
 + # search for shared folders
 + echo "looking for shared directorys on $host"
 + # kill old sleep process
 + kill -9 `pidof sleep` 2&>1
 + $SMBC -W "$workgroup" -n "fuckup" -N  -L $host -g -p 139 | grep Disk | cut -f 2 -d '|'  > ./$host.shares 
 +        # set Timeout to kill connections that take to long 10 sec is ok i think
 + sleep $TIMEOUT || kill -9 `pidof $SMBC` 2&>1
 +     
 +     exist=0
 +     while read LIST ;
 +     do
 +     exist=1
 +     #make directory for the shares
 +     mkdir -p ./"$name-$host/$LIST"
 +     #add a logfile
 +     #touch ./"$name-$host/ip-is-$host"
 +     $SMBM "//$host/$LIST" "./$name-$host/$LIST" -o defaults,guest,iocharset=utf8
 +
 + if [ $BUNT -eq 1 ]
 +     then
 + echo "trying to mount //$host/$LIST into ./$name-$host/$LIST"
 +     else
 + $DIALOG --infobox  "trying to mount //$host/$LIST into ./$name/$LIST" 10 60
 + fi
 + if [ $exist = 1 ]
 + then
 +     #write some useful or not very useful informations into a log 
 +     echo " 
 +     $name - $host
 +     Last found: `date`
 +     Mapped    : `df -h | grep $host`" >> ./"$name-$host/ip-is-$host" 
 + fi
 +     done < ./$host.shares
 +#     echo `mount | $GREP cifs | grep $host` >> ./"$name-$host/ip-is-$host"
 +
 +rm -f ./$host.shares
 +done < ./out
 +
 +mount | $GREP $FILESYSTEM > ./mounts
 +if [ $BUNT -eq 1 ]
 +    then
 + echo "
 +SMBScan v 1.1 -> listing mounted smb file systems
 +
 +`cat ./mounts | more`
 +"
 +    else
 + $DIALOG --title "SMBScan v 1.1 -> listing mounted smb file systems" --textbox mounts 10 60
 +fi
 +rm -f ./mounts
 +rm -f ./out
 +</file>
 +\\
 +and the umount script for this smb scanner\\
 +\\
 +<file bash umountall.sh>
 +#!/bin/sh
 +#get forced
 +echo "unmounting smb file systems (force)"
 +umount */*/*
 +#umount `mount | grep smbfs | awk '{print $3}'`
 +kill -9 `ps aux | grep mount.cifs | awk '{print $2}'`
 +</file>
  
advertising
bash/examples/smbscan.txt · Last modified: 2013/01/10 10:15 by 158.181.88.241

Impressum