User Tools

Site Tools


Sidebar

Programming Reference/Librarys

Question & Answer

Q&A is closed







bash:examples:smbscan

smbscan.sh

Requirements
smbmount, smbclient,nmblookup (samba tools)
nmap (Network Mapper)
grep, sed, dialog

a smb scanner written in shell by me

smbscan.sh
#!/bin/bash
# This script scans smb servers a given network
# and mounts anonymous shared directories
# example: ./smbscan.sh or ./smbscan iprange
# http://www.code-reference.com/ 
 
# clean old temp files
#rm -f *.out
 
if [ `id -u` -ne 0 ]; then
  echo "You must be root to use this script."
  exit 1
fi
 
FILESYSTEM=cifs
SMBM=/usr/bin/smbmount
SMBC=/usr/bin/smbclient
NMBL=/usr/bin/nmblookup
NMAP=/usr/bin/nmap
GREP=/bin/grep
SED=/bin/sed
DIALOG=/usr/bin/dialog
#WHIP=/usr/bin/whiptail
CHARSET="iso8859-1"
# BUNT 1 = Console
# BUNT 0 = with Whiptail or dialog graphics
BUNT=1
TIMEOUT=5
 
#test -x $WHIP
test -x $DIALOG && DIALOG=$DIALOG
#test -x $WHIP || BUNT=0
test -x $SMBM || { echo -e 'smbmount not found !';exit 1; }
test -x $SMBC || { echo -e 'smbclient not found !';exit 1; }
test -x $NMBL || { echo -e 'nmblookup not found !';exit 1; }
test -x $NMAP || { echo -e 'nmap not found !';exit 1; }
test -x $GREP || { echo -e 'grep not found !';exit 1; }
test -x $SED || { echo -e 'sed not found !';exit 1; }
# hehe i know that suxx ;)
clear
 
function script_kiddie() {
if [ $BUNT -eq 1 ]
then
    echo "ScR1p7k1dDi3 Pr0t3c7 Sy5t3m v 1.1"
	else
	    $DIALOG --title "v 1.1" --infobox " ScR1p7k1dDi3 Pr0t3c7 Sy5t3m" 6 20
fi
exit 1 
}
script_kiddie
 
if [ $# -eq 1 ]
then
    echo "$1" > ./out
        else
	    $DIALOG --title "SMBscan v.1.1" --inputbox "                Written by cd ;)
 
Please enter IP range
e.g 10.0.0.1-24 or 10.0.1-255.5-30
or type ./smbscan 10.0.0.1-254
 
http://code-reference.com <- get newest version" 13 50 2> ./out
fi
 
function check_it(){
SUM=0
X=`cat ./out | wc -c`
SUM=`expr $SUM + $X`
}
if [ $BUNT -eq 1 ]
    then
#	test -e $1 || { echo -e "$0 [ip room]"; exit 1; }
	    echo "Written by cd ;)"
	    echo "Scan started against to $1 on port 139"
	    echo "This can take a while"
fi
 
check_it
IP=`cat ./out`
rm -f ./out
# i think that is the fastest, we whant to scan only 1 port ... not more 
$NMAP -p 139 -PN -T 5 -sT -v -v $IP  -oG ./$IP.out | $GREP Host
cat ./$IP.out | $GREP "139/open" | cut '-d ' -f 2 > ./out
rm -f ./$IP.out
check_it
if [ $SUM = 0 ]
    then 
	if [ $BUNT -eq 1 ]
	    then
echo "
    No SMB Server found.
 
      Thanks for use ..."
		rm -f ./out
		exit 1
		    else
			$DIALOG --title "Sorry" --infobox "
    No SMB Server found !
 
      Thanks for use ... " 7 30
			rm -f ./out
			exit 1
	fi
fi
 
if [ $BUNT -eq 1 ]
    then
	echo "Please wait...
      Searching 4 Shared Directories"
	else
	    $DIALOG --infobox "Please wait !
Searching 4 Shared Directories..." 5 40
fi
while read host ;
    do
	# Get Computer name
	echo "Try $host..."
        echo "Searching Name via nmblookup (B)"
	name=`$NMBL -A $host | $GREP "<00> -         B <ACTIVE>" | awk '{print $1}'`
 
	# Get Workgroup name
	workgroup=`$NMBL -A $host | $GREP "<00> - <GROUP>" | awk '{print $1}'`
 
	# if name not set so use this one
	workgroup=${workgroup:=WORKGROUP}
 
	name=${name:=IG_IT_IG_IT}
 
if [ $name = "IG_IT_IG_IT" ]
    then
	echo "Searching name via nmblookup (M)"
	name=`$NMBL -A $host | $GREP "<00> -         M <ACTIVE>" | awk '{print $1}'`
    fi 
    name=${name:=NONAME}
 
if [ $name = "NONAME" ]
    then
	echo "Searching Name via nmblookup (H)"
	name=`$NMBL -A $host | $GREP "<00> -         H <ACTIVE>" | awk '{print $1}'`
    fi
    name=${name:=NO_NAME}
 
if [ $name = "NO_NAME" ]
    then
	echo "Searching Name via Smbclient ... using Servername"
	name=`$SMBC -N -L $host -g | grep Server | awk {'print $1'} | cut -d '|' -f 2`
    fi
    name=${name:=NAME_NOT_FOUND}
 
 
 
	# search for shared folders
	echo "looking for shared directorys on $host"
	# kill old sleep process
	kill -9 `pidof sleep` 2&>1
	$SMBC -W "$workgroup" -n "fuckup" -N  -L $host -g -p 139 | grep Disk | cut -f 2 -d '|'  > ./$host.shares 
        # set Timeout to kill connections that take to long 10 sec is ok i think
	sleep $TIMEOUT || kill -9 `pidof $SMBC` 2&>1
 
	    exist=0
	    while read LIST ;
	    		do
		    exist=1
		    #make directory for the shares
		    mkdir -p ./"$name-$host/$LIST"
		    #add a logfile
		    #touch ./"$name-$host/ip-is-$host"
		    $SMBM "//$host/$LIST" "./$name-$host/$LIST" -o defaults,guest,iocharset=utf8
 
			if [ $BUNT -eq 1 ]
			    then
				echo "trying to mount //$host/$LIST into ./$name-$host/$LIST"
			    else
				$DIALOG --infobox  "trying to mount //$host/$LIST into ./$name/$LIST" 10 60
			fi
		if [ $exist = 1 ]
		then
		    #write some useful or not very useful informations into a log 
		    echo " 
		    $name - $host
		    Last found: `date`
		    Mapped    : `df -h | grep $host`" >> ./"$name-$host/ip-is-$host" 
		fi
	    done < ./$host.shares
#	    echo `mount | $GREP cifs | grep $host` >> ./"$name-$host/ip-is-$host"
 
rm -f ./$host.shares
done < ./out
 
mount | $GREP $FILESYSTEM > ./mounts
if [ $BUNT -eq 1 ]
    then
	echo "
SMBScan v 1.1 -> listing mounted smb file systems
 
`cat ./mounts | more`
"
    else
	$DIALOG --title "SMBScan v 1.1 -> listing mounted smb file systems" --textbox mounts 10 60
fi
rm -f ./mounts
rm -f ./out


and the umount script for this smb scanner

umountall.sh
#!/bin/sh
#get forced
echo "unmounting smb file systems (force)"
umount */*/*
#umount `mount | grep smbfs | awk '{print $3}'`
kill -9 `ps aux | grep mount.cifs | awk '{print $2}'`

on the occasion of the current invasion of Russia in Ukraine

Russian Stop this War
bash/examples/smbscan.txt · Last modified: 2024/02/16 01:04 (external edit)

Impressum Datenschutz