2

I have a case where I need to find all connectable shares on my network, and preferably as much information about the share possible. I could do this manually but its quite a big network and it would be too slow.

If I did it manually Im guessing I would do something like

net view net use //hostname <browse it manually>

This would however not give me hidden shares so its not a viable option.

Does anyone know of a tool which can help me out in this case? I already tried Sysinternals ShareEnum but it did not work properly. It did a half decent job, but it gave me access denied on tons of shares that was actually open.

Any tips in how I can script this is also appriciated.

Thank you

Improve this question
0

1 Answer 1

Reset to default
7

Use nmap + nmap scripts: http://nmap.org/nsedoc/scripts/smb-enum-shares.html

"sudo nmap -sU -sS --script smb-enum-shares.nse -p U:137,T:139 "

Or stack the options:

nmap -v -sU -sS --min-hostgroup 50 --script=smb-os-discovery --script=smbv2-enabled --script=smb-enum-domains --script=smb-enum-groups --script=smb-enum-processes --script=smb-enum-sessions --script=smb-enum-users --script=smb-security-mode --script=smb-server-stats --script=smb-system-info -p 137,139,445 -oA nmap.smb.scripts.scan.results 10.10.10.10/24

List of all the nmap scripts: http://www.nmap.org/nsedoc/

Improve this answer
0

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.