scripts/smb-version at master · sidaf/scripts · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
#!/usr/bin/env python3

import argparse
import sys
from concurrent.futures import ThreadPoolExecutor as PoolExecutor
from netaddr import *

from impacket.dcerpc.v5 import samr, transport, srvs
from impacket.dcerpc.v5.dtypes import NULL
from impacket.smbconnection import *

## FUNCTIONS

def is_ntlm(password):
    try:
        if len(password.split(':')) == 2:
            lm, ntlm = password.split(':')
            if len(lm) == 32 and len(ntlm) == 32:
                return True
            else:
                return False
    except Exception as e:
        return False

def list_details(host, username, password, domain, check_access):
    try:
        smb = SMBConnection(host, host, sess_port=445, timeout=4)
        if is_ntlm(password):
            lmhash, nthash = password.split(':')
            smb.login(username, '', domain=domain,lmhash=lmhash, nthash=nthash)
        else:
            smb.login(username, password, domain=domain)
    except Exception as e:
        sys.stderr.write('[!] %s : %s\n' % (host, e))
        return

    server = smb.getSMBServer()

    sys.stdout.write(f"{host},{share_name}\n")
    sys.stdout.flush()

    smb.logoff()

## MAIN

# parse the arguments
parser = argparse.ArgumentParser(description='List shares on target hosts')
parser.add_argument('-u','--user',help='SMB user to connect with', default='', required=False)
parser.add_argument('-p','--password',help='SMB password to connect with', default='', required=False)
parser.add_argument('-d','--domain',help='SMB domain to connect with', default='', required=False)
parser.add_argument('-t','--threads',help='Number of threads (Default: 10)', default=10, required=False)
parser.add_argument('file',
                    nargs='?',
                    type=argparse.FileType('r'),
                    action='store',
                    help='File containing a list of IP addresses / ranges split by a newline, otherwise read from STDIN',
                    metavar='FILE',
                    default=sys.stdin)
args = parser.parse_args()

try:
    targets = [line.strip() for line in args.file if len(line.strip())>0 and line[0] != '#']
except KeyboardInterrupt:
    exit()

with PoolExecutor(args.threads) as pool:
    for target in targets:
        pool.submit(lambda p: list_details(*p), [target, args.user, args.password, args.domain, args.access])