Python script used in internal red team/pen test engagements looking for SMB shares that have hard coded creds. After coming across hard coded creds in SMB shares throughout various engagements (I know, I know... but I was still finding this mess) I wanted to automate it for quick wins by leveraging impacket and my ugly Python "skills"...
- Feed it IPs via a static list or an IP range.
- Attempt authentication using a list of known creds
- Traverse directories with limits to prevent endless recursion
- Check file sizes before downloading or flagging.
- Throttle request rates to avoid network saturation or detection.
- Log my findings via success, errors, flags, etc.) to a file or syslog.
- User has a choice to output to a CSV or JSON file.
Impacket
- Make it work with Slack, Teams, email etc. so blue teams can run it...?
- Include file type filters like .docx, .pdf, .odt, and specific keyword search inside files.
- Add functionality to resume and skipped already scanned IPs in case you end up breaking something... :)
- Keyword detection in file names...?
python smb_scanner.py -i 192.168.1.0/24 -c credentials.txt -r csv
python smb_scanner.py -i targets.txt -c credentials.txt -r json
--users | Username list (one per line)
--passwords | Password list (one per line)
--max-attempts | Max username:password attempts per host
--exclude | Skip scanning certain IPs or CIDR ranges
--report-format | Save results as csv or json
Limit attempts to 5 per host and exclude specific IPs while using user and password list of your choice and exporting the results to a .json file
python smb_scanner.py -i 192.168.1.0/24 \
--users users.txt \
--passwords passwords.txt \
--max-attempts 5 \
--exclude 192.168.1.50,192.168.1.100/30 \
-r json