jmarya/knowledge
jmarya/knowledge
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
knowledge/technology/applications/cli/smbmap.md

73 lines
5.7 KiB
Markdown
Raw Blame History

---
obj: application
repo: https://github.com/ShawnDEvans/smbmap
source: https://www.kali.org/tools/smbmap
---
# smbmap
SMBMap allows users to enumerate [samba](../web/Samba.md) share drives across an entire domain. List share drives, drive permissions, share contents, upload/download functionality, file name auto-download pattern matching, and even execute remote commands. This tool was designed with pen testing in mind, and is intended to simplify searching for potentially sensitive data across large networks.
## Usage
Usage: `smbmap [options]...`
### Options
#### Main arguments
| Option | Description |
| ------------------------ | --------------------------------------------------- |
| `-H HOST` | IP of host |
| `--host-file FILE` | File containing a list of hosts |
| `-u USERNAME` | Username, if omitted null session assumed |
| `-p PASSWORD` | Password or NTLM hash |
| `--prompt` | Prompt for a password |
| `-s SHARE` | Specify a share |
| `-d DOMAIN` | Domain name (default WORKGROUP) |
| `-P PORT` | SMB port (default 445) |
| `-v` | Return the OS version of the remote host |
| `--admin` | Just report if the user is an admin |
| `--no-banner` | Removes the banner from the top of the output |
| `--no-color` | Removes the color from output |
| `--no-update` | Removes the "Working on it" message |
| `--timeout SCAN_TIMEOUT` | Set port scan socket timeout. Default is .5 seconds |
#### Command Execution
Options for executing commands on the specified host
| Option | Description |
| ---------------- | ---------------------------------------------------------- |
| `-x COMMAND` | Execute a command ex. `ipconfig /all` |
| `--mode CMDMODE` | Set the execution method, `wmi` or `psexec`, default `wmi` |
#### Shard drive Search
Options for searching/enumerating the share of the specified host(s)
| Option | Description |
| ----------------------------- | ------------------------------------------------------------------------------------------------------------------------------------- |
| `-L` | List all drives on the specified host, requires ADMIN rights. |
| `-r [PATH]` | Recursively list dirs and files (no share\path lists the root of ALL shares), ex. 'email/backup' |
| `-A PATTERN` | Define a file name pattern ([regex](../../tools/Regex.md)) that auto downloads a file on a match (requires `-r`), not case sensitive, |
| `-g FILE` | Output to a file in a grep friendly format, used with `-r` (otherwise it outputs nothing) |
| `--csv FILE` | Output to a [CSV](../../files/CSV.md) file |
| `--dir-only` | List only directories, ommit files. |
| `--no-write-check` | Skip check to see if drive grants WRITE access. |
| `-q` | Quiet verbose output. Only shows shares you have READ or WRITE on, and suppresses file listing when performing a search. |
| `--depth DEPTH` | Traverse a directory tree to a specific depth. (Default: 5) |
| `--exclude SHARE [SHARE ...]` | Exclude share(s) from searching and listing |
#### File Content Search
Options for searching the content of files (must run as root), kind of experimental
| Option | Description |
| -------------------------- | ------------------------------------------------------------------------------------------------------------------ |
| `-F PATTERN` | File content search, `-F '[Pp]assword'` (requires admin access to execute commands, and PowerShell on victim host) |
| `--search-path PATH` | Specify drive/path to search |
| `--search-timeout TIMEOUT` | Specifcy a timeout (in seconds) before the file search job gets killed. Default is 300 seconds. |
#### Filesystem interaction
Options for interacting with the specified host's filesystem
| Option | Description |
| ----------------------- | -------------------------------------- |
| `--download PATH` | Download a file from the remote system |
| `--upload SRC DST` | Upload a file to the remote system |
| `--delete PATH TO FILE` | Delete a remote file |
| `--skip` | Skip delete file confirmation prompt |
Reference in a new issue View git blame Copy permalink