SMBSR - Lookup For Interesting Stuff In SMB Shares

Well, SMBSR is a python script which given a CIDR/IP/IP_file/HOSTNAME(s) enumerates all the SMB services listening (445) among the targets and tries to authenticate against them; if the authentication succeed then all the folders and subfolders are visited recursively in order to find secrets in files and ... secret files. In order to scan the targets for SMB ports open the masscan module is used. SMBSR consides someting interesting basing on its:

Content Exstension Name

The interesting keywords the tool should look for are defined via the command line as well as:

File extension blacklist Folder blacklist (Watch out, also subfolders are gone) Number of Threads Should i masscan or not? Interesting file extensions (I guess something like ppk, kdbx, ...) Maximum file size (Bytes) allowed to be checked (Believe me, too big might take some time) Should i export the results in two nice CSV files? How deep should i look into subfolders? Other common ones and required

Of course everything is saved locally in a SQlite Database. The database containes one table for the "hopefully it's a DA password" match, called smbsr containing the following columns:

file share ip position matchedWith Creation Date Last Modified Date Last Accessed Date Count (If more then one match on the same file, this one is incremented)

And also another table for the interesting file list containing the following columns:

file share ip Creation Date Last Modified Date Last Accessed Date

Requirements

Usage

For instance, from the project folder:

Coming Soon(?)

LDAP Integration in order to retrieve the list of computer objects Everyone who is going to help out finding issues and improving Retrospected: For helping out every Friday with debugging the code and brainstorming on new features