smbcrawler
is no-nonsense tool that takes credentials and a list of hosts
and 'crawls' (or 'spiders') through those shares. Features:
- takes host names, IP addresses, IP ranges, or an nmap xml file as input
- checks permissions (check for 'write' permissions is opt-in, because it requires creating an empty directory on the share)
- crawling depth is customizable
- threaded
- outputs machine-readable formats (xml, json, grepable)
- pass-the-hash support
- auto-download interesting files
- pausable
Run it like this:
$ smbcrawler -i hosts.txt -u pen.tester -p iluvb0b -d contoso.local \
-t 5 -D 5 -oA smbshares
This yields an xml file (among others), which you can view in a browser:
During run time, you can use the following keys:
p
: pause the crawler and skip single hosts or shares (experimental feature, be careful)<space>
: print the current progress
Even in medium sized networks, smbcrawler
will find tons of data. The
challenge is to reduce false positives. Another issue is the amount of
memory that is needed to write both the XML and the JSON report. With more
than few hundred shares, you may want to run smbcrawler
on several bunches of
hosts. Even though smbcrawler
does its best not to lose any information (and most
of it is in the log, which is written to incrementally), it can happen if
lots of shares are found and when it does, it's annoying.
You also may want to run it first with crawling depth 0 to get an idea of
what you're dealing with. In this first run, you can enable the write check
with -w
, but note that this will attempt to create a directory on each share.
Its name is smbcrawler_<8 random characters>
and will be deleted
immediately, but be aware anyway.
Afterwards, you can identify interesting and boring shares for your next run or several runs.
Unless you expect a large amount of data, it makes sense to almost always
run it with -oA
to gather the most amount of information.
Hint: Don't increase verbosity, but check progress with tail -f <filename>.log
in another shell. This will make it easier to see the
progress report that is printed when you press <space>
.
For more information, run smbcrawler -h
.
The following python libraries are required:
impacket
lxml
- Optional:
python-libnmap
if you want to parse nmap files
Install with pip3 install --user .
or python3 setup.py install --user
.
Alternatively, install dependencies manually and run with python3 -m smbcrawler
.
Adrian Vollmer, SySS GmbH
MIT License