smbcrawler is no-nonsense tool that takes credentials and a list of hosts and 'crawls' (or 'spiders') through those shares. Features:

• takes host names, IP addresses, IP ranges, or an nmap xml file as input
• checks permissions (check for 'write' permissions is opt-in, because it requires creating an empty directory on the share)
• crawling depth is customizable
• threaded
• outputs machine-readable formats (xml, json, grepable)
• pass-the-hash support
• auto-download interesting files
• pausable

Run it like this:

$ smbcrawler -i hosts.txt -u pen.tester -p iluvb0b -d contoso.local \
        -t 5 -D 5 -oA smbshares

This yields an xml file (among others), which you can view in a browser:

During run time, you can use the following keys:

• p: pause the crawler and skip single hosts or shares (experimental feature, be careful)
• <space>: print the current progress

Even in medium sized networks, smbcrawler will find tons of data. The challenge is to reduce false positives. Another issue is the amount of memory that is needed to write both the XML and the JSON report. With more than few hundred shares, you may want to run smbcrawler on several bunches of hosts. Even though smbcrawler does its best not to lose any information (and most of it is in the log, which is written to incrementally), it can happen if lots of shares are found and when it does, it's annoying.

You also may want to run it first with crawling depth 0 to get an idea of what you're dealing with. In this first run, you can enable the write check with -w, but note that this will attempt to create a directory on each share. Its name is smbcrawler_<8 random characters> and will be deleted immediately, but be aware anyway.

Afterwards, you can identify interesting and boring shares for your next run or several runs.

Unless you expect a large amount of data, it makes sense to almost always run it with -oA to gather the most amount of information.

Hint: Don't increase verbosity, but check progress with tail -f <filename>.log in another shell. This will make it easier to see the progress report that is printed when you press <space>.

For more information, run smbcrawler -h.

The following python libraries are required:

• impacket
• lxml
• Optional: python-libnmap if you want to parse nmap files

Install with pip3 install --user . or python3 setup.py install --user.

Alternatively, install dependencies manually and run with python3 -m smbcrawler.

Adrian Vollmer, SySS GmbH

MIT License