Collect Data
NTLM
nxc smb $TARGETS -u $ADUSER -d $ADDOMAIN -p $(PSWPRMPT) -M spider_plus;PSW=""
Search Data
Overview
echo;echo;echo
UNIQ_FILES=$(cat /tmp/nxc_hosted/nxc_spider_plus/* | jq -r '.[] | select(length > 0) | keys[]' | sort -u)
echo " [+] $(echo "$UNIQ_FILES" | wc -l) unique files found"
MEDIA_FILES=$(echo "$UNIQ_FILES" | egrep -i '\.iso|\.img|\.vmdk|\.vdi|\.dmg|\.bin|\.nrg|\.cue|\.raw|\.ova|\.ovf')
echo " [+] $(echo "$MEDIA_FILES" | wc -l) Media files found"
SENSITIVE_FILES=$(echo "$UNIQ_FILES" | egrep -i 'password|passwd|pwd|secret|credential|user|login|vault|key|token|apikey|auth|dbpass|rootpass|adminpass|crypto')
echo " [+] $(echo "$SENSITIVE_FILES" | wc -l) Sensitive keyword files found"
SCRIPT_FILES=$(echo "$UNIQ_FILES" | egrep -i '\.sh|\.ps1|\.bat|\.cmd|\.py|\.rb|\.pl|\.js|\.vbs|\.php|\.asp|\.psm1|\.ksh|\.zsh|\.bash|\.csh|\.tcsh')
echo " [+] $(echo "$SCRIPT_FILES" | wc -l) Script files found"
DOCUMENT_FILES=$(echo "$UNIQ_FILES" | egrep -i '\.doc|\.docx|\.xls|\.xlsx|\.ppt|\.pptx|\.pdf|\.rtf|\.csv|\.odt|\.ods|\.odp')
echo " [+] $(echo "$DOCUMENT_FILES" | wc -l) Document files found"
TEXT_FILES=$(echo "$UNIQ_FILES" | egrep -i '\.txt')
echo " [+] $(echo "$TEXT_FILES" | wc -l) Text files found"
ARCHIVE_FILES=$(echo "$UNIQ_FILES" | egrep -i '\.zip|\.tar|\.gz|\.tgz|\.bz2|\.7z|\.rar|\.xz|\.cab|\.iso')
echo " [+] $(echo "$ARCHIVE_FILES" | wc -l) Archive files found"
DB_FILES=$(echo "$UNIQ_FILES" | egrep -i '\.sql|\.db|\.mdb|\.sqlite|\.accdb|\.dbf|\.dump|\.bak|\.backup|\.ldif')
echo " [+] $(echo "$DB_FILES" | wc -l) Database-related files found"
CONFIG_FILES=$(echo "$UNIQ_FILES" | egrep -i '\.conf|\.cfg|\.ini|\.yaml|\.yml|\.properties|\.json|\.xml|\.env')
echo " [+] $(echo "$CONFIG_FILES" | wc -l) Configuration files found"
CERT_FILES=$(echo "$UNIQ_FILES" | egrep -i '\.pem|\.crt|\.key|\.pfx|\.p12|\.csr|\.der')
echo " [+] $(echo "$CERT_FILES" | wc -l) Certificate and key files found"
LOG_FILES=$(echo "$UNIQ_FILES" | egrep -i '\.log|\.out|\.audit|\.trace|\.dmp')
echo " [+] $(echo "$LOG_FILES" | wc -l) Log files found"
EXEC_FILES=$(echo "$UNIQ_FILES" | egrep -i '\.exe|\.dll|\.so|\.o|\.bin|\.out|\.msi|\.deb|\.rpm|\.apk|\.app|\.jar|\.war|\.ear')
echo " [+] $(echo "$EXEC_FILES" | wc -l) Executable files found"
BACKUP_FILES=$(echo "$UNIQ_FILES" | egrep -i '\.bak|\.tmp|\.swp|\.old|\.save|\.orig|\.bk|\.backup|\.~|\.recovery')
echo " [+] $(echo "$BACKUP_FILES" | wc -l) Backup and temporary files found"
WEB_FILES=$(echo "$UNIQ_FILES" | egrep -i '\.html|\.htm|\.js|\.php|\.jsp|\.asp|\.aspx|\.css|\.cgi')
echo " [+] $(echo "$WEB_FILES" | wc -l) Web-related files found"
List File Names
List Possible Sensitive Files
echo "$SENSITIVE_FILES"
List Media Files (iso, vmdk, img... ect)
List Scripts (sh, ps1, bat... ect)
List Document Files (docx, xlsx, pptx... ect)
echo "$DOCUMENT_FILES"
List Text Files (txt)
List Archive Files (zip, tar, gz... ect)
echo "$ARCHIVE_FILES"
List Database Files (sql, db, mdb... ect)
List Config Files (conf, .cfg, .ini, .yaml... ect)
List Certificate Files (... ect)
List Log Files (log, out, audit, trace, dmp... ect)
List Executable Files (exe, dll, bin... ect)
List Web Files (html, js, php... ect)
List all files
View all files (Names only)
View all unique files + paths
cat /tmp/nxc_hosted/nxc_spider_plus/* | jq '.[] | select(length > 0) | keys[]' | tr -d '"' | sort -u
List other files
Count of files NOT detected in other checks
ALL_TYPES_REGEX='\.(iso|img|vmdk|vdi|dmg|bin|nrg|cue|raw|sh|ps1|bat|cmd|py|rb|pl|js|vbs|php|asp|psm1|ksh|zsh|bash|csh|tcsh|doc|docx|xls|xlsx|ppt|pptx|pdf|txt|rtf|csv|odt|ods|odp|zip|tar|gz|tgz|bz2|7z|rar|xz|cab|sql|db|mdb|sqlite|accdb|dbf|dump|bak|backup|ldif|conf|cfg|ini|yaml|yml|properties|json|xml|env|pem|crt|key|pfx|p12|csr|der|log|out|audit|trace|dmp|exe|dll|so|o|msi|deb|rpm|apk|app|jar|war|ear|bak|tmp|swp|old|save|orig|bk|~|recovery|html|htm|jsp|css|cgi)$'
UNDOCUMENTED_EXT_FILES=$(echo "$UNIQ_FILES" | egrep -v "$ALL_TYPES_REGEX")
echo " [+] $(echo "$UNDOCUMENTED_EXT_FILES" | wc -l) files with unique extensions not in previous checks found"
List of file types NOT found in other checks
UNIQUE_EXTENSIONS=$(echo "$UNDOCUMENTED_EXT_FILES" | awk -F. '{if (NF>1) print $NF}' | sort -u)
echo " [+] Unique file extensions not detected:"
echo "$UNIQUE_EXTENSIONS"
List of file names NOT found in other checks
UNDOCUMENTED_FILES=$(echo "$UNIQ_FILES" | egrep -v "$ALL_TYPES_REGEX")
echo " [+] $(echo "$UNDOCUMENTED_FILES" | wc -l) unique file names not detected in previous checks found"
echo " [+] Unique file names not detected:"
echo "$UNDOCUMENTED_FILES"
Locate IP/Share by file name
echo;echo
vared -p 'File Path: ' -c SEARCHTEXT
JSONFILE=$(grep -Hn "$SEARCHTEXT" /tmp/nxc_hosted/nxc_spider_plus/* | cut -d ":" -f 1)
SERVER_IP=$(echo "$JSONFILE" | sed 's/\/tmp\/nxc_hosted\/nxc_spider_plus\///g;s/.json//g')
HOSTNAME=$(dig -x $SERVER_IP +short)
SHARE_NAME=$(jq --arg filepath "$SEARCHTEXT" -r 'to_entries[] | select(.value[$filepath]) | .key' $JSONFILE)
echo;echo
echo " [+] Server IP: $SERVER_IP ($HOSTNAME)"
echo " [+] Share Name: $SHARE_NAME"
echo " [+] Found File: $SEARCHTEXT"
Display File Contents (Requires Auth)
echo;echo
vared -p 'File Path: ' -c SEARCHTEXT
JSONFILE=$(grep -Hn "$SEARCHTEXT" /tmp/nxc_hosted/nxc_spider_plus/* | cut -d ":" -f 1)
SERVER_IP=$(echo "$JSONFILE" | sed 's/\/tmp\/nxc_hosted\/nxc_spider_plus\///g;s/.json//g')
SHARE_NAME=$(jq --arg filepath "$SEARCHTEXT" -r 'to_entries[] | select(.value[$filepath]) | .key' $JSONFILE)
cat >> /tmp/smb_download_script.txt << EOF
use $SHARE_NAME
cat $SEARCHTEXT
EOF
smbng --host "$SERVER_IP" -u "$ADUSER" -d "$ADDOMAIN" --no-colors -N --startup-script /tmp/smb_download_script.txt
rm /tmp/smb_download_script.txt
The above requires smbng to be installed. It can be installed with Pipx using pipx install git+https://github.com/p0dalirius/smbclient-ng.git
Last updated