Searching SMB Shares
Shrawler
# Install
shrawler $ADDOMAIN/$ADUSER@$ADCONTROLLER --hosts $ACTIVE --spider
# Run
shrawler $ADDOMAIN/$ADUSER@$ADCONTROLLER --hosts $ACTIVE --spiderNetExec
Collect Data
NTLM
nxc smb $TARGETS -u $ADUSER -d $ADDOMAIN -p $(PSWPRMPT) -M spider_plus;PSW=""Search Data
Overview
echo;echo;echo
UNIQ_FILES=$(cat /tmp/nxc_hosted/nxc_spider_plus/* | jq -r '.[] | select(length > 0) | keys[]' | sort -u)
echo " [+] $(echo "$UNIQ_FILES" | wc -l) unique files found"
MEDIA_FILES=$(echo "$UNIQ_FILES" | egrep -i '\.iso|\.img|\.vmdk|\.vdi|\.dmg|\.bin|\.nrg|\.cue|\.raw|\.ova|\.ovf')
echo " [+] $(echo "$MEDIA_FILES" | wc -l) Media files found"
SENSITIVE_FILES=$(echo "$UNIQ_FILES" | egrep -i 'password|passwd|pwd|secret|credential|user|login|vault|key|token|apikey|auth|dbpass|rootpass|adminpass|crypto')
echo " [+] $(echo "$SENSITIVE_FILES" | wc -l) Sensitive keyword files found"
SCRIPT_FILES=$(echo "$UNIQ_FILES" | egrep -i '\.sh|\.ps1|\.bat|\.cmd|\.py|\.rb|\.pl|\.js|\.vbs|\.php|\.asp|\.psm1|\.ksh|\.zsh|\.bash|\.csh|\.tcsh')
echo " [+] $(echo "$SCRIPT_FILES" | wc -l) Script files found"
DOCUMENT_FILES=$(echo "$UNIQ_FILES" | egrep -i '\.doc|\.docx|\.xls|\.xlsx|\.ppt|\.pptx|\.pdf|\.rtf|\.csv|\.odt|\.ods|\.odp')
echo " [+] $(echo "$DOCUMENT_FILES" | wc -l) Document files found"
TEXT_FILES=$(echo "$UNIQ_FILES" | egrep -i '\.txt')
echo " [+] $(echo "$TEXT_FILES" | wc -l) Text files found"
ARCHIVE_FILES=$(echo "$UNIQ_FILES" | egrep -i '\.zip|\.tar|\.gz|\.tgz|\.bz2|\.7z|\.rar|\.xz|\.cab|\.iso')
echo " [+] $(echo "$ARCHIVE_FILES" | wc -l) Archive files found"
DB_FILES=$(echo "$UNIQ_FILES" | egrep -i '\.sql|\.db|\.mdb|\.sqlite|\.accdb|\.dbf|\.dump|\.bak|\.backup|\.ldif')
echo " [+] $(echo "$DB_FILES" | wc -l) Database-related files found"
CONFIG_FILES=$(echo "$UNIQ_FILES" | egrep -i '\.conf|\.cfg|\.ini|\.yaml|\.yml|\.properties|\.json|\.xml|\.env')
echo " [+] $(echo "$CONFIG_FILES" | wc -l) Configuration files found"
CERT_FILES=$(echo "$UNIQ_FILES" | egrep -i '\.pem|\.crt|\.key|\.pfx|\.p12|\.csr|\.der')
echo " [+] $(echo "$CERT_FILES" | wc -l) Certificate and key files found"
LOG_FILES=$(echo "$UNIQ_FILES" | egrep -i '\.log|\.out|\.audit|\.trace|\.dmp')
echo " [+] $(echo "$LOG_FILES" | wc -l) Log files found"
EXEC_FILES=$(echo "$UNIQ_FILES" | egrep -i '\.exe|\.dll|\.so|\.o|\.bin|\.out|\.msi|\.deb|\.rpm|\.apk|\.app|\.jar|\.war|\.ear')
echo " [+] $(echo "$EXEC_FILES" | wc -l) Executable files found"
BACKUP_FILES=$(echo "$UNIQ_FILES" | egrep -i '\.bak|\.tmp|\.swp|\.old|\.save|\.orig|\.bk|\.backup|\.~|\.recovery')
echo " [+] $(echo "$BACKUP_FILES" | wc -l) Backup and temporary files found"
WEB_FILES=$(echo "$UNIQ_FILES" | egrep -i '\.html|\.htm|\.js|\.php|\.jsp|\.asp|\.aspx|\.css|\.cgi')
echo " [+] $(echo "$WEB_FILES" | wc -l) Web-related files found"List File Names
List Possible Sensitive Files
List Media Files (iso, vmdk, img... ect)
List Scripts (sh, ps1, bat... ect)
List Document Files (docx, xlsx, pptx... ect)
List Text Files (txt)
List Archive Files (zip, tar, gz... ect)
List Database Files (sql, db, mdb... ect)
List Config Files (conf, .cfg, .ini, .yaml... ect)
List Certificate Files (... ect)
List Log Files (log, out, audit, trace, dmp... ect)
List Executable Files (exe, dll, bin... ect)
List Web Files (html, js, php... ect)
List all files
View all files (Names only)
View all unique files + paths
List other files
Count of files NOT detected in other checks
List of file types NOT found in other checks
List of file names NOT found in other checks
Locate IP/Share by file name
Display File Contents (Requires Auth)
The above requires smbng to be installed. It can be installed with Pipx using pipx install git+https://github.com/p0dalirius/smbclient-ng.git
Last updated