GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → p0dalirius → FindUncommonShares

p0dalirius / FindUncommonShares

Licence: other
FindUncommonShares.py is a Python equivalent of PowerView's Invoke-ShareFinder.ps1 allowing to quickly find uncommon shares in vast Windows Domains.

Programming Languages

python
139335 projects - #7 most used programming language

Labels

windowssmbactive-directorysharespentestinguncommon

Projects that are alternatives of or similar to FindUncommonShares

smbaudit
Perform various SMB-related attacks, particularly useful for testing large Active Directory environments.
Stars: ✭ 31 (-83.33%)
Mutual labels:  smb, active-directory
requests auth
Authentication classes to be used with requests
Stars: ✭ 28 (-84.95%)
Mutual labels:  active-directory
shadowbroker-smb-scanner
shadowbroker SMB exploit scanner. Scans for ETERNALSYNERGY ETERNALBLUE ETERNALROMANCE ETHERNALCHAMPION
Stars: ✭ 29 (-84.41%)
Mutual labels:  smb
smb-summit-hackathon
Build Blocks for the SAP SMB Summit Hackathons.
Stars: ✭ 23 (-87.63%)
Mutual labels:  smb
cockpit-samba-manager
A Cockpit plugin to manage Samba shares and users.
Stars: ✭ 28 (-84.95%)
Mutual labels:  smb
Impacket
Impacket is a collection of Python classes for working with network protocols.
Stars: ✭ 8,037 (+4220.97%)
Mutual labels:  smb
dash
Server control panel
Stars: ✭ 22 (-88.17%)
Mutual labels:  smb
active-directory-lookup
Simplest Java API (and CLI) for authenticating and searching in Active Directory
Stars: ✭ 15 (-91.94%)
Mutual labels:  active-directory
ActiveDirectoryEnumeration
Enumerate AD through LDAP with a collection of helpfull scripts being bundled
Stars: ✭ 127 (-31.72%)
Mutual labels:  active-directory
smbj-rpc
Created by Paul Miseiko via the GitHub Connector
Stars: ✭ 31 (-83.33%)
Mutual labels:  smb
teamcity-deployer-plugin
Deployer plugin for TeamCity CI server
Stars: ✭ 37 (-80.11%)
Mutual labels:  smb
Level-Headed
Random Level Generator for Super Mario Bros. 1 on the NES
Stars: ✭ 100 (-46.24%)
Mutual labels:  smb
Middleware
TrueNAS CORE/Enterprise/SCALE Middleware Git Repository
Stars: ✭ 1,851 (+895.16%)
Mutual labels:  smb
seahorse
ELKFH - Elastic, Logstash, Kibana, Filebeat and Honeypot (HTTP, HTTPS, SSH, RDP, VNC, Redis, MySQL, MONGO, SMB, LDAP)
Stars: ✭ 31 (-83.33%)
Mutual labels:  smb
PSPasswordExpiryNotifications
Following PowerShell Module provides different approach to scheduling password notifications for expiring Active Directory based accounts. While most of the scripts require knowledge on HTML... this one is just one config file and a bit of tingling around with texts. Whether this is good or bad it's up to you to decide. I do plan to add an optio…
Stars: ✭ 38 (-79.57%)
Mutual labels:  active-directory
user external
👥 External user authentication methods like IMAP, SMB and FTP
Stars: ✭ 80 (-56.99%)
Mutual labels:  smb
fs.smbfs
Pyfilesystem2 over SMB using pysmb
Stars: ✭ 21 (-88.71%)
Mutual labels:  smb
passport-activedirectory
Active Directory strategy for passport.js
Stars: ✭ 28 (-84.95%)
Mutual labels:  active-directory
pair-trading-view
Pair Trading View - .NET application for visual analysis of synthetic financial instruments based on statistical models.
Stars: ✭ 45 (-75.81%)
Mutual labels:  shares
crimson-spray
A lockout aware password sprayer
Stars: ✭ 11 (-94.09%)
Mutual labels:  active-directory
View All Similar Projects ➔

The script FindUncommonShares.py is a Python equivalent of PowerView's Invoke-ShareFinder.ps1 allowing to quickly find uncommon shares in vast Windows Active Directory Domains.
GitHub release (latest by date) YouTube Channel Subscribers

Features

  • Only requires a low privileges domain user account.
  • Automatically gets the list of all computers from the domain controller's LDAP.
  • Ignore the hidden shares (ending with $) with --ignore-hidden-shares.
  • Multithreaded connections to discover SMB shares.
  • Export results in JSON with IP, name, comment, flags and UNC path with --export-json <file.json>.
  • Export results in XLSX with IP, name, comment, flags and UNC path with --export-xlsx <file.xlsx>.
  • Export results in SQLITE3 with IP, name, comment, flags and UNC path with --export-sqlite <file.db>.
  • Iterate on LDAP result pages to get every computer of the domain, no matter the size.

Usage

$ ./FindUncommonShares.py -h
FindUncommonShares v2.4 - by @podalirius_

usage: FindUncommonShares.py [-h] [--use-ldaps] [-q] [--debug] [-no-colors] [-I] [-t THREADS] [--export-xlsx EXPORT_XLSX] [--export-json EXPORT_JSON] [--export-sqlite EXPORT_SQLITE] --dc-ip ip address [-d DOMAIN] [-u USER]
                             [--no-pass | -p PASSWORD | -H [LMHASH:]NTHASH | --aes-key hex key] [-k]

Find uncommon SMB shares on remote machines.

optional arguments:
  -h, --help            show this help message and exit
  --use-ldaps           Use LDAPS instead of LDAP
  -q, --quiet           Show no information at all.
  --debug               Debug mode.
  -no-colors            Disables colored output mode
  -I, --ignore-hidden-shares
                        Ignores hidden shares (shares ending with $)
  -t THREADS, --threads THREADS
                        Number of threads (default: 20)

Output files:
  --export-xlsx EXPORT_XLSX
                        Output XLSX file to store the results in.
  --export-json EXPORT_JSON
                        Output JSON file to store the results in.
  --export-sqlite EXPORT_SQLITE
                        Output SQLITE3 file to store the results in.

Authentication & connection:
  --dc-ip ip address    IP Address of the domain controller or KDC (Key Distribution Center) for Kerberos. If omitted it will use the domain part (FQDN) specified in the identity parameter
  -d DOMAIN, --domain DOMAIN
                        (FQDN) domain to authenticate to
  -u USER, --user USER  user to authenticate with

Credentials:
  --no-pass             Don't ask for password (useful for -k)
  -p PASSWORD, --password PASSWORD
                        Password to authenticate with
  -H [LMHASH:]NTHASH, --hashes [LMHASH:]NTHASH
                        NT/LM hashes, format is LMhash:NThash
  --aes-key hex key     AES key to use for Kerberos Authentication (128 or 256 bits)
  -k, --kerberos        Use Kerberos authentication. Grabs credentials from .ccache file (KRB5CCNAME) based on target parameters. If valid credentials cannot be found, it will use the ones specified in the command line

Examples :

$ ./FindUncommonShares.py -u 'user1' -d 'LAB.local' -p 'P@ssw0rd!' --dc-ip 192.168.2.1
FindUncommonShares v2.3 - by @podalirius_

[>] Extracting all computers ...
[+] Found 2 computers.

[>] Enumerating shares ...
[>] Found 'Users' on 'DC01.LAB.local'
[>] Found 'WeirdShare' on 'DC01.LAB.local' (comment: 'Test comment')
[>] Found 'AnotherShare' on 'PC01.LAB.local'
[>] Found 'Users' on 'PC01.LAB.local
$

Each JSON entry looks like this:

{
    "computer": {
        "fqdn": "DC01.LAB.local",
        "ip": "192.168.1.1"
    },
    "share": {
        "name": "ADMIN$",
        "comment": "Remote Admin",
        "hidden": true,
        "uncpath": "\\\\192.168.1.46\\ADMIN$\\",
        "type": {
            "stype_value": 2147483648,
            "stype_flags": [
                "STYPE_DISKTREE",
                "STYPE_TEMPORARY"
            ]
        }
    }
}

Demonstration

Credits

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].