The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 2,418 other followers

Obtaining system information from SMB – Nmap: Network Exploration and Security Auditing Cookbook – Second Edition

Posted by jpluimers on 2021/07/09

Based on

This scans the network for SMB capable machines, and extracts information from them:

nmap -p139,445 --script smb-os-discovery

Note that experimenting this, I found out that nmap is also available on Chocolatey: [WayBack] Chocolatey Gallery | Nmap 7.70 (heck, since 2016, no less!).

I was hoping I wrote a little batch file around this, called, because net view is working not so well on Windows 10 any more, but that failed, so here is the batch file:

@echo off
:: only works from older versions than Windows 10
:: the delay is caused by the "net view" scanning the network
:: the first for calls ping with the hostname
:: the second for gets the IP and hostname without waiting for a ping result
for /f "usebackq tokens=1* delims=\ " %%m in (`net view ^| findstr "\\"`) do (
  for /f "usebackq tokens=2,3 delims=[] " %%h in (`ping -4 %%m -n 1 -w 1 ^| grep Pinging`) do (
    echo %%i    %%h
goto :eof

:: output of the first for without filtering (no starting newline):
:: Server Name            Remark
:: -------------------------------------------------------------------------------
:: \\REVUE                Samba 4.7.3-git.30.54c196e5d35SUSE-oS15.5-x86_64
:: \\VCS-CI
:: The command completed successfully.

:: output of the second for without filtering (including the starting newline):
:: Pinging revue [] with 32 bytes of data:
:: Reply from bytes=32 time<1ms TTL=64
:: Ping statistics for
::     Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
:: Approximate round trip times in milli-seconds:
::     Minimum = 0ms, Maximum = 0ms, Average = 0ms

The above batch file delivered many more results than this line:

nmap -p139,445 --script smb-os-discovery | grep -w "\(report\|Computer name\)"


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: