The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,860 other subscribers
«
»

Obtaining system information from SMB – Nmap: Network Exploration and Security Auditing Cookbook – Second Edition

Posted by jpluimers on 2021/07/09

Based on

This scans the 192.168.1.0/24 network for SMB capable machines, and extracts information from them:

nmap -p139,445 --script smb-os-discovery 192.168.1.0/24

Note that experimenting this, I found out that nmap is also available on Chocolatey: [WayBack] Chocolatey Gallery | Nmap 7.70 (heck, since 2016, no less!).

I was hoping I wrote a little batch file around this, called find-smb-hosts.on.192.168.1.network.bat, because net view is working not so well on Windows 10 any more, but that failed, so here is the batch file:

@echo off
:: only works from older versions than Windows 10
:: the delay is caused by the "net view" scanning the network
:: the first for calls ping with the hostname
:: the second for gets the IP and hostname without waiting for a ping result
for /f "usebackq tokens=1* delims=\ " %%m in (`net view ^| findstr "\\"`) do (
  for /f "usebackq tokens=2,3 delims=[] " %%h in (`ping -4 %%m -n 1 -w 1 ^| grep Pinging`) do (
    echo %%i    %%h
  )
)
goto :eof

:: output of the first for without filtering (no starting newline):
:: Server Name            Remark
::
:: -------------------------------------------------------------------------------
:: \\REVUE                Samba 4.7.3-git.30.54c196e5d35SUSE-oS15.5-x86_64
:: \\VCS-CI
:: The command completed successfully.

:: output of the second for without filtering (including the starting newline):
::
:: Pinging revue [192.168.1.62] with 32 bytes of data:
:: Reply from 192.168.1.62: bytes=32 time<1ms TTL=64
::
:: Ping statistics for 192.168.1.62:
::     Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
:: Approximate round trip times in milli-seconds:
::     Minimum = 0ms, Maximum = 0ms, Average = 0ms

The above batch file delivered many more results than this line:

nmap -p139,445 --script smb-os-discovery 192.168.71.1/24 | grep -w "\(report\|Computer name\)"

–jeroen

This entry was posted on 2021/07/09 at 06:00 and is filed under *nix, *nix-tools, nmap, Power User. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

«
»