NAME

       smbmap - SMB enumeration tool

SYNOPSIS

       smbmap [options]

DESCRIPTION

       SMBMap  allows  users  to  enumerate samba share drives across an entire domain. List share drives, drive
       permissions, share contents, upload/download functionality, file name auto-download pattern matching, and
       even  execute  remote  commands.  This  tool  was  designed  with pen testing in mind, and is intended to
       simplify searching for potentially sensitive data across large networks.

OPTIONS

   Main arguments:
       -H HOST
              IP of host

       --host-file FILE
              File containing a list of hosts

       -u USERNAME
              Username, if omitted null session assumed

       -p PASSWORD
              Password or NTLM hash

       -s SHARE
              Specify a share (default C$), ex 'C$'

       -d DOMAIN
              Domain name (default WORKGROUP)

       -P PORT
              SMB port (default 445)

   Command Execution:
              Options for executing commands on the specified host

       -x COMMAND
              Execute a command ex. 'ipconfig /all'

   Filesystem Search:
              Options for searching/enumerating the filesystem of the specified host

       -L     List all drives on the specified host

       -R [PATH]
              Recursively list dirs, and files (no share\path lists ALL shares), ex. 'C$\Finance'

       -r [PATH]
              List contents of directory, default is to list root  of  all  shares,  ex.  -r  'C$\Documents  and
              Settings\Administrator\Documents'

       -A PATTERN
              Define  a file name pattern (regex) that auto downloads a file on a match (requires -R or -r), not
              case sensitive, ex '(web|global).(asax|config)'

       -q     Disable verbose output. Only shows shares you have READ/WRITE on, and suppresses file listing when
              performing a search (-A).

       --depth DEPTH
              Traverse a directory tree to a specific depth

   File Content Search:
              Options for searching the content of files

       -F PATTERN
              File  content  search, -F '[Pp]assword' (requries admin access to execute commands, and powershell
              on victim host)

       --search-path PATH
              Specify drive/path to search (used with -F, default C:\Users), ex 'D:\HR\'

   Filesystem interaction:
              Options for interacting with the specified host's filesystem

       --download PATH
              Download a file from the remote system, ex.'C$\temp\passwords.txt'

       --upload SRC DST
              Upload a file to the remote system ex.  '/tmp/payload.exe C$\temp\payload.exe'

       --delete PATH TO FILE
              Delete a remote file, ex. 'C$\temp\msf.exe'

       --skip Skip delete file confirmation prompt

   Optional arguments:
       -h, --help
              show help message and exit

EXAMPLES

       smbmap -u jsmith -p password1 -d workgroup -H 192.168.0.1
       smbmap -u jsmith -p 'aad3b435b51404eeaad3b435b51404ee:da76f2c4c96028b7a6111aef4a50a94d' -H 172.16.0.20
       smbmap -u 'apadmin' -p 'asdf1234!' -d ACME -H 10.1.3.30 -x 'net group "Domain Admins" /domain'

AUTHOR

       smbmap was developed by ShawnDEvans <ShawnDEvans@gmail.com>

       This manual page was written by Samuel Henrique <samueloph@debian.org> for the  Debian  project,  it  was
       based on smbmap -h output and can be used by other projects as well.