PentestPilot/bin/smb_enum.sh

#!/usr/bin/env bash
set -euo pipefail

usage(){
  cat >&2 <<USAGE
Usage: $(basename "$0") <ip> [user] [pass]
- Anonymous or credentialed SMB quick enumeration.
USAGE
  exit 1
}

ip=${1:-${TARGET:-}}
user=${2:-}
pass=${3:-}
[[ -z "$ip" ]] && usage

outdir=${OUTDIR:-scans}
mkdir -p "$outdir"
ts=$(date +%Y%m%d_%H%M%S)
base="$outdir/${ip//\//_}_smb_${ts}"

echo "[+] SMB nmap scripts"
nmap -Pn -p 139,445 --script smb-protocols,smb2-security-mode,smb2-time,smb2-capabilities,smb-security-mode -oN "$base.nmap" "$ip" || true

if [[ -z "$user" ]]; then
  echo "[+] smbclient -N -L //$ip"
  (smbclient -N -L "//$ip" || true) | tee "$base.smbclient.list"
else
  echo "[+] smbclient -L //$ip -U $user%<hidden>"
  (smbclient -L "//$ip" -U "$user%$pass" || true) | tee "$base.smbclient.list"
fi

echo "[+] Attempting anonymous share listing"
awk '/Disk/{print $1}' "$base.smbclient.list" | grep -vE '^-|Printer|IPC\$' | while read -r share; do
  echo "--- Listing //$ip/$share (anon) ---" | tee -a "$base.shares.txt"
  (echo -e "recurse ON\nls\nexit\n" | smbclient -N "//$ip/$share" || true) | tee -a "$base.shares.txt"
done

echo "[+] Saved outputs under $base.*"