SMBEagle

SMBeagle is an SMB file share auditing and enumeration tool that rapidly hunts out file shares and inventories their contents. Built from a desire to find poorly protected files, SMBeagle casts the spotlight on files vulnerable to ransomware, watering hole attacks and which may contain sensitive credentials.

USAGE:
Output to a CSV file:
  SMBeagle -c out.csv
Output to elasticsearch (Preferred):
  SMBeagle -e 127.0.0.1
Output to elasticsearch and CSV:
  SMBeagle -c out.csv -e 127.0.0.1
Disable network discovery and provide manual networks:
  SMBeagle -D -e 127.0.0.1 -n 192.168.12.0./23 192.168.15.0/24
Do not enumerate ACLs (FASTER):
  SMBeagle -A -e 127.0.0.1

  -c, --csv-file                     (Group: output) Output results to a CSV
                                     file by providing filepath
  -e, --elasticsearch-host           (Group: output) Output results to
                                     elasticsearch by providing elasticsearch
                                     hostname (default port is 9200 , but can be
                                     overridden)
  --elasticsearch-port               (Default: 9200) Define the elasticsearch
                                     custom port if required
  -f, --fast                         Enumerate only one files permissions per
                                     directory
  -l, --scan-local-shares            Scan the local shares on this machine
  -D, --disable-network-discovery    Disable network discovery
  -n, --network                      Manually add network to scan (multiple
                                     accepted)
  -N, --exclude-network              Exclude a network from scanning (multiple
                                     accepted)
  -h, --host                         Manually add host to scan
  -H, --exclude-host                 Exclude a host from scanning
  -q, --quiet                        Disable unneccessary output
  -S, --exclude-share                Do not scan shares with this name (multiple
                                     accepted)
  -s, --share                        Only scan shares with this name (multiple
                                     accepted)
  -E, --exclude-hidden-shares        Exclude shares ending in $
  -v, --verbose                      Give more output
  -m, --max-network-cidr-size        (Default: 20) Maximum network size to scan
                                     for SMB Hosts
  -A, --dont-enumerate-acls          (Default: false) Skip enumeration of file
                                     ACLs
  -d, --domain                       (Default: ) Domain for connecting to SMB
  -u, --username                     Username for connecting to SMB - mandatory
                                     on linux
  -p, --password                     Password for connecting to SMB - mandatory
                                     on linux
  --help                             Display this help screen.
  --version                          Display version information.

Usage : 
./smbeagle.exe -c output.csv -f <ipaddress>

PreviousNetBIOS Enumerator NextRPC Scan

Last updated 5 months ago

USAGE: Output to a CSV file: SMBeagle -c out.csv Output to elasticsearch (Preferred): SMBeagle -e 127.0.0.1 Output to elasticsearch and CSV: SMBeagle -c out.csv -e 127.0.0.1 Disable network discovery and provide manual networks: SMBeagle -D -e 127.0.0.1 -n 192.168.12.0./23 192.168.15.0/24 Do not enumerate ACLs (FASTER): SMBeagle -A -e 127.0.0.1 -c, --csv-file (Group: output) Output results to a CSV file by providing filepath -e, --elasticsearch-host (Group: output) Output results to elasticsearch by providing elasticsearch hostname (default port is 9200 , but can be overridden) --elasticsearch-port (Default: 9200) Define the elasticsearch custom port if required -f, --fast Enumerate only one files permissions per directory -l, --scan-local-shares Scan the local shares on this machine -D, --disable-network-discovery Disable network discovery -n, --network Manually add network to scan (multiple accepted) -N, --exclude-network Exclude a network from scanning (multiple accepted) -h, --host Manually add host to scan -H, --exclude-host Exclude a host from scanning -q, --quiet Disable unneccessary output -S, --exclude-share Do not scan shares with this name (multiple accepted) -s, --share Only scan shares with this name (multiple accepted) -E, --exclude-hidden-shares Exclude shares ending in $ -v, --verbose Give more output -m, --max-network-cidr-size (Default: 20) Maximum network size to scan for SMB Hosts -A, --dont-enumerate-acls (Default: false) Skip enumeration of file ACLs -d, --domain (Default: ) Domain for connecting to SMB -u, --username Username for connecting to SMB - mandatory on linux -p, --password Password for connecting to SMB - mandatory on linux --help Display this help screen. --version Display version information.