# SMBEagle

SMBeagle is an SMB file share auditing and enumeration tool that rapidly hunts out file shares and inventories their contents. Built from a desire to find poorly protected files, SMBeagle casts the spotlight on files vulnerable to ransomware, watering hole attacks and which may contain sensitive credentials.

```
USAGE:
Output to a CSV file:
  SMBeagle -c out.csv
Output to elasticsearch (Preferred):
  SMBeagle -e 127.0.0.1
Output to elasticsearch and CSV:
  SMBeagle -c out.csv -e 127.0.0.1
Disable network discovery and provide manual networks:
  SMBeagle -D -e 127.0.0.1 -n 192.168.12.0./23 192.168.15.0/24
Do not enumerate ACLs (FASTER):
  SMBeagle -A -e 127.0.0.1

  -c, --csv-file                     (Group: output) Output results to a CSV
                                     file by providing filepath
  -e, --elasticsearch-host           (Group: output) Output results to
                                     elasticsearch by providing elasticsearch
                                     hostname (default port is 9200 , but can be
                                     overridden)
  --elasticsearch-port               (Default: 9200) Define the elasticsearch
                                     custom port if required
  -f, --fast                         Enumerate only one files permissions per
                                     directory
  -l, --scan-local-shares            Scan the local shares on this machine
  -D, --disable-network-discovery    Disable network discovery
  -n, --network                      Manually add network to scan (multiple
                                     accepted)
  -N, --exclude-network              Exclude a network from scanning (multiple
                                     accepted)
  -h, --host                         Manually add host to scan
  -H, --exclude-host                 Exclude a host from scanning
  -q, --quiet                        Disable unneccessary output
  -S, --exclude-share                Do not scan shares with this name (multiple
                                     accepted)
  -s, --share                        Only scan shares with this name (multiple
                                     accepted)
  -E, --exclude-hidden-shares        Exclude shares ending in $
  -v, --verbose                      Give more output
  -m, --max-network-cidr-size        (Default: 20) Maximum network size to scan
                                     for SMB Hosts
  -A, --dont-enumerate-acls          (Default: false) Skip enumeration of file
                                     ACLs
  -d, --domain                       (Default: ) Domain for connecting to SMB
  -u, --username                     Username for connecting to SMB - mandatory
                                     on linux
  -p, --password                     Password for connecting to SMB - mandatory
                                     on linux
  --help                             Display this help screen.
  --version                          Display version information.
```

<figure><img src="/files/xibVmkshsR45o9YfNT7g" alt=""><figcaption></figcaption></figure>

```
Usage : 
./smbeagle.exe -c output.csv -f <ipaddress>
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://ghoulsec.gitbook.io/Toolbase/network-scanning-enumaration-and-vulnerability-detection-tools/smbeagle.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.