SMB-V1 Detection Scanner

Server Message Block (SMB) is a protocol used primarily for sharing files, printer services, and communication between computers on a network. The history of SMB is long, so I’ll try to keep this short and to the point. Back in the 1980s and 1990s IBM and Microsoft were working on implementations of SMB to improve and build upon the protocol. Microsoft actually pushed to rename SMB to Common Internet File System (CIFS) and added a bunch of features, such as support for larger files and direct connections over port 445. SMBv1 was deprecated in 2013 and is no longer installed by default on Windows Server 2016. There are a handful of vulnerabilities that exist within SMBv1, most of which allow for remote code execution on the target host. Most of these vulnerabilities have a patch available, but more often than not, SMBv1 can be completely disabled. Unless you have legacy systems in your environment that require SMBv1 (Windows XP) or legacy applications that rely on it, you’ll most likely not affect anything by disabling it across your organization.

An attacker might use the disclosed information to harvest specific security vulnerabilities for the application identified.