Windows SMB Shares Enumeration Scanner
You can scan your Windows system by using this tool.
Can be used by
Scan only one
Windows SMB Shares Enumeration Scanner Detail
Attempts to list shares using the
srvsvc.NetShareEnumAll MSRPC function and retrieve more information about them using
srvsvc.NetShareGetInfo. If access to those functions is denied, a list of common share names are checked.
Finding open shares is useful to a penetration tester because there may be private files shared, or, if it's writable, it could be a good place to drop a Trojan or to infect a file that's already there. Knowing where the share is could make those kinds of tests more useful, except that determining where the share is requires administrative privileges already.
NetShareEnumAll will work anonymously against Windows 2000, and requires a user-level account on any other Windows version. Calling
NetShareGetInfo requires an administrator account on all versions of Windows up to 2003, as well as Windows Vista and Windows 7, if UAC is turned down.
NetShareEnumAll is restricted, attempting to connect to a share will always reveal its existence. So, if
NetShareEnumAll fails, a pre-generated list of shares, based on a large test network, are used. If any of those succeed, they are recorded.
After a list of shares is found, the script attempts to connect to each of them anonymously, which divides them into "anonymous", for shares that the NULL user can connect to, or "restricted", for shares that require a user account.