smbpentest.py

import argparse
from smb.SMBConnection import SMBConnection as connect
from validate import validate
from colorama import init
from curtime import curtime
import sys

init(autoreset=True)

output_file = None

# Special thanks to: Jonathan Hartley - colorama, Michael Teo - pysmb

def Connect(ip):
    try:
        conn = connect("", "", "", "", domain="", use_ntlm_v2 = True)
        conn.connect(ip, 139)
        print("{}:\u001b[32m Connected.".format(curtime()))
        return conn
    except:
        print("{}:\u001b[31m Unable to connect to {}.".format(curtime(), ip))

def TestAddress(ip):
    print("{}: Testing {}...".format(curtime(), ip))
    isvalid = validate(ip)
    if isvalid:
        print("{}:\u001b[32m IP Address valid!".format(curtime()))
        conn = Connect(ip)
        vulns = []
        if not conn:
            quit()
        try:
            Shares = conn.listShares(timeout=30)
            for Share in Shares: 
                if not Share.isSpecial and Share.name not in ["NETLOGON", "SYSVOL"]:            
                    try:
                        print("{}:  Testing share \"{}\"...".format(curtime(), Share.name))
                        Files = conn.listPath(Share.name, "/", timeout=30)
                        if len(Files) > 0:
                            vulns.append(Share)
                            print("{}:\u001b[32m    File access success!".format(curtime()))
                        else:
                            print("{}:\u001b[31m    Failed to access files.".format(curtime()))
                    except:
                        print("{}:\u001b[31m    Failed to access files.".format(curtime()))
        except:
            print("{}: \u001b[31m  Failed to access shares.".format(curtime())) 
        print("{}:\u001b[32m Testing complete!".format(curtime()))
        if len(vulns) > 0:
            print("\n---------------------------VULNERABLE SHARES---------------------------")  
            for v in vulns:
                print("\u001b[35m  VULN: \\\\{}\\{}".format(ip, v.name))
            if output_file:
                output_file.write("REPORT FOR IP: {}\n---------------------------VULNERABLE SHARES---------------------------\n".format(ip))
                for v in vulns:
                    output_file.write("  VULN: \\\\{}\\{}\n".format(ip, v.name))
                output_file.write("\n")
                output_file.close()
        else:
            print("{}: No vulnerable shares found.".format(curtime()))
    else:
        print("{}: \u001b[31mInvalid IP Address format.".format(curtime()))
        quit()

if __name__ == "__main__":
    try:
        parser = argparse.ArgumentParser(description="Test an IPV4 Address.", formatter_class=argparse.RawDescriptionHelpFormatter)
        parser.add_argument("-ip", metavar="ip address", help="IPV4 Address to test. (Example: 10.10.10.10)")
        parser.add_argument("-o", metavar="file", type=str, help="Output results to a text file document")
        arguments = parser.parse_args()
        if arguments.ip:
            if arguments.o:
                output_file = open(arguments.o, "a")
            TestAddress(arguments.ip)
        else:
            print("{}: Please input an IP Address to test.".format(curtime()))
    except KeyboardInterrupt:
        print("{} Signal Interrupt! Exiting...".format(curtime()), file=sys.stderr)
        sys.exit(0)
    except Exception:
        print("{} Error: {}".format(curtime(), sys.exc_info()[0].__name__))