-
-
Save nikallass/40f3215e6294e94cde78ca60dbe07394 to your computer and use it in GitHub Desktop.
#!/bin/bash | |
if [ $# -eq 0 ] | |
then | |
echo $'Usage:\n\tcheck-smb-v3.11.sh TARGET_IP_or_CIDR' | |
exit 1 | |
fi | |
echo "Checking if there's SMB v3.11 in" $1 "..." | |
nmap -p445 --script smb-protocols -Pn -n $1 | grep -P '\d+\.\d+\.\d+\.\d+|^\|.\s+3.11' | tr '\n' ' ' | replace 'Nmap scan report for' '@' | tr "@" "\n" | grep 3.11 | tr '|' ' ' | tr '_' ' ' | grep -oP '\d+\.\d+\.\d+\.\d+' | |
if [[ $? != 0 ]]; then | |
echo "There's no SMB v3.11" | |
fi |
I got some bugs and I fixed the script as following:
#!/bin/bash
if [ $# -eq 0 ]
then
echo $'Usage:\n\tcheck-smb-v3.11.sh TARGET_IP_or_CIDR {Target Specification - Nmap}'
exit 1
fi
echo "Checking if there's SMB v3.11 in" $1 "..."
nmap -p445 --script smb-protocols -Pn -n $1 | grep -P '\d+\.\d+\.\d+\.\d+|^\|.\s+3.11' | tr '\n' ' ' | tr 'Nmap scan report for' '@' | tr "@" "\n" | tr '|' ' ' | tr '_' ' ' | grep -oP '\d+\.\d+\.\d+\.\d+'
if [[ $? != 0 ]]; then
echo "There's no SMB v3.11"
fi
awesome, thank you so much!
#!/bin/bash if [ $# -eq 0 ] then echo $'Usage:\n\tcheck-smb-v3.11.sh TARGET_IP_or_CIDR {Target Specification - Nmap}' exit 1 fi echo "Checking if there's SMB v3.11 in" $1 "..." nmap -p445 --script smb-protocols -Pn -n $1 | grep -P '\d+\.\d+\.\d+\.\d+|^\|.\s+3.11' | tr '\n' ' ' | tr 'Nmap scan report for' '@' | tr "@" "\n" | tr '|' ' ' | tr '_' ' ' | grep -oP '\d+\.\d+\.\d+\.\d+' if [[ $? != 0 ]]; then echo "There's no SMB v3.11" fi
My script outputs only vulnerable hosts. You messed non-vulnerable hosts with vulnerable. So | grep 3.11
is not a bug, it's a feature.
#!/bin/bash if [ $# -eq 0 ] then echo $'Usage:\n\tcheck-smb-v3.11.sh TARGET_IP_or_CIDR {Target Specification - Nmap}' exit 1 fi echo "Checking if there's SMB v3.11 in" $1 "..." nmap -p445 --script smb-protocols -Pn -n $1 | grep -P '\d+\.\d+\.\d+\.\d+|^\|.\s+3.11' | tr '\n' ' ' | tr 'Nmap scan report for' '@' | tr "@" "\n" | tr '|' ' ' | tr '_' ' ' | grep -oP '\d+\.\d+\.\d+\.\d+' if [[ $? != 0 ]]; then echo "There's no SMB v3.11" fiMy script outputs only vulnerable hosts. You messed non-vulnerable hosts with vulnerable. So
| grep 3.11
is not a bug, it's a feature.
Thanks @nikallass, your new version works well (Tested on Ubuntu 18.04 & Debian 10 with nmap 7.6)! After reviewing each pipe, I found out that the original one used "replace" command which was not installed in my machine. Please update this
replace 'Nmap scan report for' '@'
to (new version fixed)
tr 'Nmap scan report for' '@'
Hi, apparently reports IP also if there is no 3.11 (only 3.0)
I think this would be more clear, with less piping.
nmap -p445 --script smb-protocols -Pn -n $1 | awk -v ORS='' -e '/([0-9]{1,3}\.){3}[0-9]{1,3}/ {print "\n"$0" "} /^\|.[[:space:]]+3.11/ {print $2}' | grep -F " 3.11" | grep -oP '(\d{1,3}\.){3}\d{1,3}'
https://github.com/ollypwn/SMBGhost
We now can use this.
It is more accurate and less shitty-coded than this gist :)
Another option for nmap: https://github.com/pr4jwal/CVE-2020-0796
@nikallass @freb @goncalor @tuantmb getting error
socket_bindtodevice: Protocol not available Problem binding to interface , errno: 92
ok