SMBMap is a powerful tool for enumerating SMB (Server Message Block) shares on a network. It helps in identifying accessible shares, their permissions, and their contents. This guide will walk you through using SMBMap to enumerate SMB shares.

How to Install SMBMap

SMBMap is a Python-based tool and can be installed using the pip package manager.

git clone smbmap
cd smbmap
python3 -m pip install -r requirements.txt

SMBMap Features

  • Pass-the-Hash Support
  • File upload/download/delete
  • Permission enumeration (writable share, meet Metasploit)
  • Remote Command Execution
  • Distributed file content searching (beta!)
  • File name matching (with an auto download capability)

SMB Help


[-h] (-H HOST | --host-file FILE) 
[-u USERNAME] [-p PASSWORD | --prompt] 
[-s SHARE]
[-P PORT] [-v] 
[--mode CMDMODE]
[-L | -R [PATH]
-r [PATH]] 
--csv FILE] 
[--dir-only] [--no-write-check] 
[-q] [--depth DEPTH] 
[--exclude SHARE [SHARE ...]] 
[--search-path PATH]
[--search-timeout TIMEOUT] 
[--download PATH] 
[--upload SRC DST] 
[--delete PATH TO FILE] 

Enumerate Remote Samba Service

No Authentication

smbmap -H

With Authentication

smbmap -H -u "admin" -p "admin"

Null Session

smbmap -H -u "" -p ""

SMBMap Managing Files



Remote Command Execution

smbmap -H -u "admin" -p "admin" -x whoami
smbmap -H -u "admin" -p "admin" -x 'POWERSHELL Reverse SHELL'

Search Files on Remote Share

smbmap --host-file ~/Desktop/smb-workstation-sml.txt 
-u NopSec 
-p 'NopSec1234!' 
-d widgetworld 
-F '[1-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9][0-9][0-9]'

Categorized in:

Penetration Testing Tools,

Last Update: November 6, 2023

Tagged in: