gwen001
commented
1 year ago Issue correctly handled, tool is waiting for human validation.
Closed gwen001 closed 1 year ago
gwen001
commented
1 year ago Issue correctly handled, tool is waiting for human validation.
gwen001
commented
1 year ago Tool has been accepted by the team: https://offsec.tools/tool/smbeagle
Thank you for your contribution!
[homepage]https://github.com/punk-security/smbeagle[/homepage] [tags]samba,network,shares[/tags] [short_descr]Fileshare auditing tool.[/short_descr] [long_descr]SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host, or both!?
SMBeagle tries to make use of the win32 APIs for maximum speed, but fails back to a slower ACL check.
It has 2 awesome use cases:
Cast a spotlight on weak share permissions: Businesses of all sizes often have file shares with awful file permissions. Large businesses have sprawling shares on file servers and its not uncommon to find sensitive data with misconfigured permissions. Small businesses often have a small NAS in the corner of the office with no restrictions at all! SMBeagle crawls these shares and lists out all the files it can read and write. If it can read them, so can ransomware.
Lateral movement and privilege escalation: SMBeagle can provide penetration testers with the less obvious routes to escalate privileges and move laterally. By outputting directly into elasticsearch, testers can quickly find readable scripts and writeable executables. Finding watering hole attacks and unprotected passwords never felt so easy![/long_descr] [image]https://raw.githubusercontent.com/gwen001/offsectools_www/main/a5ccf94e55c7dc05cf794b64cc1cef97.png[/image]