search for SMB version detection:
use auxiliary/scanner/smb/smb_version
info about parameters of module:
set options: setting up options that we need to launch the module:
set RHOSTS <target>
run: run the module:
nmap -p445 --script smb-protocols <target>
nmap -p139 --script smb-protocols <target>
search for SMB version detection:
use auxiliary/scanner/smb/smb_version
info about parameters of module:
set options: setting up options that we need to launch the module:
set RHOSTS <target>
run: run the module:
nmap -sC -p 139,445 -sV <target>
Enumerate shares using a valid username:
crackmapexec smb <target IP> -u <user> -p '' --shares
-u: can be “guest” or “anonymous” or ‘’
Enumerate shares using empty password:
crackmapexec smb -u users.txt -p '' --continue-on-success <domain.local>