#!/bin/bash
# Simple Script to Test SMB vulnerable test cases

if [ $# -eq 0 ]
        then
                echo "Usage: $0 <IP>"
                echo "Example: $0 10.10.10.10"
                echo "for ease of access, create a symbolic link or copy the file into /usr/local/bin/smbenum.sh"
                exit
        else
                "$1"
fi

green=`tput setaf 2`
reset=`tput sgr0`

echo -e "\n${green}########## Starting SMB Enumeration  ########## ${reset} \n"
nmap --script smb-os-discovery,smb-enum-shares,smb-protocols,smb-enum-users.nse  $1 -Pn -sV -p 445

echo -e "\n${green}########## Starting SMB Vuln Scan ##########${reset}\n"
nmap --script smb-vuln* $1 -Pn -sV -p 445

echo -e "\n${green}########## Enumerating Shares via UDP/TCP  ########## ${reset}\n"
nmap -sU -sS --script smb-enum-shares.nse -p U:137,T:139 $1

echo -e "\n${green}########## Enumerating SMB Groups ##########${reset}\n"
nmap -Pn -T4 -sS -p139,445 --script=smb-enum-groups $1

echo -e "\n${green}########## Testing  Null Session Access ##########${reset}\n"
smbclient -N -L \\\\$1\\

echo -e "\n${green}########## Testing SMB Empty Creds  ##########${reset}\n"
smbclient -U "%" -L \\\\$1\\

echo -e "\n${green}########## Testing SMB Guest Access ##########${reset}\n"
smbclient -U "Guest%" \\\\$1\\

echo -e "\n${green}########## Testing RPCClient Null Session ##########${reset}\n"
rpcclient -N $1

echo -e "\n${green}########## Testing RPC Guest Access  ##########${reset}\n"
rpcclient -U "Guest%" $1

echo -e "\n${green}########## Testing Empty User Login  ##########${reset}\n"
rpcclient -U "%" $1