Skip to content

initial idea for share specific scanning #42

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
FL1GG wants to merge 3 commits into
base: main
Choose a base branch
from
Open

initial idea for share specific scanning #42

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
243f936
initial idea of solution
FL1GG Mar 7, 2025
de0f970
change checking for none per argparse documentation
FL1GG Mar 7, 2025
985136e
update comments
FL1GG Mar 7, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion snaffcore/go_snaffle.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ def begin_snaffle(options):
for target in options.targets:

smb_client = SMBClient(
target, options.username, options.password, options.domain, options.hash)
target, options.username, options.password, options.domain, options.hash, options.shares)
if not smb_client.login():
log.error(f"Unable to login to{target}")
continue
Expand Down
7 changes: 6 additions & 1 deletion snaffcore/smb.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ class SMBClient:
Wrapper around impacket's SMBConnection() object
'''

def __init__(self, server, username, password, domain, nthash):
def __init__(self, server, username, password, domain, nthash, share_names):

self.server = server

Expand All @@ -30,6 +30,7 @@ def __init__(self, server, username, password, domain, nthash):
self.password = password
self.domain = domain
self.nthash = nthash
self.share_names = share_names
if self.nthash:
# means no password, see https://yougottahackthat.com/blog/339/what-is-aad3b435b51404eeaad3b435b51404ee
self.lmhash = 'aad3b435b51404eeaad3b435b51404ee'
Expand All @@ -46,6 +47,10 @@ def shares(self):
remarkname = resp[i]['shi1_remark'][:-1]
# log.info(f'Found share {sharename} on {self.server}, remark {remarkname}')

if(self.share_names != None): # if shares are empty, then scan all shares (otherwise)
if(not sharename in self.share_names.split(",")): # if share is not in our list of shares to scan, skip it
continue

share_text = termcolor.colored("[Share]", 'light_yellow')

print(share_text, termcolor.colored(
Expand Down
2 changes: 2 additions & 0 deletions snaffler.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,8 @@ def parse_arguments():

parser.add_argument("--no-download", action='store_true', help="Don't download files, just print found file names to stdout - this can only show the top level of files from the share and is unable to recurse into subdirectories.")

parser.add_argument("-s", "--shares", action="store_true", help="Comma separated list of shares to scan. ie: hr,document,test")

try:
if len(sys.argv) <= 1:
parser.print_help()
Expand Down