I need to enumerate the open shares in my network. I am using smbmap for that:

$ smbmap -u USERNAME -p PASSWORD -d DOMAIN -H 172.25.200.79
IP: 172.25.200.79:445       Name: [HOSTNAME]
        Disk                                                    Permissions     Comment
        ----                                                    -----------     -------
        AddIn                                                   READ ONLY
        ADMIN$                                                  NO ACCESS       Remote Admin
        Analytics_50428579-ac51-4350-8831-28b8447f5e30          NO ACCESS
        C$                                                      NO ACCESS       Default share
        D$                                                      NO ACCESS       Default share
        DDFGenerator                                            READ, WRITE
        IPC$                                                    READ ONLY       Remote IPC
        New folder                                              READ ONLY
        print$                                                  READ ONLY       Printer Drivers
        Share                                                   READ ONLY

I need to:

• remove the column "Comment"
• add a new column in the beginning as "HOSTNAME"
• keep only the rows which have permissions as "READ, WRITE" or "READ ONLY" (removing the rows containing "NO ACCESS").
• have the command in a script to iterate over a range of IPs. The output should not print the IPs for which there is no valid row.

How do I do that using either awk or sed?

So far I have tried something like as below:

#!/bin/bash

for ip in {0..254}; do
    target="172.25.200.$ip"
    echo "scanning target.."
    smbmap -u [USERNAME] -p [PASSWORD] -d [DOMAIN] -H "$target" | awk '/NO ACCESS/{ next;} ; { print }'
done

The output I am getting:

scanning target..
[\] Working on it...
[+] IP: 172.25.200.78:445   Name: [HOSTNAME]                          
[|] Working on it...
[/] Working on it...
[-] Working on it...
[\] Working on it...
[|] Working on it...
[/] Working on it...
[-] Working on it...
                                
    Disk                                                    Permissions Comment
    ----                                                    ----------- -------
    IPC$                                                READ ONLY   Remote IPC
scanning target..
[\] Working on it...
[+] IP: 172.25.200.79:445   Name: [HOSTNAME]                        
[|] Working on it...
[/] Working on it...
[-] Working on it...
[\] Working on it...
[|] Working on it...
[/] Working on it...
[-] Working on it...
                                
    Disk                                                    Permissions Comment
    ----                                                    ----------- -------
    AddIn                                               READ ONLY   
    DDFGenerator                                        READ, WRITE 
    IPC$                                                READ ONLY   Remote IPC
    New folder                                          READ ONLY   
    print$                                              READ ONLY   Printer Drivers
    Share                                               READ ONLY   
    share2                                              READ, WRITE ashish.javiya
    Temp                                                READ ONLY   
    Version'24                                          READ ONLY       

The output I need:

HOSTNAME       DISK            Permissions 
[HOSTNAME]     DDFGenerator    READ, WRITE
[HOSTNAME]     AddIn           READ ONLY
[HOSTNAME]     New folder      READ ONLY
[HOSTNAME]     Share           READ ONLY
[HOSTNAME]     Temp            READ ONLY

How to not print the status messages (scanning target.., Working on it...) in the output file?

please note there is no --quiet or --no-status option available for my version of smbmap.

I need to enumerate the open shares in my network. I am using smbmap for that:

$ smbmap -u USERNAME -p PASSWORD -d DOMAIN -H 172.25.200.79
IP: 172.25.200.79:445       Name: [HOSTNAME]
        Disk                                                    Permissions     Comment
        ----                                                    -----------     -------
        AddIn                                                   READ ONLY
        ADMIN$                                                  NO ACCESS       Remote Admin
        Analytics_50428579-ac51-4350-8831-28b8447f5e30          NO ACCESS
        C$                                                      NO ACCESS       Default share
        D$                                                      NO ACCESS       Default share
        DDFGenerator                                            READ, WRITE
        IPC$                                                    READ ONLY       Remote IPC
        New folder                                              READ ONLY
        print$                                                  READ ONLY       Printer Drivers
        Share                                                   READ ONLY

I need to:

• remove the column "Comment"
• add a new column in the beginning as "HOSTNAME"
• keep only the rows which have permissions as "READ, WRITE" or "READ ONLY" (removing the rows containing "NO ACCESS").
• have the command in a script to iterate over a range of IPs. The output should not print the IPs for which there is no valid row.

How do I do that using either awk or sed?

So far I have tried something like as below:

#!/bin/bash

for ip in {0..254}; do
    target="172.25.200.$ip"
    echo "scanning target.."
    smbmap -u [USERNAME] -p [PASSWORD] -d [DOMAIN] -H "$target" | awk '/NO ACCESS/{ next;} ; { print }'
done

The output I am getting:

scanning target..
[\] Working on it...
[+] IP: 172.25.200.78:445   Name: [HOSTNAME]                          
[|] Working on it...
[/] Working on it...
[-] Working on it...
[\] Working on it...
[|] Working on it...
[/] Working on it...
[-] Working on it...
                                
    Disk                                                    Permissions Comment
    ----                                                    ----------- -------
    IPC$                                                READ ONLY   Remote IPC
scanning target..
[\] Working on it...
[+] IP: 172.25.200.79:445   Name: [HOSTNAME]                        
[|] Working on it...
[/] Working on it...
[-] Working on it...
[\] Working on it...
[|] Working on it...
[/] Working on it...
[-] Working on it...
                                
    Disk                                                    Permissions Comment
    ----                                                    ----------- -------
    AddIn                                               READ ONLY   
    DDFGenerator                                        READ, WRITE 
    IPC$                                                READ ONLY   Remote IPC
    New folder                                          READ ONLY   
    print$                                              READ ONLY   Printer Drivers
    Share                                               READ ONLY   
    share2                                              READ, WRITE ashish.javiya
    Temp                                                READ ONLY   
    Version'24                                          READ ONLY       

The output I need:

HOSTNAME       DISK            Permissions 
[HOSTNAME]     DDFGenerator    READ, WRITE
[HOSTNAME]     AddIn           READ ONLY
[HOSTNAME]     New folder      READ ONLY
[HOSTNAME]     Share           READ ONLY
[HOSTNAME]     Temp            READ ONLY

How to not print the status messages (scanning target.., Working on it...) in the output file?

please note there is no --quiet or --no-status option available for my version of smbmap.

• linux
• bash
• shell
• awk
• sed

• 1 | grep is useless, use awk for this: awk -F\ '/NO ACCESS/{next};{ ... }' – F. Hauri - Give Up GitHub Commented Feb 28 at 7:44
• 3 What's "the desired output"??? – F. Hauri - Give Up GitHub Commented Feb 28 at 7:46
• 5 Please edit your question and add the desired output for the input you show. Please also explain what is the column separator in your input (spaces, tabs?) And do this by editing your question, not in comments. – Renaud Pacalet Commented Feb 28 at 8:13
• 1 Don't answer to me as comment! Please edit your question as @RenaudPacalet already asked for: Add details, more explanation about your initial goal, avoid XY Problem – F. Hauri - Give Up GitHub Commented Feb 28 at 8:41
• 1 smbmap --csv is the best option to create a parseable output: --csv FILE Output to a CSV file, ex --csv shares.csv – LMC Commented Feb 28 at 13:10

3 Answers 3

Here's a GNU awk + GNU column solution:

$ cat tst.sh
#!/usr/bin/env bash

awk -v OFS='\t' \
    -v ips='172.25.200.79;1.2.3.4' \
    -v perms='READ, WRITE;READ ONLY' \
'
    BEGIN {
        split(ips, tmp, ";"); for (i in tmp) tgtIps[tmp[i]]
        split(perms, tmp, ";"); for (i in tmp) tgtPerms[tmp[i]]
        print "HOSTNAME", "DISK", "Permissions"
    }
    { gsub(OFS, " ") }
    match($0, /^IP: *([^:]+).*Name: *(.*\S)/, a) {
        ip = a[1]
        host = a[2]
        FIELDWIDTHS = ""
        next
    }
    match($0, /^(\s*-+\s+)(-+\s+)(-+\s*)$/, a) {
        FIELDWIDTHS = "*"
        for ( i=2; i>=1; i-- ) {
            FIELDWIDTHS = a[i,"length"] " " FIELDWIDTHS
        }
        next
    }
    FIELDWIDTHS != "" {
        disk = gensub(/^\s+|\s+$/, "", "g", $1)
        perm = gensub(/^\s+|\s+$/, "", "g", $2)
        if ( (ip in tgtIps) && (perm in tgtPerms) ) {
            print host, disk, perm
        }
    }
' "${@:--}" | column -s$'\t' -t

$ smbmap ... | ./tst.sh
HOSTNAME    DISK          Permissions
[HOSTNAME]  AddIn         READ ONLY
[HOSTNAME]  DDFGenerator  READ, WRITE
[HOSTNAME]  IPC$          READ ONLY
[HOSTNAME]  New folder    READ ONLY
[HOSTNAME]  print$        READ ONLY
[HOSTNAME]  Share         READ ONLY

Here is the script which gives the output in the desired format

'''

#!/bin/bash


# Output CSV file
OUTPUT_FILE="open_shares.csv"

# Write CSV header
echo "Hostname,IP,Share" > "$OUTPUT_FILE"





    # Iterate over the IP range
    for ip in {75..79}; do
        target="172.25.200.$ip"
        echo "Scanning $target"

        # Resolve hostname for the current IP
        hostname=$(dig -x "$target" +short)

        # Run smbmap on the current IP and capture the output
        shares=$(smbmap -u M116777 -p "w7FryHExOZW23WX" -d genmills -H "$target"  | awk '/READ|WRITE/ {print $1}')

        # If shares are found, append them to the CSV file
        if [ -n "$shares" ]; then
            echo "$shares" | while read -r share; do
                echo "$hostname,$target,$share" >> "$OUTPUT_FILE"
            done
        fi

        # Optional: Add a delay to avoid overwhelming the network
        sleep 1
    done


echo "Scan completed. Results saved to $OUTPUT_FILE."

'''

You may do this efficiently with Raku/Sparrow:

# collect blocks with different IPs/Hostnames
between: { "scanning target." } { "end of" }
  regexp: "Name:" .* "[" (\S+) "]"
end:

code: <<RAKU
!raku
my @blocks;
for captures()<> -> $block {
   @blocks.push: %( name => $block[0] )
}
update_state( %( blocks => [@blocks] ) );
RAKU

# collect disks
between: { "scanning target." } { "end of" }
  # disk, permission
  regexp: ^^ \s+ (.*?) \t* ( [ "READ," \s+ "WRITE"  || "READ" \s+ "ONLY" ] )
end:

code: <<RAKU
!raku

my @blocks = get_state()<blocks><> || [];
my $i = 0;

for streams_array()<> -> $block {
   @blocks[$i]<disks> = [];
   for $block<> -> $disk {
      @blocks[$i]<disks>.push: %( name => $disk[0], perm => $disk[1]);
   }
   $i++;
}

say "HOSTNAME\tDISK\tPERMISSION";
for @blocks -> $block {
   for $block<disks><> -> $disk {
      say "[{$block<name>}]\t{$disk<name>}\t{$disk<perm>}";
   }
}
RAKU

The only bit which is left you need to add "end of scanning target" after every smbmap command in the main script producing input data