I’ve been working with a few large clients and needed to search a lot of network shares with a standard user account to see if the shares looked dangerous or overly permissive for the user, e.g. an Admin share has full everyone permissions and the user can capture sensitive data. To do this I’ve been using metasploit smb_enumshares and then manually looking through to see which ones were accessible from the list. As you can imagine this can take some time and not be very useful, however over a period of time I have seen some Hyper-V backups on shares that were accessible to users and could be download and back doored for the admin password hash etc.
This is a well worth task. So to cut a long story short I created a python script to do it, basically give it user credentials and a cidr subnet and it will enumerate all shares and files/folders that are available to the given user, Simples.
Usage: python ./shares.py <username> <password> <domain> <hostip> <cidr-rhosts>
Let me know what you think, but i’m sure you will find this extremely useful as I have already. A few dependencies listed below
#pip install https://pypi.python.org/packages/source/p/pysmb/pysmb-1.1.13.tar.gz
#smbconnection.py is another dependancy
Download link: shares.py