Dhruv Ambaliya
nbtscan is a command line tool that finds exposed NETBIOS nameservers, it’s a good first step for finding open shares.
Don't use the version of nbtscan that ships with KALI
Grab nbtscan from the above link and build it from source, this version tends to find more information
Compile nbtscan on KALI
root@kali:~/nbtscan# wget http://www.unixwiz.net/tools/nbtscan-source-1.0.35.tgz
root@kali:~/nbtscan# tar -xvzf nbtscan-source-1.0.35.tgz
root@kali:~/nbtscan# make
root@kali:~/nbtscan# ./nbtscan
nbtscan 1.0.35 - 2008-04-08 - http://www.unixwiz.net/tools/
usage: ./nbtscan [options] target [targets...]
Targets are lists of IP addresses, DNS names, or address
ranges. Ranges can be in /nbits notation ("192.168.12.0/24")
or with a range in the last octet ("192.168.12.64-97")nbtscan Cheat Sheet
| Command | Description |
|---|---|
|
|
Displays the nbtscan version |
|
|
This shows the full NBT resource record responses for each machine scanned, not a one line summary, use this options when scanning a single host |
|
|
Sends output to a file |
|
|
Generate an HTTP header |
|
|
Generate Perl hashref output, which can be loaded into an existing program for easier processing, much easier than parsing text output |
|
|
Enable verbose mode |
|
|
Turns off this inverse name lookup, for hanging resolution |
|
|
This allows specification of a UDP port number to be used as the source in sending a query |
|
|
Include the MAC (aka "Ethernet") addresses in the response, which is already implied by the -f option. |