nbtscan Cheat Sheet

nbtscan is a command line tool that finds exposed NETBIOS nameservers, it’s a good first step for finding open shares.

Don’t use the version of nbtscan that ships with KALI

Grab nbtscan from the above link and build it from source, this version tends to find more information

Compile nbtscan on KALI

root@kali:~/nbtscan# wget http://www.unixwiz.net/tools/nbtscan-source-1.0.35.tgz
root@kali:~/nbtscan# tar -xvzf nbtscan-source-1.0.35.tgz
root@kali:~/nbtscan# make
root@kali:~/nbtscan# ./nbtscan
nbtscan 1.0.35 - 2008-04-08 - http://www.unixwiz.net/tools/

usage: ./nbtscan [options] target [targets...]

   Targets are lists of IP addresses, DNS names, or address
   ranges. Ranges can be in /nbits notation ("")
   or with a range in the last octet ("")

nbtscan Cheat Sheet

Command Description
nbtscan -v Displays the nbtscan version
nbtscan -f target(s) This shows the full NBT resource record responses for each machine scanned, not a one line summary, use this options when scanning a single host
nbtscan -O file-name.txt target(s) Sends output to a file
nbtscan -H Generate an HTTP header
nbtscan -P Generate Perl hashref output, which can be loaded into an existing program for easier processing, much easier than parsing text output
nbtscan -V Enable verbose mode
nbtscan -n Turns off this inverse name lookup, for hanging resolution
nbtscan -p PORT target(s) This allows specification of a UDP port number to be used as the source in sending a query
nbtscan -m Include the MAC (aka “Ethernet”) addresses in the response, which is already implied by the -f option.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


IT Security Research and Services


About assembler and stuff

Astr0baby's not so random thoughts _____ rand() % 100;

ψυχῆς ἰατρεῖον "Hospital of the soul"

Penetration Testing Academy

Education and Advice for Rookies

P.M.C.S.P. Blog

Articles about Physics, Math, Computer Security & Programming and more

Chimera | Security


%d bloggers like this: