FindUncommonShares

PowerView's Invoke-ShareFinder.ps1 has an analogue in the Python script FindUncommonShares. It makes it easier to quickly find unusual shares in sizable Windows Active Directory domains. The script uses multithreaded connections to effectively find SMB shares and is made to work with low privileges using a domain user account.

The FindUncommonShares script is a Python tool that serves as a counterpart to PowerView's Invoke-ShareFinder.ps1. It simplifies the rapid identification of unusual or uncommon shares within extensive Windows Active Directory Domains. The script is engineered to function with low privileges, utilizing a domain user account, and it employs multithreaded connections to efficiently locate SMB shares.

Installation

The script is provided as a standalone Python script and does not require a formal installation process. However, it relies on external libraries, and the necessary dependencies can be installed using therequirements.txt file. Users can execute the following command to install the dependencies:

 

How to Use

The script offers various command-line options to customize its behavior. Some notable features include:

  • -u USER and -p PASSWORD to specify the domain user account and its password.
  • --dc-ip to specify the IP address of the domain controller or KDC.
  • --writable to list shares where the current user has WRITE access.
  • --export-xlsx, --export-json, and --export-sqlite to export results in different formats.
  • --check-user-access to verify if the current user can access a share.

Command examples

List all shares where your current user has WRITE access:

 

Export a list of shares in the domain to an Excel file:

 

List all shares with access rights for your current user:

 

For a comprehensive list of options, users can refer to the help message using:

 

Additional Information

The script allows for flexible result consumption by producing results in many forms such as JSON, XLSX, and SQLITE3.No matter how big or small the domain is, it can traverse across LDAP result pages to get details about each machine.The script's fast architecture makes it especially helpful for security assessments that aim to pinpoint security threats related to SMB shares in an Active Directory setting.

Table of Contents: