diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..55c0fa6 --- /dev/null +++ b/.gitignore @@ -0,0 +1,403 @@ + +# Created by https://www.toptal.com/developers/gitignore/api/csharp +# Edit at https://www.toptal.com/developers/gitignore?templates=csharp + +### Csharp ### +## Ignore Visual Studio temporary files, build results, and +## files generated by popular Visual Studio add-ons. +## +## Get latest from https://github.com/github/gitignore/blob/main/VisualStudio.gitignore + +# User-specific files +*.rsuser +*.suo +*.user +*.userosscache +*.sln.docstates + +# User-specific files (MonoDevelop/Xamarin Studio) +*.userprefs + +# Mono auto generated files +mono_crash.* + +# Build results +[Dd]ebug/ +[Dd]ebugPublic/ +[Rr]elease/ +[Rr]eleases/ +x64/ +x86/ +[Ww][Ii][Nn]32/ +[Aa][Rr][Mm]/ +[Aa][Rr][Mm]64/ +bld/ +[Bb]in/ +[Oo]bj/ +[Ll]og/ +[Ll]ogs/ + +# Visual Studio 2015/2017 cache/options directory +.vs/ +# Uncomment if you have tasks that create the project's static files in wwwroot +#wwwroot/ + +# Visual Studio 2017 auto generated files +Generated\ Files/ + +# MSTest test Results +[Tt]est[Rr]esult*/ +[Bb]uild[Ll]og.* + +# NUnit +*.VisualState.xml +TestResult.xml +nunit-*.xml + +# Build Results of an ATL Project +[Dd]ebugPS/ +[Rr]eleasePS/ +dlldata.c + +# Benchmark Results +BenchmarkDotNet.Artifacts/ + +# .NET Core +project.lock.json +project.fragment.lock.json +artifacts/ + +# ASP.NET Scaffolding +ScaffoldingReadMe.txt + +# StyleCop +StyleCopReport.xml + +# Files built by Visual Studio +*_i.c +*_p.c +*_h.h +*.ilk +*.meta +*.obj +*.iobj +*.pch +*.pdb +*.ipdb +*.pgc +*.pgd +*.rsp +*.sbr +*.tlb +*.tli +*.tlh +*.tmp +*.tmp_proj +*_wpftmp.csproj +*.log +*.tlog +*.vspscc +*.vssscc +.builds +*.pidb +*.svclog +*.scc + +# Chutzpah Test files +_Chutzpah* + +# Visual C++ cache files +ipch/ +*.aps +*.ncb +*.opendb +*.opensdf +*.sdf +*.cachefile +*.VC.db +*.VC.VC.opendb + +# Visual Studio profiler +*.psess +*.vsp +*.vspx +*.sap + +# Visual Studio Trace Files +*.e2e + +# TFS 2012 Local Workspace +$tf/ + +# Guidance Automation Toolkit +*.gpState + +# ReSharper is a .NET coding add-in +_ReSharper*/ +*.[Rr]e[Ss]harper +*.DotSettings.user + +# TeamCity is a build add-in +_TeamCity* + +# DotCover is a Code Coverage Tool +*.dotCover + +# AxoCover is a Code Coverage Tool +.axoCover/* +!.axoCover/settings.json + +# Coverlet is a free, cross platform Code Coverage Tool +coverage*.json +coverage*.xml +coverage*.info + +# Visual Studio code coverage results +*.coverage +*.coveragexml + +# NCrunch +_NCrunch_* +.*crunch*.local.xml +nCrunchTemp_* + +# MightyMoose +*.mm.* +AutoTest.Net/ + +# Web workbench (sass) +.sass-cache/ + +# Installshield output folder +[Ee]xpress/ + +# DocProject is a documentation generator add-in +DocProject/buildhelp/ +DocProject/Help/*.HxT +DocProject/Help/*.HxC +DocProject/Help/*.hhc +DocProject/Help/*.hhk +DocProject/Help/*.hhp +DocProject/Help/Html2 +DocProject/Help/html + +# Click-Once directory +publish/ + +# Publish Web Output +*.[Pp]ublish.xml +*.azurePubxml +# Note: Comment the next line if you want to checkin your web deploy settings, +# but database connection strings (with potential passwords) will be unencrypted +*.pubxml +*.publishproj + +# Microsoft Azure Web App publish settings. Comment the next line if you want to +# checkin your Azure Web App publish settings, but sensitive information contained +# in these scripts will be unencrypted +PublishScripts/ + +# NuGet Packages +*.nupkg +# NuGet Symbol Packages +*.snupkg +# The packages folder can be ignored because of Package Restore +**/[Pp]ackages/* +# except build/, which is used as an MSBuild target. +!**/[Pp]ackages/build/ +# Uncomment if necessary however generally it will be regenerated when needed +#!**/[Pp]ackages/repositories.config +# NuGet v3's project.json files produces more ignorable files +*.nuget.props +*.nuget.targets + +# Microsoft Azure Build Output +csx/ +*.build.csdef + +# Microsoft Azure Emulator +ecf/ +rcf/ + +# Windows Store app package directories and files +AppPackages/ +BundleArtifacts/ +Package.StoreAssociation.xml +_pkginfo.txt +*.appx +*.appxbundle +*.appxupload + +# Visual Studio cache files +# files ending in .cache can be ignored +*.[Cc]ache +# but keep track of directories ending in .cache +!?*.[Cc]ache/ + +# Others +ClientBin/ +~$* +*~ +*.dbmdl +*.dbproj.schemaview +*.jfm +*.pfx +*.publishsettings +orleans.codegen.cs + +# Including strong name files can present a security risk +# (https://github.com/github/gitignore/pull/2483#issue-259490424) +#*.snk + +# Since there are multiple workflows, uncomment next line to ignore bower_components +# (https://github.com/github/gitignore/pull/1529#issuecomment-104372622) +#bower_components/ + +# RIA/Silverlight projects +Generated_Code/ + +# Backup & report files from converting an old project file +# to a newer Visual Studio version. Backup files are not needed, +# because we have git ;-) +_UpgradeReport_Files/ +Backup*/ +UpgradeLog*.XML +UpgradeLog*.htm +ServiceFabricBackup/ +*.rptproj.bak + +# SQL Server files +*.mdf +*.ldf +*.ndf + +# Business Intelligence projects +*.rdl.data +*.bim.layout +*.bim_*.settings +*.rptproj.rsuser +*- [Bb]ackup.rdl +*- [Bb]ackup ([0-9]).rdl +*- [Bb]ackup ([0-9][0-9]).rdl + +# Microsoft Fakes +FakesAssemblies/ + +# GhostDoc plugin setting file +*.GhostDoc.xml + +# Node.js Tools for Visual Studio +.ntvs_analysis.dat +node_modules/ + +# Visual Studio 6 build log +*.plg + +# Visual Studio 6 workspace options file +*.opt + +# Visual Studio 6 auto-generated workspace file (contains which files were open etc.) +*.vbw + +# Visual Studio 6 auto-generated project file (contains which files were open etc.) +*.vbp + +# Visual Studio 6 workspace and project file (working project files containing files to include in project) +*.dsw +*.dsp + +# Visual Studio 6 technical files + +# Visual Studio LightSwitch build output +**/*.HTMLClient/GeneratedArtifacts +**/*.DesktopClient/GeneratedArtifacts +**/*.DesktopClient/ModelManifest.xml +**/*.Server/GeneratedArtifacts +**/*.Server/ModelManifest.xml +_Pvt_Extensions + +# Paket dependency manager +.paket/paket.exe +paket-files/ + +# FAKE - F# Make +.fake/ + +# CodeRush personal settings +.cr/personal + +# Python Tools for Visual Studio (PTVS) +__pycache__/ +*.pyc + +# Cake - Uncomment if you are using it +# tools/** +# !tools/packages.config + +# Tabs Studio +*.tss + +# Telerik's JustMock configuration file +*.jmconfig + +# BizTalk build output +*.btp.cs +*.btm.cs +*.odx.cs +*.xsd.cs + +# OpenCover UI analysis results +OpenCover/ + +# Azure Stream Analytics local run output +ASALocalRun/ + +# MSBuild Binary and Structured Log +*.binlog + +# NVidia Nsight GPU debugger configuration file +*.nvuser + +# MFractors (Xamarin productivity tool) working folder +.mfractor/ + +# Local History for Visual Studio +.localhistory/ + +# Visual Studio History (VSHistory) files +.vshistory/ + +# BeatPulse healthcheck temp database +healthchecksdb + +# Backup folder for Package Reference Convert tool in Visual Studio 2017 +MigrationBackup/ + +# Ionide (cross platform F# VS Code tools) working folder +.ionide/ + +# Fody - auto-generated XML schema +FodyWeavers.xsd + +# VS Code files for those working on multiple tools +.vscode/* +!.vscode/settings.json +!.vscode/tasks.json +!.vscode/launch.json +!.vscode/extensions.json +*.code-workspace + +# Local History for Visual Studio Code +.history/ + +# Windows Installer files from build outputs +*.cab +*.msi +*.msix +*.msm +*.msp + +# JetBrains Rider +*.sln.iml + +# End of https://www.toptal.com/developers/gitignore/api/csharp diff --git a/README.md b/README.md index e279198..4970a35 100644 --- a/README.md +++ b/README.md @@ -1,14 +1,11 @@ # SharpShares -Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain +Multithreaded C# .NET Assembly to enumerate and spider accessible network shares in a domain or a target list -Built upon [djhohnstein's SharpShares](https://github.com/djhohnstein/SharpShares) project +Stealthy fork of [mitchmoser's SharpShares](https://github.com/mitchmoser/SharpShares) project ``` > .\SharpShares.exe help -Usage: - SharpShares.exe /threads:50 /ldap:servers /ou:"OU=Special Servers,DC=example,DC=local" /filter:SYSVOL,NETLOGON,IPC$,PRINT$ /verbose /outfile:C:\path\to\file.txt - Optional Arguments: /threads - specify maximum number of parallel threads (default=25) /dc - specify domain controller to query (if not ran on a domain-joined host) @@ -26,8 +23,19 @@ Optional Arguments: default: SYSVOL,NETLOGON,IPC$,PRINT$ /outfile - specify file for shares to be appended to instead of printing to std out /verbose - return unauthorized shares + /spider - print a list of all files existing within directories (and subdirectories) in identified shares + /juicy - list of comma-separated tokens to match in spidered files/folders to be reported as juicy + /targets - specify a comma-separated list of target hosts + /sleep - specify the time (in seconds) to sleep after each host is enumerated + /jitter - specify a jitter percentage for the sleeping pattern (0-100) ``` +## New Features +- Sleep/Jitter support +- Share Spidering +- Identification of juicy files/folders/shares (list is configurable) +- Target specification to bypass LDAP enumeration + ## Execute Assembly ``` execute-assembly /path/to/SharpShares.exe /ldap:all /filter:sysvol,netlogon,ipc$,print$ diff --git a/SharpShares/Enums/Shares.cs b/SharpShares/Enums/Shares.cs index 91a23fc..8cfcd95 100644 --- a/SharpShares/Enums/Shares.cs +++ b/SharpShares/Enums/Shares.cs @@ -115,7 +115,59 @@ public static SHARE_INFO_1[] EnumNetShares(string Server) } } - public static void GetComputerShares(string computer, Utilities.Options.Arguments argumetns) + public static bool Juicy(string token, Utilities.Options.Arguments arguments) + { + foreach (string s in arguments.juicy) + { + if(token.ToLower().Contains(s)) + return true; + } + + return false; + } + + public static void Spider(string computer, string share, string appendPath, Utilities.Options.Arguments arguments) + { + string path; + + if (appendPath == "") + path = String.Format("\\\\{0}\\{1}", computer, share); + else + path = appendPath; + + try + { + var files = Directory.GetFiles(path); + + foreach (var file in files) + { + if (Juicy(file, arguments)) + Console.WriteLine(String.Format("[+] Juicy file: {0}", file)); + else + Console.WriteLine(file); + } + } + catch (UnauthorizedAccessException e) {} + catch (Exception e) { Console.WriteLine(e); } + + try + { + var directories = Directory.GetDirectories(path); + + foreach (var dir in directories) + { + if (Juicy(dir, arguments)) + Console.WriteLine(String.Format("[+] Juicy directory: {0}", dir)); + + Spider(computer, share, dir, arguments); + NapTime(arguments); + } + } + catch (UnauthorizedAccessException e) {} + catch (Exception e) { Console.WriteLine(e); } + } + + public static void GetComputerShares(string computer, Utilities.Options.Arguments arguments) { //Error 53 - network path was not found //Error 5 - Access Denied @@ -131,12 +183,12 @@ public static void GetComputerShares(string computer, Utilities.Options.Argument string userSID = identity.User.Value; foreach (SHARE_INFO_1 share in computerShares)// <------------ go to next share -----------+ { // | - if ((argumetns.filter != null) && (argumetns.filter.Contains(share.shi1_netname.ToString().ToUpper()))) // | + if ((arguments.filter != null) && (arguments.filter.Contains(share.shi1_netname.ToString().ToUpper()))) // | { // | continue; // Skip the remainder of this iteration. --------------------------------+ } //share.shi1_netname returns the error code when caught - if (argumetns.stealth && !errors.Contains(share.shi1_netname)) + if (arguments.stealth && !errors.Contains(share.shi1_netname)) { Console.WriteLine("[?] \\\\{0}\\{1}", computer, share.shi1_netname); continue; //do not perform access checks @@ -145,6 +197,7 @@ public static void GetComputerShares(string computer, Utilities.Options.Argument { string path = String.Format("\\\\{0}\\{1}", computer, share.shi1_netname); var files = Directory.GetFiles(path); + readableShares.Add(share.shi1_netname); AuthorizationRuleCollection rules = Directory.GetAccessControl(path).GetAccessRules(true, true, typeof(System.Security.Principal.SecurityIdentifier)); foreach (FileSystemAccessRule rule in rules) @@ -182,11 +235,11 @@ public static void GetComputerShares(string computer, Utilities.Options.Argument foreach (string share in readableShares) { string output = String.Format("[r] \\\\{0}\\{1}", computer, share); - if (!String.IsNullOrEmpty(argumetns.outfile)) + if (!String.IsNullOrEmpty(arguments.outfile)) { try { - WriteToFileThreadSafe(output, argumetns.outfile); + WriteToFileThreadSafe(output, arguments.outfile); } catch (Exception ex) { @@ -198,6 +251,12 @@ public static void GetComputerShares(string computer, Utilities.Options.Argument { Console.WriteLine(output); } + + if (arguments.spider) + { + Spider(computer, share, "", arguments); + NapTime(arguments); + } } } if (writeableShares.Count > 0) @@ -205,11 +264,11 @@ public static void GetComputerShares(string computer, Utilities.Options.Argument foreach (string share in writeableShares) { string output = String.Format("[w] \\\\{0}\\{1}", computer, share); - if (!String.IsNullOrEmpty(argumetns.outfile)) + if (!String.IsNullOrEmpty(arguments.outfile)) { try { - WriteToFileThreadSafe(output, argumetns.outfile); + WriteToFileThreadSafe(output, arguments.outfile); } catch (Exception ex) { @@ -223,16 +282,16 @@ public static void GetComputerShares(string computer, Utilities.Options.Argument } } } - if (argumetns.verbose && unauthorizedShares.Count > 0) + if (arguments.verbose && unauthorizedShares.Count > 0) { foreach (string share in unauthorizedShares) { string output = String.Format("[-] \\\\{0}\\{1}", computer, share); - if (!String.IsNullOrEmpty(argumetns.outfile)) + if (!String.IsNullOrEmpty(arguments.outfile)) { try { - WriteToFileThreadSafe(output, argumetns.outfile); + WriteToFileThreadSafe(output, arguments.outfile); } catch (Exception ex) { @@ -247,7 +306,10 @@ public static void GetComputerShares(string computer, Utilities.Options.Argument } } } + Utilities.Status.currentCount += 1; + + } public static ReaderWriterLockSlim _readWriteLock = new ReaderWriterLockSlim(); @@ -271,17 +333,29 @@ public static void WriteToFileThreadSafe(string text, string path) _readWriteLock.ExitWriteLock(); } } + + public static void NapTime(Utilities.Options.Arguments arguments) + { + int baseSleepTime = arguments.sleep * 1000; + double jitterPercentage = arguments.jitter / 100; + + int minSleepTime = (int)(baseSleepTime - (baseSleepTime * jitterPercentage)); + int maxSleepTime = (int)(baseSleepTime + (baseSleepTime * jitterPercentage)); + + Random random = new Random(); + Thread.Sleep(random.Next(minSleepTime, maxSleepTime)); + } + public static void GetAllShares(List computers, Utilities.Options.Arguments arguments) { Console.WriteLine("[+] Starting share enumeration against {0} hosts\n", computers.Count); - //https://blog.danskingdom.com/limit-the-number-of-c-tasks-that-run-in-parallel/ - var threadList = new List(); + foreach (string computer in computers) { - threadList.Add(() => GetComputerShares(computer, arguments)); + GetComputerShares(computer, arguments); + NapTime(arguments); } - var options = new ParallelOptions { MaxDegreeOfParallelism = arguments.threads }; - Parallel.Invoke(options, threadList.ToArray()); + Console.WriteLine("[+] Finished Enumerating Shares"); } diff --git a/SharpShares/Program.cs b/SharpShares/Program.cs index 3f8883d..1cd64d5 100644 --- a/SharpShares/Program.cs +++ b/SharpShares/Program.cs @@ -18,18 +18,27 @@ static void Main(string[] args) bool success = Utilities.Options.PrintOptions(arguments); if (success) { - if (!String.IsNullOrEmpty(arguments.ldap)) + if (arguments.targets.Count > 0) { - List ldap = Utilities.LDAP.SearchLDAP(arguments); - if (ldap != null) - hosts = hosts.Concat(ldap).ToList(); + System.Console.WriteLine("[*] Target list provided"); + hosts = arguments.targets; } - if (!String.IsNullOrEmpty(arguments.ou)) + else { - List ou = Utilities.LDAP.SearchOU(arguments); - if (ou != null) - hosts = hosts.Concat(ou).ToList(); + if (!String.IsNullOrEmpty(arguments.ldap)) + { + List ldap = Utilities.LDAP.SearchLDAP(arguments); + if (ldap != null) + hosts = hosts.Concat(ldap).ToList(); + } + if (!String.IsNullOrEmpty(arguments.ou)) + { + List ou = Utilities.LDAP.SearchOU(arguments); + if (ou != null) + hosts = hosts.Concat(ou).ToList(); + } } + //remove duplicate hosts hosts = hosts.Distinct().ToList(); Utilities.Status.totalCount = hosts.Count; diff --git a/SharpShares/Properties/AssemblyInfo.cs b/SharpShares/Properties/AssemblyInfo.cs index f9ae036..bae3823 100644 --- a/SharpShares/Properties/AssemblyInfo.cs +++ b/SharpShares/Properties/AssemblyInfo.cs @@ -10,7 +10,7 @@ [assembly: AssemblyConfiguration("")] [assembly: AssemblyCompany("")] [assembly: AssemblyProduct("SharpShares")] -[assembly: AssemblyCopyright("Copyright © 2020")] +[assembly: AssemblyCopyright("Copyright © 2023")] [assembly: AssemblyTrademark("")] [assembly: AssemblyCulture("")] @@ -20,7 +20,7 @@ [assembly: ComVisible(false)] // The following GUID is for the ID of the typelib if this project is exposed to COM -[assembly: Guid("bcbc884d-2d47-4138-b68f-7d425c9291f9")] +[assembly: Guid("bcbc664d-2d47-4138-b78f-7d425c9491f9")] // Version information for an assembly consists of the following four values: // diff --git a/SharpShares/Utilities/Options.cs b/SharpShares/Utilities/Options.cs index bbed146..f755109 100644 --- a/SharpShares/Utilities/Options.cs +++ b/SharpShares/Utilities/Options.cs @@ -22,13 +22,17 @@ public class Arguments public string ldap = null; public string ou = null; public string outfile = null; - public string targets = null; + public List targets = null; + public int sleep = 1; + public int jitter = 5; + public bool spider = false; + public List juicy = new List { "password" }; } public static Dictionary ParseArgs(string[] args) { Dictionary result = new Dictionary(); //these boolean variables aren't passed w/ values. If passed, they are "true" - string[] booleans = new string[] { "/stealth", "/validate", "/verbose" }; + string[] booleans = new string[] { "/stealth", "/validate", "/verbose" , "/spider" }; var argList = new List(); foreach (string arg in args) { @@ -81,7 +85,7 @@ public static Arguments ArgumentValues(Dictionary parsedArgs) } if (parsedArgs.ContainsKey("/targets")) { - arguments.targets = parsedArgs["/targets"][0]; + arguments.targets = parsedArgs["/targets"][0].Split(',').ToList(); } if (parsedArgs.ContainsKey("/threads")) { @@ -95,18 +99,33 @@ public static Arguments ArgumentValues(Dictionary parsedArgs) { arguments.verbose = Convert.ToBoolean(parsedArgs["/verbose"][0]); } + if (parsedArgs.ContainsKey("/spider")) + { + arguments.spider = Convert.ToBoolean(parsedArgs["/spider"][0]); + } + if (parsedArgs.ContainsKey("/juicy")) + { + arguments.juicy = parsedArgs["/juicy"][0].ToLower().Split(',').ToList(); + } + if (parsedArgs.ContainsKey("/sleep")) + { + arguments.sleep = Convert.ToInt32(parsedArgs["/sleep"][0]); + } + if (parsedArgs.ContainsKey("/jitter")) + { + arguments.jitter = Convert.ToInt32(parsedArgs["/jitter"][0]); + } if (parsedArgs.ContainsKey("help")) { Usage(); - //Environment.Exit(0); arguments = null; } // if no ldap or ou filter specified, search all enabled computer objects - if (!(parsedArgs.ContainsKey("/ldap")) && !(parsedArgs.ContainsKey("/ou"))) + if (!parsedArgs.ContainsKey("/ldap") && !parsedArgs.ContainsKey("/ou") && !parsedArgs.ContainsKey("/targets")) { - Console.WriteLine("[!] Must specify hosts using one of the following arguments: /ldap /ou"); + Console.WriteLine("[!] Must specify hosts using one of the following arguments: /ldap /ou /targets"); + PrintOptions(arguments); Utilities.Options.Usage(); - //Environment.Exit(0); arguments = null; } return arguments; @@ -115,7 +134,6 @@ public static bool PrintOptions(Utilities.Options.Arguments arguments) { bool success = true; Console.WriteLine("[+] Parsed Arguments:"); - Console.WriteLine("\tfilter: none"); if (arguments.filter != null) Console.WriteLine($"\tfilter: {String.Join(",", arguments.filter)}"); else @@ -127,6 +145,17 @@ public static bool PrintOptions(Utilities.Options.Arguments arguments) Console.WriteLine($"\tstealth: {arguments.stealth.ToString()}"); Console.WriteLine($"\tthreads: {arguments.threads.ToString()}"); Console.WriteLine($"\tverbose: {arguments.verbose.ToString()}"); + Console.WriteLine($"\tspider: {arguments.spider.ToString()}"); + if (arguments.juicy != null) + Console.WriteLine($"\tjuicy: {String.Join(",", arguments.juicy)}"); + else + Console.WriteLine($"\tjuicy: none"); + if (arguments.targets != null) + Console.WriteLine($"\ttargets: {String.Join(",", arguments.targets)}"); + else + Console.WriteLine($"\ttargets: none"); + Console.WriteLine($"\tsleep: {arguments.sleep.ToString()}"); + Console.WriteLine($"\tjitter: {arguments.jitter.ToString()}"); if (String.IsNullOrEmpty(arguments.outfile)) { Console.WriteLine("\toutfile: none"); @@ -157,20 +186,13 @@ public static bool PrintOptions(Utilities.Options.Arguments arguments) if (arguments.filter != null) { Console.WriteLine("[*] Excluding {0} shares", String.Join(",", arguments.filter)); } if (arguments.verbose) { Console.WriteLine("[*] Including unreadable shares"); } Console.WriteLine("[*] Starting share enumeration with thread limit of {0}", arguments.threads.ToString()); - Console.WriteLine("[r] = Readable Share\n[w] = Writeable Share\n[-] = Unauthorized Share (requires /verbose flag)\n[?] = Unchecked Share (requires /stealth flag)\n"); + Console.WriteLine("[R] = Readable Share\n[W] = Writeable Share\n[-] = Unauthorized Share (requires /verbose flag)\n[?] = Unchecked Share (requires /stealth flag)\n"); return success; } public static void Usage() { string usageString = @" - -█▀ █ █ ▄▀█ █▀█ █▀█ █▀ █ █ ▄▀█ █▀█ █▀▀ █▀ -▄█ █▀█ █▀█ █▀▄ █▀▀ ▄█ █▀█ █▀█ █▀▄ ██▄ ▄█ - -Usage: - SharpShares.exe /threads:50 /ldap:servers /ou:""OU=Special Servers,DC=example,DC=local"" /filter:SYSVOL,NETLOGON,IPC$,PRINT$ /verbose /outfile:C:\path\to\file.txt - Optional Arguments: /threads - specify maximum number of parallel threads (default=25) /dc - specify domain controller to query (if not ran on a domain-joined host) @@ -188,6 +210,11 @@ public static void Usage() default: SYSVOL,NETLOGON,IPC$,PRINT$ /outfile - specify file for shares to be appended to instead of printing to std out /verbose - return unauthorized shares + /spider - print a list of all files existing within directories (and subdirectories) in identified shares + /juicy - list of comma-separated tokens to match in spidered files/folders to be reported as juicy + /targets - specify a comma-separated list of target hosts + /sleep - specify the time (in seconds) to sleep after each host is enumerated + /jitter - specify a jitter percentage for the sleeping pattern (0-100) "; Console.WriteLine(usageString); }