Unspecific.com

nbtscan.pl

If you want information about new releases mailed to you,
or have any suggestions, please contact me.
Latest Version is: 0.4

Description

Written by: MadHat at Unspecific.com
This is a simple script that uses Marconi to scan a range of hosts for their NetBIOS name and MAC address. UDP port 137 must be open for it to work.

Features

Simple NetBIOS scanning useing Perl

BUGS

Send your bugs to Bugs at Unspecific.com

Marconi doesn't always return the User logged in correctly. This is because of the lack of info in the NBTSTAT packet.

ToDo

Added forking to scan faster. Easy, just need to add the code.

Requirements

Perl >= 5.6
Marconi Just download to same directory you are running nbtscan.pl from

Download

nbtscan.pl v0.4 - the script itself

Output

$ ./nbtscan.pl -v 192.168.10.172/24
NBTScan v0.3 by MadHat (at) Unpsecific.com
scanning 192.168.10.172/24
IP Address       Host Name        Mac Address         User           Domain
-------------------------------------------------------------------------------
192.168.10.19    DODO             00-08-00-00-00-bc   MADHAT         WONDERLAND
192.168.10.20    MADHAT           00-b0-00-00-00-41   MADHAT         WONDERLAND
192.168.10.23    ALICE            00-b0-00-00-00-04   ALICE          WONDERLAND
192.168.10.25    JABERWOCKY       00-b0-00-00-00-7c   ADMINISTRATOR  WONDERLAND
192.168.10.27    HUMPTY           00-b0-00-00-00-df   HUMPTY         WONDERLAND
192.168.10.31    DUM              00-02-00-00-00-82                  WONDERLAND
192.168.10.32    DEE              00-b0-00-00-00-f8                  WONDERLAND
192.168.10.33    DINAH            00-b0-00-00-00-6b   DINAH          WONDERLAND
192.168.10.36    WHITENIGHT       00-b0-00-00-00-32   ADMINISTRATOR  WONDERLAND
192.168.10.40    REDQUEEN         00-b0-00-00-00-19   REDQUEEN       WONDERLAND



$ ./nbtscan.pl -v 192.168.1.172
NBTScan v0.3 by MadHat (at) Unpsecific.com
scanning 192.168.1.172
IP Address       Name              Group       Type
-----------------------------------------------------------------------------
192.168.1.172    ISS-SCANNER       UNIQUE      Workstation/Redirector
192.168.1.172    WONDERLAND        GROUP       Domain Name
192.168.1.172    ISS-SCANNER       UNIQUE      Messenger Service
192.168.1.172    ISS-SCANNER       UNIQUE      Server Service
192.168.1.172    WONDERLAND        GROUP       Browser Election Service
192.168.1.172    INet~Services     GROUP       Domain Controler
192.168.1.172    IS~ISS-SCANNER    UNIQUE      Workstation/Redirector
192.168.1.172    MADHAT            UNIQUE      Messenger Service
MAC Address: 00-b0-d0-00-22-63

Usage (output from ./http-scan.pl -h)

$ ./nbtscan.pl
NBTScan v0.1 by MadHat (at) Unpsecific.com
Usage:
./nbtscan.pl [-v] [-t <sec>] <ip_range>

    <ip_range>   Range of IPs you want to scan.  Supported formats listed below
    -t <sec>     Timeout for each host waiting for a response
    -v  Verbose  Add moe info about what is going on

    a.b.c.d/n       - 10.0.0.1/25
    a.b.c.*         - 10.0.0.*
    a.b.c.d/w.x.y.z - 10.0.0.0/255.255.224.0 (standard format)
    a.b.c.d/w.x.y.z - 10.0.0.0/0.0.16.255    (cisco format)
    a.b.c.d-z       - 10.1.2.0-12
    a.b.c-x.*       - 10.0.0-3.*
    a.b.c-x.d       - 10.0.0-3.0
    hostname        - unspecific.com
    hostname[1-3]   - host[1-3].unspecific.com

Goals

Change Log

0.4
- Added -V to allow for Verbose ouput of all data returned when scanning a subnet.
0.3
- Rewrote how Marconi was doing NBTScans and fixed this to support the added features of including the username, domain and other items.
0.2
- Fixed a few error in the way the scans were being precessed
0.1
- Created the damn thing