NBTScan is a command-line tool that scans for open NETBIOS nameservers on a local or remote TCP/IP network, and this is a first step in finding of open shares. It is based on the functionality of the standard Windows tool nbtstat, but it operates on a range of addresses instead of just one.  Additional information about NBTScan may be found on the developer's website at http://www.unixwiz.net/tools/nbtscan.html

​The following custom script may be used to run NBTScan against a target range.

Steps for use:

  1. Login to Pwn Pulse, select Scripts from the main drop-down menu.
  2. Select Add a script, provide an indicative name for example Custom - NBTScan and select Bash.
  3. In the scripting window, type the following lines and click the Save button.

    #!/bin/bash
    nbtscan -s : {{target_range}}
  4. Next, select Tasks from the main drop-down menu, then select Add a task.
  5. On the New Task page, provide an indicative name for the task for example Run NBTScan, select the newly created script from the "Script" drop-down menu, specify a target range (in other words 192.168.1.0/24) for the target_range variable.  
  6. For the Add to parameter, choose to run the task specific to a single sensor selected from the drop-down menu, or to a group of sensors.  
  7. Next, select a Start Time and choose a Frequency how often the task should be run (***).  Afterward, click the Save button.
  8. After the task has completed and assuming the targets were accessible at the time the task was run, the results of the task may be viewed by returning to the Tasks page, then selecting the Results button.

​​​​Provided below are examples of what the Results of the task may look like:

192.168.111.83:NPI06FFDF ::<unknown>:00:00:00:00:00:00
​192.168.111.125:MACBOOKPRO-71c2::<unknown>:0c:4d:e9:bb:71:c2

10.0.0.20:READYSHARE     :<server>:MYWIFIEXT      :00:00:00:00:00:00
10.0.0.17:MYBOOKLIVE     :<server>:MYBOOKLIVE     :00:00:00:00:00:00
10.0.0.70:WIN7PRO-OFFICE :<server>:<unknown>:d8:61:62:07:a4:fa