#!/usr/bin/perl -w
#Sharefinder
#Written by David Britten
#This program comes without any warranty

$verbose = 0;
$quiet = 0;
$ippat = "";
$scan = 0;
$broadcast = 0;
&getOpts;

if ($broadcast) {
	print "Broadcasting request\n" if (!$quiet);
	chomp(@lines = `nmblookup '*'`);
} elsif ($scan) {
	print "Scanning range $ippat\n" if (!$quiet);
	chomp(@lines = `nmap -sT -n -p 139 '$ippat'`);
	foreach $line (@lines) {
		if ($line=~/^Interesting ports on  \((.*)\):/) {
			push @hosts,$1;
			print "$1 might be open\n" if ($verbose);
		}
	}
} else {
	&printUsage;
	exit 0;
}

%smbnames = (); #Holds (ip, netbios name) pairs

foreach $line (@lines) {
	if ($line=~s/\s\*\<00\>//) {
		print "Reply from netbios station at $line\n" if ($verbose);
		push @hosts,$line;
	}
}

print "Querying netbios stations\n" if (!$quiet);
foreach $host (@hosts) {
	chomp(@lines = `nmblookup -A $host`);
	foreach $line (@lines) {
		if ($line=~/^\s*(\S*)\s*\<20\>.*/) {
			print "$1 at station $host has sharing enabled\n" if ($verbose);
			$smbnames{$host} = $1;
		}
	}
}

while (($ip, $name) = each %smbnames) {
	print "$ip - $name\n";
	chomp(@lines = `smbclient -L $name -I $ip -N`);
	while (!(($line = shift @lines)=~/Sharename/) && @lines > 0) { } #Look for the desired table
	shift @lines; #Dump the table header border
	while (($line = shift @lines) ne "" && $line) {
		if ($line=~/^\s*(.{1,12})\s*(Disk|Printer|IPC).+$/) { #Share name length capped at 12
			$share = $1;
			$type = $2;
			print "\t$type\t\t$share\n";
		} elsif ($line=~/Error returning browse list/) {
			print "  No Public Shares\n" if ($verbose);
		} else {
			print "  ** Unknown resource:\n  $line\n" if ($verbose);
		}
	}
}

sub getOpts {
	foreach $arg (@ARGV) {
		if ($arg eq "-v") {
			$verbose = 1;
		} elsif ($arg eq "-q") {
			$quiet = 1;
		} elsif ($arg=~/\./) { #Looks like an address pattern; keep if for nmap
			$ippat = $arg;
			$scan = 1;
			$broadcast = 0;
		} elsif ($arg eq "-b") {
			$broadcast = 1;
			$scan = 0;
		}
	}
}

sub printUsage {
	print "Sharefinder - By David Britten\n";
	print "Usage:\n";
	print "\tsharefinder [-v] [-q] -b\n";
	print "\tsharefinder [-v] [-q] iprange\n\n";
	print "Options:\n";
	print " -v\tVerbose output - more status messages\n";
	print " -q\tQuiet mode - fewer status messages\n";
	print " -b\tBroacast - faster, but limited to your local subnet\n";
	print "iprange\tRange of addresses to scan - passed directly to nmap\n\n";
	print "This program will check your network for systems that have\n";
	print "NetBIOS file sharing enabled on port 139. It does NOT perform\n";
	print "stealth scanning, so keep that in mind. Also, it is not designed\n";
	print "to harm or compromise the target systems; it just politely asks\n";
	print "them if they have anything to offer. You must have smbclient and\n";
	print "nmblookup installed, and nmap is required for scanning.\n\n";
}