/// <summary>
/// Lists all subdirectories on the shareDirectory and gets the ACL of every directory.
/// The action is performed recursively as long as the subRecursiveLevel is not null.
/// </summary>
/// <param name="shareDirectory">UNC path</param>
/// <param name="subRecusiveLevel">How many level of subdirectories should be scanned</param>
/// <returns>ScanDirectoryResult object</returns>
public static ScanDirectoryResult ScanShareDirectory(string shareDirectory, int subRecusiveLevel)
{
if (Config.Debug)
{
Console.WriteLine("[*][" + DateTime.Now.ToString() + "] Scanning " + shareDirectory + " Recursive level " + subRecusiveLevel.ToString());
}
if (subRecusiveLevel == 0)
{
return(new ScanDirectoryResult {
shareDirectoryACL = ShareACLUtils.GetShareDirectoryACL(shareDirectory), shareDirectorySubDirectories = new Dictionary <string, ScanDirectoryResult>()
});
}
else
{
string[] shareDirectorySubDirectories = GetSubDirectories(shareDirectory);
Dictionary <string, ScanDirectoryResult> shareDirecotySubDirectoriesScanResult = new Dictionary <string, ScanDirectoryResult>();
foreach (string subDirectoy in shareDirectorySubDirectories)
{
shareDirecotySubDirectoriesScanResult.Add(subDirectoy.Split('\\').Last(), ScanShareDirectory(subDirectoy, subRecusiveLevel - 1));
}
return(new ScanDirectoryResult {
shareDirectoryACL = ShareACLUtils.GetShareDirectoryACL(shareDirectory), shareDirectorySubDirectories = shareDirecotySubDirectoriesScanResult
});
}
}
/// <summary>
/// Print target's SMB shares and their ACL
/// </summary>
/// <param name="hostname"></param>
public static void PreviewHostShares(string hostname)
{
List <SMBShareACL> sharesACL = ShareACLUtils.GetSharesACL(GetNetShare.EnumNetShares(hostname));
foreach (SMBShareACL shareACL in sharesACL)
{
ShareACLUtils.PrintShareAccesses(shareACL);
}
}
/// <summary>
/// Perform new scan on host
/// </summary>
/// <param name="host"></param>
public static void ReScanHost(SMBHost host)
{
HostShare[] hostShares;
List <string> discoveredHostShares;
SMBScanResult currentResult;
// If the recursive level is not set in the Config class, we use the level used for the first scan
if (Config.ScanForNewSharesRecusiveLevel == -1)
{
Config.ScanForNewSharesRecusiveLevel = host.scanRecursiveLevel;
}
foreach (SMBScanResult scanResult in host.hostSharesScanResult.Values)
{
ReScanSMBScanResult(scanResult);
}
// Check whether the scan will be performed on discovered shares only or try to identify new shares.
// The discovery operation includes only the scanned hosts. To add new hosts you should use AppendHosts method.
if (Config.ScanForNewShares)
{
hostShares = GetNetShare.EnumNetShares(host.hostname);
if (host.hostSharesScanResult.Count > 0)
{
discoveredHostShares = host.hostSharesScanResult.Keys.ToList();
foreach (HostShare hostShare in hostShares)
{
if (!discoveredHostShares.Contains(hostShare.shareInfo.shi1_netname))
{
currentResult = new SMBScanResult {
shareACL = ShareACLUtils.GetShareACL(hostShare), shareSubDirectories = new Dictionary <string, ScanDirectoryResult>()
};
if (IsRecursivelyScannable(currentResult.shareACL.share))
{
currentResult.shareSubDirectories = ScanShareDirectory(hostShare.ToString(), Config.ScanForNewSharesRecusiveLevel).shareDirectorySubDirectories;
}
host.hostSharesScanResult.Add(hostShare.shareInfo.shi1_netname, currentResult);
}
}
}
else
{
host.hostSharesScanResult = ScanHost(host.hostname).hostSharesScanResult;
}
}
}
/// <summary>
/// Fetch ACL of directory and his subdirectories recursively and append them to the Evolution list
/// </summary>
/// <param name="scanDirectoryResults"></param>
public static void ReScanScanDirectoryResults(Dictionary <string, ScanDirectoryResult> scanDirectoryResults, int subRecursiveLevel = 0)
{
foreach (ScanDirectoryResult scanDirectoryResult in scanDirectoryResults.Values)
{
scanDirectoryResult.shareDirectoryACL.AddDirectoryACL(ShareACLUtils.GetShareACL(scanDirectoryResult.shareDirectoryACL.shareDirectory));
if (scanDirectoryResult.shareDirectorySubDirectories.Count > 0)
{
ReScanScanDirectoryResults(scanDirectoryResult.shareDirectorySubDirectories, subRecursiveLevel - 1);
}
if (subRecursiveLevel > 0)
{
// Get current directory subdirectories and check if there are new ones
foreach (string subDirectory in GetSubDirectories(scanDirectoryResult.shareDirectoryACL.shareDirectory))
{
if (!scanDirectoryResult.shareDirectorySubDirectories.ContainsKey(subDirectory.Split('\\').Last()))
{
scanDirectoryResult.shareDirectorySubDirectories.Add(subDirectory.Split('\\').Last(), ScanShareDirectory(subDirectory, subRecursiveLevel - 1));
}
}
}
}
}
/// <summary>
/// Fetch the ACL of a share (and his subdirectories) and append them to the evolution list
/// </summary>
/// <param name="scanResult"></param>
public static void ReScanSMBScanResult(SMBScanResult scanResult)
{
scanResult.shareACL.AddShareACL(ShareACLUtils.GetShareACL(scanResult.shareACL.share.ToString()));
if (scanResult.shareSubDirectories.Count > 0)
{
ReScanScanDirectoryResults(scanResult.shareSubDirectories, Config.ScanForNewSharesRecusiveLevel - 1);
}
if (Config.ScanForNewSharesRecusiveLevel > 0 && IsRecursivelyScannable(scanResult.shareACL.share))
{
// Get share subdirectories and check if there are new ones
foreach (string subDirectory in GetSubDirectories(scanResult.shareACL.share.ToString()))
{
if (!scanResult.shareSubDirectories.ContainsKey(subDirectory.Split('\\').Last()))
{
// If so, then perform a scan on the new subdirectories
scanResult.shareSubDirectories.Add(subDirectory, ScanShareDirectory(subDirectory, Config.ScanForNewSharesRecusiveLevel - 1));
}
}
}
}
/// <summary>
/// Scan host's SMB shares
/// </summary>
/// <param name="hostname">Target to scan.</param>
/// <returns></returns>
public static SMBHost ScanHost(string hostname)
{
SMBHost result = new SMBHost();
SMBScanResult currentResult;
HostShare[] hostShares;
IPAddress ip = null;
result.scanRecursiveLevel = Config.RecursiveLevel;
result.hostname = hostname;
try
{
ip = IPAddress.Parse(hostname);
result.ip = ip.ToString();
}
catch (FormatException)
{
if ((Config.TryResolveHostName && !TryResolveHostName(hostname)))
{
Console.WriteLine("[-][" + DateTime.Now.ToString() + "] Could not resolve " + hostname);
return(result);
}
result.ip = "";
}
// Get target's shares
try
{
if (Config.Debug)
{
Console.WriteLine("[*][" + DateTime.Now.ToString() + "] Getting " + hostname + " shares ...");
}
hostShares = GetNetShare.EnumNetShares(hostname);
}
catch (Exception e)
{
if (Config.Debug)
{
Console.WriteLine("[-][" + DateTime.Now.ToString() + "] Error on enumerating " + hostname + " shares (" + e.ToString() + ").");
}
return(result);
}
List <SMBShareACL> sharesACL = ShareACLUtils.GetSharesACL(hostShares);
// Iterate over target's shares
foreach (SMBShareACL shareACL in sharesACL)
{
// Create SMBScanResult object for every shareInfo
currentResult = new SMBScanResult {
shareACL = shareACL, shareSubDirectories = new Dictionary <string, ScanDirectoryResult>()
};
// if the shareInfo is not IPC$ or a printer, do a recursive scan on the subdirectories
if (IsRecursivelyScannable(currentResult.shareACL.share))
{
currentResult.shareSubDirectories = ScanShareDirectory(shareACL.share.ToString(), Config.RecursiveLevel).shareDirectorySubDirectories;
}
result.hostSharesScanResult.Add(shareACL.share.shareInfo.shi1_netname, currentResult);
}
return(result);
}
/// <summary>
/// Lists all subdirectories on the shareDirectory and gets the ACL of every directory.
/// The action is performed recursively as long as the subRecursiveLevel is not null.
/// </summary>
/// <param name="shareDirectory">UNC path</param>
/// <param name="subRecusiveLevel">How many level of subdirectories should be scanned</param>
/// <returns>ScanDirectoryResult object</returns>
public static ScanDirectoryResult ScanShareDirectory(string shareDirectory, int subRecusiveLevel)
{
if (Config.Debug)
{
Console.WriteLine("[*][" + DateTime.Now.ToString() + "] Scanning " + shareDirectory + " Recursive level " + subRecusiveLevel.ToString());
}
if (subRecusiveLevel == 0)
{
return(new ScanDirectoryResult {
shareDirectoryACL = ShareACLUtils.GetShareDirectoryACL(shareDirectory), shareDirectorySubDirectories = new Dictionary <string, ScanDirectoryResult>()
});
}
else
{
string[] shareDirectorySubDirectories = GetSubDirectories(shareDirectory);
Dictionary <string, ScanDirectoryResult> shareDirecotySubDirectoriesScanResult = new Dictionary <string, ScanDirectoryResult>();
int CurrentLevelMaxThreads = Config.DirScanMaxThreads / (((Config.RecursiveLevel - subRecusiveLevel) > 0) ? ((Config.RecursiveLevel - subRecusiveLevel) * 2) : 1);
if (Config.DirScanMaxThreads <= 1 || CurrentLevelMaxThreads <= 1)
{
foreach (string subDirectoy in shareDirectorySubDirectories)
{
shareDirecotySubDirectoriesScanResult.Add(subDirectoy.Split('\\').Last(), ScanShareDirectory(subDirectoy, subRecusiveLevel - 1));
}
}
else
{
Object resultLock = new Object();
List <Thread> threads = new List <Thread>();
Queue <string> targets = new Queue <string>();
Dictionary <int, int> threadsTryJoinAttemps = new Dictionary <int, int>();
void doScan(string TshareDirectory)
{
try
{
if (Config.Debug)
{
Console.WriteLine("[*][" + DateTime.Now.ToString() + "] Starting thread for " + TshareDirectory);
}
ScanDirectoryResult TscanResults = ScanShareDirectory(TshareDirectory, subRecusiveLevel - 1);
lock (resultLock)
{
shareDirecotySubDirectoriesScanResult.Add(TshareDirectory.Split('\\').Last(), TscanResults);
}
}
catch (Exception e)
{
Console.WriteLine("[-][" + DateTime.Now.ToString() + "] Failed to scan " + TshareDirectory);
if (Config.Debug)
{
Console.WriteLine("[!][THEAD][Exception] " + e.Message);
}
}
return;
}
bool TryJoinThread(Thread t)
{
try
{
bool joinResult = t.Join(Config.DirScanThreadJoinTimeout);
int threadJoinAttempts = 0;
if (!joinResult && Config.DirScanThreadJoinMaxAttempts > 0)
{
if (threadsTryJoinAttemps.TryGetValue(t.ManagedThreadId, out threadJoinAttempts))
{
if (threadJoinAttempts > Config.DirScanThreadJoinMaxAttempts)
{
if (Config.Debug)
{
Console.WriteLine("Thread " + t.ManagedThreadId.ToString() + " will be asked to abort");
}
t.Abort();
return(true);
}
else
{
threadsTryJoinAttemps[t.ManagedThreadId] = threadJoinAttempts + 1;
}
}
else
{
threadsTryJoinAttemps.Add(t.ManagedThreadId, 1);
}
}
return(joinResult);
}
catch (Exception)
{
return(false);
}
}
Console.WriteLine("[*][" + DateTime.Now.ToString() + "] Starting mutli-threaded scan ...");
foreach (string subDirectoy in shareDirectorySubDirectories)
{
try
{
if (Config.Debug)
{
Console.WriteLine("[*][" + DateTime.Now.ToString() + "] Scanning " + subDirectoy);
}
while (threads.Count >= CurrentLevelMaxThreads)
{
Console.Write("[*][" + DateTime.Now.ToString() + "] Running threads count : " + threads.Count.ToString() + " \r");
if (Config.Debug)
{
Console.WriteLine("[*][" + DateTime.Now.ToString() + "] Waiting for a place to create a new thread ...");
}
threads.RemoveAll(TryJoinThread);
}
targets.Enqueue(subDirectoy);
Thread thread = new Thread(() => doScan(targets.Dequeue()))
{
Name = subDirectoy,
IsBackground = true
};
threads.Add(thread);
thread.Start();
}
catch (Exception e)
{
if (Config.Debug)
{
Console.WriteLine("[-][" + DateTime.Now.ToString() + "] Error on scanning " + subDirectoy + " : " + e.ToString());
}
}
}
Console.WriteLine("[*][" + DateTime.Now.ToString() + "] Waiting for the remaining threads ...");
do
{
Console.Write("[*][" + DateTime.Now.ToString() + "] Remaining threads : " + threads.Count.ToString() + " \r");
threads.RemoveAll(TryJoinThread);
} while (threads.Count > 0);
}
return(new ScanDirectoryResult {
shareDirectoryACL = ShareACLUtils.GetShareDirectoryACL(shareDirectory), shareDirectorySubDirectories = shareDirecotySubDirectoriesScanResult
});
}
}
