Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

🏠 Back to Blog

smbmap Cheatsheet

SMB enumeration tool for listing shares, permissions, and contents.

Basic Syntax

smbmap [options] -H <host>

Connection Options

OptionDescriptionExample
-H HOSTTarget hostsmbmap -H 10.10.10.10
-P PORTSMB port (default 445)smbmap -H 10.10.10.10 -P 139
-u USERUsernamesmbmap -u admin -H 10.10.10.10
-p PASSPasswordsmbmap -u admin -p Password123 -H 10.10.10.10
-d DOMAINDomainsmbmap -u admin -p pass -d MYDOMAIN -H 10.10.10.10

Authentication Methods

Null Session

smbmap -H 10.10.10.10 -u '' -p ''

Guest Session

smbmap -H 10.10.10.10 -u 'guest' -p ''

Pass-the-Hash

smbmap -H 10.10.10.10 -u admin -p 'aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0'

Enumeration Options

OptionDescriptionExample
-r PATHRecursively list directorysmbmap -r C$ -H 10.10.10.10 -u admin -p pass
-R PATHList shares recursivelysmbmap -R -H 10.10.10.10 -u admin -p pass
--depth NRecursive depth (default 5)smbmap -R --depth 3 -H 10.10.10.10
-A PATTERNDownload files matching patternsmbmap -A '*.txt' -R -H 10.10.10.10
-qQuiet mode (suppress banner)smbmap -q -H 10.10.10.10

File Operations

OptionDescriptionExample
--download PATHDownload filesmbmap --download 'C$\file.txt' -H 10.10.10.10 -u admin -p pass
--upload SRC DSTUpload filesmbmap --upload payload.exe 'C$\payload.exe' -H 10.10.10.10 -u admin -p pass
--delete PATHDelete filesmbmap --delete 'C$\file.txt' -H 10.10.10.10 -u admin -p pass

Command Execution

OptionDescriptionExample
-x CMDExecute commandsmbmap -x 'ipconfig' -H 10.10.10.10 -u admin -p pass
--mode psexecUse PsExec methodsmbmap -x 'whoami' --mode psexec -H 10.10.10.10

Common Examples

List All Shares

smbmap -H 10.10.10.10 -u admin -p Password123

Output shows share permissions:

  • READ - Can read files
  • WRITE - Can write files
  • NO ACCESS - Access denied

Enumerate Share Contents

smbmap -H 10.10.10.10 -u admin -p Password123 -r 'Share Name'

Recursive Listing with Depth

smbmap -H 10.10.10.10 -u admin -p Password123 -R --depth 3

Download All Text Files

smbmap -H 10.10.10.10 -u admin -p Password123 -R -A '\.txt$'

Multiple Hosts

smbmap -H 10.10.10.0/24 -u admin -p Password123

Permission Levels

PermissionDescription
READ ONLYCan read files
READ, WRITEFull access
NO ACCESSAccess denied
ADMIN$Administrative share (requires admin)
C$Default drive share (requires admin)
IPC$Inter-process communication