During an audit I needed a tool to enumerate the permissions for all shared file ressources within a large client network. Although there are several tools to enumerate client shares (e.g. nmap), I have found none for enumerating the permissions in detail.
The python script is basically a wrapper for "rpcclient" from the samba client package. This is not an attack tool, you will need to have proper administrative rights to read the share permissions (see line "RPCCommand = ..." in the source). In addition to enumerating the share permissions, the script also enumerates the local groups (e.g. local administrators).
Example log file content:
10.0.0.1 netshareenum netname: SecretShare remark: (null) path: C:\ password: (null) ...
10.0.0.1 netsharegetinfo netname: SecretShare ... Permissions: 0x1f01ff: ... SID: S-1-1-0:\Everybody ...
10.0.0.1 querydominfo Domain: PC01 Server: ...
10.0.0.1 enumalsgroups_builtin group:[Administrators] rid:[0x220] group:[Backup Operators] rid:[0x227]...
10.0.0.1 queryaliasmem 0x220 S-...-500:PC01\Administrator S-...-...:DOM\SecretAdmin