smbstatus --shares
SMB Monitoring Script:
#!/bin/bash
#SMB Mount Monitoring
SMB=($(smbstatus --shares | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b"))
echo "#####################" >> /tmp/hacker.info
echo "SMB Mount(s) Mounted!" >> /tmp/hacker.info
echo "#####################" >> /tmp/hacker.info
for i in "${SMB[@]}"
do
echo "#####################" >> /tmp/hacker.info
echo "HACKER DETECTED W/ IP $i" >> /tmp/hacker.info
echo >> /tmp/hacker.info
nbtscan "$i" >> /tmp/hacker.info
nslookup "$i" >> /tmp/hacker.info
arp -a "$i" >> /tmp/hacker.info
echo >> /tmp/hacker.info
done
echo "#####################" >> /tmp/hacker.info
echo "SMB General Information" >> /tmp/hacker.info
echo >> /tmp/hacker.info
echo "smbstatus" >> /tmp/hacker.info
smbstatus >> /tmp/hacker.info
echo >> /tmp/hacker.info
echo "End SMB Information" >> /tmp/hacker.info
echo "#####################" >> /tmp/hacker.info