PowerHuntShares.psm1

PowerHuntShares "is PowerShell tool designed to help cybersecurity teams and penetration testers better identify, understand, attack, and remediate SMB shares in the Active Directory environments they protect. Every hacker has a story about abusing SMB shares, but it’s an attack surface that cybersecurity teams still struggle to defend. This project aims to provide an open proof-of-concept tool for creating a comprehensive share inventory, leveraging statistics, charts, graphs, and language models to contextualize shares, summarize relationships, assess risks, and prioritize remediation."

Disable antivirus

Set-MpPreference -DisableRealtimeMonitoring $true

Note: this doesn't seem to work in Windows 11, even after disabling tamper protection. So you might just want to disable active protection in the GUI.

Import the PHS module

Import-Module .\PowerHuntShares.psm1

Run the collection and save to a folder called `dump`

Invoke-HuntSMBShares -runspacetimeout 10 -Threads 100 -OutputDirectory dump

Parsing just hostnames from the "pingable" CSV export file

awk -F',' '{gsub(/"/, "", $1); print $1}' inputfile.txt | sort

Disable antivirus​

Import the PHS module​

Run the collection and save to a folder called dump​

Parsing just hostnames from the "pingable" CSV export file​

Disable antivirus

Import the PHS module

Run the collection and save to a folder called `dump`

Parsing just hostnames from the "pingable" CSV export file