• Stars
    star
    193
  • Rank 201,081 (Top 4 %)
  • Language
    Python
  • License
    Other
  • Created over 5 years ago
  • Updated 3 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Fully asynchronous SMB library written in pure python

Supported Python versions Twitter

🚩 This is the public repository of aioSMB, for latest version and updates please consider supporting us through https://porchetta.industries/

aiosmb

Fully asynchronous SMB library written in pure python. Python 3.7+ ONLY

🚩 Sponsors

If you want to sponsors this project and have the latest updates on this project, latest issues fixed, latest features, please support us on https://porchetta.industries/

Official Discord Channel

Come hang out on Discord!

Porchetta Industries

Features

Too many to list here, please check the examples.

Authentication

Kerberos

Kirbi CCACHE AES/RC4/DES keys NT hash Password Certificate Certificate (PFX/PEM) Certstore (Windows)
Supported Y Y Y Y Y Y Y Y

NTLM

LM hash NT hash Password
Supported N Y Y

SSPI

Only on Windows.
This auth method uses the current user context. If you are NT/SYSTEM then it will use the machine account credentials.

NTLM Kerberos
Supported Y Y

NEGOEX

Certificate (PFX) Certstore (Windows)
Supported Y Y (using current user)

Connection

This library also supports QUIC connection to Azure hosts

Protocol Supproted
UDP N
TCP Y
QUIC Y

Proxy

Supports Socks4 and Socks5 natively. Socks5 currently not supporting authentication.
Bear in mind, that proxy support doesnt always play well with all auth methods, see this table below.

SOCKS4 SOCKS4A SOCKS5
NTLM Y Y Y
Kerberos N (incompatible) Y Y
SSPI Y (only local users) Y (only local users) Y (only local users)
NEGOEX Y Y Y

Connection url

I managed to condense all information needed to specify an SMB connection into an URL format.
It looks like this:

dialect-network+authmethod://user:secret@target:port/?param1=value1&param2=value2

dialect fomat: smbX/smbXXX
Where version: 2 for any SBM2 3 for any SMB3 dialects, or specific 3 character code like 200 or 201 or 300...

network format: tcp or quic (leave empty for TCP)

authmethod format: auth-type
Where auth: ntlm or kerberos or sspi or negext Where type: password or nt or aes or rc4 or kirbi ...

user format: DOMAIN\username
Where DOMAIN: your domain
Where username: your username

secret format: Depends on the authmethod's type value
target format: IP address or hostname of the target
port format: integer describing the port

Example

The following parameters are used (the user victim is trying to log in to the domain controller): Username: victim
Domain: TEST
Passowrd: Passw0rd!1
DC IP address: 10.10.10.2
DC hostname: win2019ad
Socks4 proxy serer: 127.0.0.1 Socks4 proxy port : 9050

Example 1 - NTLM with password

smb+ntlm-password://TEST\victim:[email protected]

Example 2 - NTLM with NT hash

smb+ntlm-nt://TEST\victim:[email protected]

Example 3 - NTLM using the SSPI in Windows

smb+sspi-ntlm://10.10.10.2

Example 4 - KERBEROS with password

smb+kerberos-password://TEST\victim:[email protected]/?dc=10.10.10.2

Example 5 - KERBEROS with NT hash

smb+kerberos-nt://TEST\victim:[email protected]/?dc=10.10.10.2

Example 6 - KERBEROS with PFX certificate

smb2+kerberos-pfx://user.pfx:[email protected]/?dc=10.10.10.2

Example 7 - KERBEROS with PEM certificate

smb2+kerberos-pem://cert.pem:[email protected]/?dc=10.10.10.2

Example 7 - KERBEROS with certificate from windows certificate store

smb2+kerberos-pem://cert.pem:[email protected]/?dc=10.10.10.2

Example 8 - KERBEROS using the SSPI in Windows

smb+sspi-kerberos://win2019ad.test.corp

Example 9 - Socks proxy and NTLM with password

smb+ntlm-password://TEST\victim:[email protected]/?proxyhost=127.0.0.1&proxyport=9050

Example 10 - NTLM with password with timeout higher than normal (60s)

smb+ntlm-password://TEST\victim:[email protected]/?timeout=60

Example 11 - Negoex certificate auth using PFX file. (eg. Azure P2P auth)

smb+negoex-pfx://certificate.pfx:[email protected]/

Example 12 - Negoex certstore auth using certificate from the current user's certstore (Windows only). (eg. Azure P2P auth)

smb+negoex-certstore://<subject CN of the certificate to use>@10.10.10.2/

TODO

  • DCERPC: in progress, lot of features working already
  • VSS mountpoint operations
  • a lot of other things

Kudos

This project is heavily based on the Impacket orignally by @agsolino.
The DCERPC strucutre definitions and DCERPC parsing in this project is almost identical to the Impacket project.
NEGOEX protocol implementation was based on AzureADJoinedMachinePTC created by @rubin_mor
Certificate request functionality was based on certi created by @zer1t0

More Repositories

1

pypykatz

Mimikatz implementation in pure Python
Python
2,799
star
2

jackdaw

gather gather gather
Python
556
star
3

kerberoast

Kerberoast attack -pure python-
Python
413
star
4

msldap

LDAP library for auditing MS AD
Python
357
star
5

evilrdp

Python
281
star
6

minidump

Python library to parse and read Microsoft minidump file format
Python
271
star
7

minikerberos

Kerberos manipulation library in pure Python
Python
244
star
8

aardwolf

Asynchronous RDP client for Python (headless)
Python
142
star
9

pypykatz_server

Pypykatz server
Python
124
star
10

Responder3

Responder for Python3
Python
95
star
11

pypykatz_agent_dn

Pypykatz agent implemented in .NET
C#
85
star
12

CVE-2017-12542

Test and exploit for CVE-2017-12542
Python
84
star
13

pysnaffler

pysnaffler
Python
82
star
14

PyKerberoast

Implementing Kerberoast attack fully in python
Python
72
star
15

adiskreader

Async Python library to parse local and remote disk images.
Python
70
star
16

asysocks

Socks5 / Socks4 client and server library
Python
66
star
17

aardwolfgui

Asynchronous RDP/VNC client for Python (GUI)
Python
62
star
18

octopwnweb

OctoPwn in your browser
JavaScript
58
star
19

BitErrant

BitErrant
Objective-C
58
star
20

pypykatz_wasm

pypykats in your browser
Python
53
star
21

socksohttp

Socks5 server over Websockets
Python
40
star
22

windows_ad_dos_poc

PoC code for crashing windows active directory
Python
34
star
23

aroadtools

fully async implementation of Dirkjan's ROADTools
Python
31
star
24

pypykatz-volatility3

pypykatz plugin for volatility3 framework
Python
30
star
25

wsnet

wsnet
Python
24
star
26

anfs

Asynchronous NFSv3 client in pure Python
Python
22
star
27

aesedb

async parser for JET
Python
21
star
28

pydesfire

Desfire card library for Python
Python
18
star
29

aiowinreg

Registry hive parsing the async way
Python
18
star
30

winsspi

Windows SSPI wrapper in prue python
Python
15
star
31

winacl

Platform independent library for interfacing windows security descriptors
Python
15
star
32

unicrypto

Unified interface for some crypto algos
Python
12
star
33

wsnet-dotnet

C#
12
star
34

LocalNTLMTest

Tool to acquire netNTLM hashes on a local machine wihtout network traffic
Python
11
star
35

pysecur3

Python communication library for BiSecur devices
Python
11
star
36

HuaweiSMSender

Python script to send SMS using Huawei new[er] USB dongles via the HTTP interface
Python
11
star
37

asyauth

Python
10
star
38

nimwsnetproxy

websockets-tcp proxy in nim
Nim
10
star
39

foscam_stupid_poc

PoC auth bypass for some IP cameras. Vendor unknown
Python
9
star
40

socks5line

Helping tunneling for proxy-unaware scripts
Python
9
star
41

awinrm

Python
8
star
42

amurex

asynchronous SSH client in Python
Python
8
star
43

multiplexor

this will be interesting....
Python
8
star
44

aiosecretsdump

Secretsdump for aiosmb
Python
8
star
45

sprayit

Password spraying toolkit
Python
7
star
46

pyodide-wsnetwork

Websocket to TCP proxy for pyodide
Python
7
star
47

COMP128

initial commit
Python
6
star
48

duckysvc

webscokets service to use usb hid keyboard devices with rubberducky scripts
Python
5
star
49

sslyzedb

Database and reporting backed for sslyze
Python
4
star
50

zipserver

zipserver
C#
4
star
51

mysql_client_libload

PoC for loading arbitrary shared libraries to mysql-client.
Python
3
star
52

jdauto

Auto collection service for JackDaw and Mulitplexor
Python
3
star
53

aiogps

Library to interface with gpsd using asyncio
Python
2
star
54

winrecon

winrecon
Python
2
star
55

responder3-log-discord

Discord logging extension for Responder3
Python
2
star
56

unidns

basic async DNS library
Python
2
star
57

responder3-log-splunk

Splunk HTTP Event Colletor logging extension for Responder3
Python
2
star
58

CubieTruckManager

Framework to manage/control cubietruck board
Python
1
star
59

jdiotclient

C#
1
star
60

secop

2nd OPinion - DB driven scanning
Python
1
star
61

GPSTrackerServer

Server side code for the GPSTracker framework
Python
1
star
62

responder3-log-logstash

Logstash TCP logging extension for Responder3
Python
1
star
63

bucketindex

index.html that allows browsing the gcp bucket
HTML
1
star
64

responder3-log-remote-ws

Responder3 plugin for remote logging over websockets
Python
1
star
65

GPSTracker

Client - Server based tracker with DB and fireworks and everything
Python
1
star
66

guidedog-nmap

Nmap XML script parser for
Python
1
star
67

buildall

Python
1
star
68

GPSTrackerClientWS

Client part of the GPSTracker suite running on websockets
Python
1
star