nmap
Usage of SMB-specific NSE script below. Also see nmap.
enum4linux
This makes use of the IPC$
share.
crackmapexec
Some crackmapexec commands for SMB enumeration
(Try using -u '' -p ''
for all of the following)
crackmapexec smb $IP
crackmapexec smb $IP --shares
crackmapexec smb $IP --shares -M spider_plus
(auto enum)
crackmapexec smb $IP --users
crackmapexec smb $IP --pass-pol
(get password policies)
smbclient
nbtscan
NBT stands for NetBIOS over TCP.
-r
uses local port 137 to scan since Win95 responds to this only.