Script smb-enum-services
Script types:
portrule
Categories:
discovery, intrusive, safe
Download: https://svn.nmap.org/nmap/scripts/smb-enum-services.nse
Script Summary
Retrieves the list of services running on a remote Windows system. Each service attribute contains service name, display name and service status of each service.
Note: Modern Windows systems requires a privileged domain account in order to list the services.
References:
- https://technet.microsoft.com/en-us/library/bb490995.aspx
- https://en.wikipedia.org/wiki/Windows_service
Script Arguments
- randomseed, smbbasic, smbport, smbsign
See the documentation for the smb library.
- smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername
See the documentation for the smbauth library.
Example Usage
nmap --script smb-enum-services.nse -p445 <host> nmap --script smb-enum-services.nse --script-args smbusername=<username>,smbpass=<password> -p445 <host>
Script Output
| smb-enum-services: | | ALG: | display_name: Application Layer Gateway Service | state: | SERVICE_PAUSE_PENDING | SERVICE_CONTINUE_PENDING | SERVICE_RUNNING | SERVICE_PAUSED | type: | SERVICE_TYPE_WIN32 | SERVICE_TYPE_WIN32_OWN_PROCESS | controls_accepted: | SERVICE_CONTROL_CONTINUE | SERVICE_CONTROL_NETBINDADD | SERVICE_CONTROL_STOP | SERVICE_CONTROL_NETBINDENABLE | ClipSrv: | display_name: ClipBook | state: | SERVICE_STOPPED | SERVICE_STOP_PENDING | SERVICE_CONTINUE_PENDING | SERVICE_PAUSED | type: | SERVICE_TYPE_WIN32 | SERVICE_TYPE_WIN32_OWN_PROCESS | controls_accepted: | | COMSysApp: | display_name: COM+ System Application | state: | SERVICE_PAUSE_PENDING | SERVICE_CONTINUE_PENDING | SERVICE_RUNNING | SERVICE_PAUSED | type: | SERVICE_TYPE_WIN32 | SERVICE_TYPE_WIN32_OWN_PROCESS | controls_accepted: | SERVICE_CONTROL_CONTINUE | SERVICE_CONTROL_NETBINDADD | SERVICE_CONTROL_STOP | SERVICE_CONTROL_NETBINDENABLE | Dfs: | display_name: Distributed File System | state: | SERVICE_STOPPED | SERVICE_STOP_PENDING | SERVICE_CONTINUE_PENDING | SERVICE_PAUSED | type: | SERVICE_TYPE_WIN32 | SERVICE_TYPE_WIN32_OWN_PROCESS | controls_accepted: | | ImapiService: | display_name: IMAPI CD-Burning COM Service | state: | SERVICE_STOPPED | SERVICE_STOP_PENDING | SERVICE_CONTINUE_PENDING | SERVICE_PAUSED | type: | SERVICE_TYPE_WIN32 | SERVICE_TYPE_WIN32_OWN_PROCESS | controls_accepted: | | IsmServ: | display_name: Intersite Messaging | state: | SERVICE_STOPPED | SERVICE_STOP_PENDING | SERVICE_CONTINUE_PENDING | SERVICE_PAUSED | type: | SERVICE_TYPE_WIN32 | SERVICE_TYPE_WIN32_OWN_PROCESS | controls_accepted: | | LicenseService: | display_name: License Logging | state: | SERVICE_STOPPED | SERVICE_STOP_PENDING | SERVICE_CONTINUE_PENDING | SERVICE_PAUSED | type: | SERVICE_TYPE_WIN32 | SERVICE_TYPE_WIN32_OWN_PROCESS | controls_accepted: | | mnmsrvc: | display_name: NetMeeting Remote Desktop Sharing | state: | SERVICE_STOPPED | SERVICE_STOP_PENDING | SERVICE_CONTINUE_PENDING | SERVICE_PAUSED | type: | SERVICE_TYPE_WIN32 | SERVICE_TYPE_WIN32_OWN_PROCESS | controls_accepted: | | MSDTC: | display_name: Distributed Transaction Coordinator | state: | SERVICE_PAUSE_PENDING | SERVICE_CONTINUE_PENDING | SERVICE_RUNNING | SERVICE_PAUSED | type: | SERVICE_TYPE_WIN32 | SERVICE_TYPE_WIN32_OWN_PROCESS | controls_accepted: | SERVICE_CONTROL_CONTINUE | SERVICE_CONTROL_INTERROGATE | SERVICE_CONTROL_NETBINDADD | SERVICE_CONTROL_PARAMCHANGE | SERVICE_CONTROL_STOP | SERVICE_CONTROL_NETBINDENABLE | NtFrs: | display_name: File Replication | state: | SERVICE_STOPPED | SERVICE_STOP_PENDING | SERVICE_CONTINUE_PENDING | SERVICE_PAUSED | type: | SERVICE_TYPE_WIN32 | SERVICE_TYPE_WIN32_OWN_PROCESS | controls_accepted: | | RDSessMgr: | display_name: Remote Desktop Help Session Manager | state: | SERVICE_STOPPED | SERVICE_STOP_PENDING | SERVICE_CONTINUE_PENDING | SERVICE_PAUSED | type: | SERVICE_TYPE_WIN32 | SERVICE_TYPE_WIN32_OWN_PROCESS | controls_accepted: | | rpcapd: | display_name: Remote Packet Capture Protocol v.0 (experimental) | state: | SERVICE_STOPPED | SERVICE_STOP_PENDING | SERVICE_CONTINUE_PENDING | SERVICE_PAUSED | type: | SERVICE_TYPE_WIN32 | SERVICE_TYPE_WIN32_OWN_PROCESS | controls_accepted: | | RpcLocator: | display_name: Remote Procedure Call (RPC) Locator | state: | SERVICE_STOPPED | SERVICE_STOP_PENDING | SERVICE_CONTINUE_PENDING | SERVICE_PAUSED | type: | SERVICE_TYPE_WIN32 | SERVICE_TYPE_WIN32_OWN_PROCESS | controls_accepted: | | Spooler: | display_name: Print Spooler | state: | SERVICE_PAUSE_PENDING | SERVICE_CONTINUE_PENDING | SERVICE_RUNNING | SERVICE_PAUSED | type: | SERVICE_TYPE_WIN32 | SERVICE_TYPE_WIN32_OWN_PROCESS | controls_accepted: | SERVICE_CONTROL_CONTINUE | SERVICE_CONTROL_INTERROGATE | SERVICE_CONTROL_NETBINDADD | SERVICE_CONTROL_PARAMCHANGE | SERVICE_CONTROL_STOP | SERVICE_CONTROL_NETBINDENABLE | swprv: | display_name: Microsoft Software Shadow Copy Provider | state: | SERVICE_STOPPED | SERVICE_STOP_PENDING | SERVICE_CONTINUE_PENDING | SERVICE_PAUSED | type: | SERVICE_TYPE_WIN32 | SERVICE_TYPE_WIN32_OWN_PROCESS | controls_accepted: | | SysmonLog: | display_name: Performance Logs and Alerts | state: | SERVICE_STOPPED | SERVICE_STOP_PENDING | SERVICE_CONTINUE_PENDING | SERVICE_PAUSED | type: | SERVICE_TYPE_WIN32 | SERVICE_TYPE_WIN32_OWN_PROCESS | controls_accepted: | | TlntSvr: | display_name: Telnet | state: | SERVICE_STOPPED | SERVICE_STOP_PENDING | SERVICE_CONTINUE_PENDING | SERVICE_PAUSED | type: | SERVICE_TYPE_WIN32 | SERVICE_TYPE_WIN32_OWN_PROCESS | controls_accepted: | | TPVCGateway: | display_name: TP VC Gateway Service | state: | SERVICE_STOPPED | SERVICE_STOP_PENDING | SERVICE_CONTINUE_PENDING | SERVICE_PAUSED | type: | SERVICE_TYPE_WIN32 | SERVICE_TYPE_WIN32_OWN_PROCESS | controls_accepted: | | Tssdis: | display_name: Terminal Services Session Directory | state: | SERVICE_STOPPED | SERVICE_STOP_PENDING | SERVICE_CONTINUE_PENDING | SERVICE_PAUSED | type: | SERVICE_TYPE_WIN32 | SERVICE_TYPE_WIN32_OWN_PROCESS | controls_accepted: | | UMWdf: | display_name: Windows User Mode Driver Framework | state: | SERVICE_STOPPED | SERVICE_STOP_PENDING | SERVICE_CONTINUE_PENDING | SERVICE_PAUSED | type: | SERVICE_TYPE_WIN32 | SERVICE_TYPE_WIN32_OWN_PROCESS | controls_accepted: | | UPS: | display_name: Uninterruptible Power Supply | state: | SERVICE_STOPPED | SERVICE_STOP_PENDING | SERVICE_CONTINUE_PENDING | SERVICE_PAUSED | type: | SERVICE_TYPE_WIN32 | SERVICE_TYPE_WIN32_OWN_PROCESS | controls_accepted: | | vds: | display_name: Virtual Disk Service | state: | SERVICE_STOPPED | SERVICE_STOP_PENDING | SERVICE_CONTINUE_PENDING | SERVICE_PAUSED | type: | SERVICE_TYPE_WIN32 | SERVICE_TYPE_WIN32_OWN_PROCESS | controls_accepted: | | VGAuthService: | display_name: VMware Alias Manager and Ticket Service | state: | SERVICE_PAUSE_PENDING | SERVICE_CONTINUE_PENDING | SERVICE_RUNNING | SERVICE_PAUSED | type: | SERVICE_TYPE_WIN32 | SERVICE_TYPE_WIN32_OWN_PROCESS | controls_accepted: | SERVICE_CONTROL_CONTINUE | SERVICE_CONTROL_NETBINDADD | SERVICE_CONTROL_STOP | SERVICE_CONTROL_NETBINDENABLE | VMTools: | display_name: VMware Tools | state: | SERVICE_PAUSE_PENDING | SERVICE_CONTINUE_PENDING | SERVICE_RUNNING | SERVICE_PAUSED | type: | SERVICE_TYPE_WIN32 | SERVICE_TYPE_WIN32_OWN_PROCESS | controls_accepted: | SERVICE_CONTROL_CONTINUE | SERVICE_CONTROL_INTERROGATE | SERVICE_CONTROL_NETBINDDISABLE | SERVICE_CONTROL_PAUSE | SERVICE_CONTROL_NETBINDADD | SERVICE_CONTROL_PARAMCHANGE | SERVICE_CONTROL_STOP | SERVICE_CONTROL_NETBINDENABLE | vmvss: | display_name: VMware Snapshot Provider | state: | SERVICE_STOPPED | SERVICE_STOP_PENDING | SERVICE_CONTINUE_PENDING | SERVICE_PAUSED | type: | SERVICE_TYPE_WIN32 | SERVICE_TYPE_WIN32_OWN_PROCESS | controls_accepted: | | VMware Physical Disk Helper Service: | display_name: VMware Physical Disk Helper Service | state: | SERVICE_PAUSE_PENDING | SERVICE_CONTINUE_PENDING | SERVICE_RUNNING | SERVICE_PAUSED | type: | SERVICE_TYPE_WIN32 | SERVICE_TYPE_WIN32_OWN_PROCESS | controls_accepted: | SERVICE_CONTROL_CONTINUE | SERVICE_CONTROL_NETBINDADD | SERVICE_CONTROL_STOP | SERVICE_CONTROL_NETBINDENABLE | VSS: | display_name: Volume Shadow Copy | state: | SERVICE_STOPPED | SERVICE_STOP_PENDING | SERVICE_CONTINUE_PENDING | SERVICE_PAUSED | type: | SERVICE_TYPE_WIN32 | SERVICE_TYPE_WIN32_OWN_PROCESS | controls_accepted: | | WmiApSrv: | display_name: WMI Performance Adapter | state: | SERVICE_STOPPED | SERVICE_STOP_PENDING | SERVICE_CONTINUE_PENDING | SERVICE_PAUSED | type: | SERVICE_TYPE_WIN32 | SERVICE_TYPE_WIN32_OWN_PROCESS |_ controls_accepted:
Requires
Author:
License: Same as Nmap--See https://nmap.org/book/man-legal.html