feature: add smb_brute command

ADOPTERS.md

@@ -29,4 +29,4 @@
 
 
  ## Thank You
- Thanks to everyone using and contributing to OWASP Nettacker! We appreciate your support and feedback.
+ Thanks to everyone using and contributing to OWASP Nettacker! We appreciate your support and feedback.

docs/API.md

@@ -741,4 +741,4 @@ To enable session-based requests, like (e.g. Python `requests.session()` or brow
     }
 ]
 >>>
-```
+```

docs/Contributors.md

@@ -35,4 +35,4 @@ People who helped to create the OWASP Nettacker. You can see the complete list o
 
 
 
-The OWASP Nettacker Project Team is very grateful to Google's Summer of Code (GSoC - summerofcode.withgoogle.com) and to all GSoC students who helped to enhance Nettacker while working during their summer break!
+The OWASP Nettacker Project Team is very grateful to Google's Summer of Code (GSoC - summerofcode.withgoogle.com) and to all GSoC students who helped to enhance Nettacker while working during their summer break!

docs/Media.md

@@ -39,4 +39,4 @@ Youtube
 [![IMAGE](http://img.youtube.com/vi/BF7G763xIKM/0.jpg)](https://www.youtube.com/watch?v=BF7G763xIKM)
 
 
-Feel free to send your media to us to share it in here.
+Feel free to send your media to us to share it in here.

docs/Usage.md

@@ -671,4 +671,4 @@ After this configuration please comment out the following line in database/db.py
 
 
 
-Let me know if you have any more questions.
+Let me know if you have any more questions.

docs/index.md

@@ -7,4 +7,4 @@ This documentation is generated using [mkdocs.org](https://www.mkdocs.org) and [
 
 OWASP Nettacker is an automated penetration testing framework designed to help cyber security professionals and ethical hackers perform reconnaissance, vulnerability assessments, and network security audits efficiently. Nettacker automates information gathering, vulnerability scanning, and credential brute forcing tasks, making it a powerful tool for identifying weaknesses in networks, web applications, IoT devices and APIs.
 
-Documentation [Home](Home.md)
+Documentation [Home](Home.md)

nettacker/api/readme.md

@@ -7,4 +7,4 @@ OWASP Nettacker API files are stored in here.
 * `engine.py` is entry point of API and main functions
 * `api_core.py` has core functions
 * `start_scan.py` run new scans
-* `database.sqlite3` an empty API database for sample, its copy to `./.data/database.sqlite3` and stores data i there.
+* `database.sqlite3` an empty API database for sample, its copy to `./.data/database.sqlite3` and stores data i there.

nettacker/core/lib/smb.py

@@ -0,0 +1,49 @@
+from impacket.smbconnection import SMBConnection
+
+from nettacker.core.lib.base import BaseEngine, BaseLibrary
+
+
+def create_connection(host, port):
+    return SMBConnection(host, remoteHost=host, sess_port=port)
+
+
+class SmbLibrary(BaseLibrary):
+    def brute_force(self, *args, **kwargs):
+        host = kwargs["host"]
+        port = kwargs["port"]
+        username = kwargs["username"]
+
+        response = {
+            "host": host,
+            "port": port,
+            "username": username,
+        }
+
+        domain = "."
+        if "domain" in kwargs:
+            domain = kwargs["domain"]
+            response.update({"domain": domain})
+
+        password = ""
+        if "password" in kwargs:
+            password = kwargs["password"]
+            response.update({"password": password})
+
+        lm = ""
+        if "lm" in kwargs:
+            lm = kwargs["lm"]
+            response.update({"lm": lm})
+
+        nt = ""
+        if "nt" in kwargs:
+            nt = kwargs["nt"]
+            response.update({"nt": nt})
+
+        connection = create_connection(host, port)
+        connection.login(username, password, domain, lm, nt)
+
+        return response
+
+
+class SmbEngine(BaseEngine):
+    library = SmbLibrary

nettacker/core/readme.md

@@ -17,4 +17,4 @@ OWASP Nettacker core functions are stored in here.
 * `socks_proxy.py` use SOCKS5 proxy 
 * `targets.py` process, calculate and count targets
 * `time.py` time functions
-* `utility.py` support functions
+* `utility.py` support functions

nettacker/lib/graph/d3_tree_v1/readme.md

@@ -47,4 +47,4 @@ bl.ocks.org is run by Mike Bostock.
 bl.ocks.org is not affiliated with GitHub.
 
 Code highlighting by Highlight.js (BSD license).
-Markdown formatting by Showdown (BSD license).
+Markdown formatting by Showdown (BSD license).

nettacker/lib/graph/d3_tree_v2/readme.md

@@ -47,4 +47,4 @@ bl.ocks.org is run by Mike Bostock.
 bl.ocks.org is not affiliated with GitHub.
 
 Code highlighting by Highlight.js (BSD license).
-Markdown formatting by Showdown (BSD license).
+Markdown formatting by Showdown (BSD license).

nettacker/lib/graph/readme.md

@@ -1,4 +1,4 @@
 OWASP Nettacker Graphs
 ======================
 
-OWASP Nettacker graphs stored in here.
+OWASP Nettacker graphs stored in here.

nettacker/lib/html_log/readme.md

@@ -1,4 +1,4 @@
 OWASP Nettacker HTML Report
 ===========================
 
-OWASP Nettacker HTML report lib stored in here.
+OWASP Nettacker HTML report lib stored in here.

nettacker/lib/icmp/readme.md

@@ -4,4 +4,4 @@ https://gist.github.com/pklaus/856268
 
 https://github.com/corentone/python3-ping/blob/master/ping.py
 
-changes credit: Ali Razmjoo - OWASP Nettacker
+changes credit: Ali Razmjoo - OWASP Nettacker

nettacker/lib/payloads/User-Agents/web_browsers_user_agents.txt

@@ -64,4 +64,4 @@ Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91
 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36
 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.101 Safari/537.36
 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36 OPR/77.0.4054.275
-Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36
+Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36

nettacker/lib/payloads/readme.md

@@ -8,4 +8,4 @@ OWASP Nettacker payloads are located here
 
 
 ### User-Agents
-* Web Browser User agents
+* Web Browser User agents

nettacker/lib/payloads/wordlists/admin_wordlist.txt

@@ -530,4 +530,4 @@ yonetici.html
 yonetici.php
 yonetim.asp
 yonetim.html
-yonetim.php
+yonetim.php

nettacker/lib/payloads/wordlists/config_wordlist.txt

@@ -219,4 +219,4 @@ sshd_config
 .gitconfig
 .gitignore
 .npmrc
-.yarnrc
+.yarnrc

nettacker/lib/payloads/wordlists/dir_wordlist.txt

@@ -1963,4 +1963,4 @@ zips
 ~test
 ~user
 ~webmaster
-~www
+~www

nettacker/lib/payloads/wordlists/pma_wordlist.txt

@@ -171,4 +171,4 @@ phpmyadmin2014/
 phpmyadmin2015/
 phpmyadmin2016/
 phpmyadmin2017/
-phpmyadmin2018/
+phpmyadmin2018/

nettacker/lib/payloads/wordlists/wp_plugin_small.txt

@@ -288,4 +288,4 @@ happy-elementor-addons
 chart-builder
 really-simple-ssl
 wordpress-seo
-gutentor
+gutentor

nettacker/lib/payloads/wordlists/wp_theme_small.txt

@@ -38,4 +38,4 @@ rockstar-theme
 saico
 striking_r
 twentysixteen
-switchblade
+switchblade

nettacker/lib/payloads/wordlists/wp_timethumbs.txt

@@ -2421,4 +2421,4 @@ wp-content/themes/zenkoreviewRD/scripts/timthumb.php
 wp-content/themes/zenkoreviewRD/timthumb.php
 wp-content/themes/zenko/scripts/thumb.php
 wp-content/themes/zenko/scripts/timthumb.php
-wp-content/themes/Zenko/scripts/timthumb.php
+wp-content/themes/Zenko/scripts/timthumb.php

nettacker/locale/hi.yaml

@@ -122,4 +122,4 @@ compare_report_path_filename: तुलना रिपोर्ट सहेज
 no_scan_to_compare: तुलना करने के लिए scan_id नहीं मिला
 compare_report_saved: "{0} में तुलना परिणाम सहेजे गए"
 build_compare_report: "तुलना रिपोर्ट बनाई जा रही है"
-finish_build_report: "तुलना रिपोर्ट तैयार हो गई"
+finish_build_report: "तुलना रिपोर्ट तैयार हो गई"

nettacker/locale/it.yaml

@@ -215,4 +215,4 @@ compare_report_path_filename: "Il percorso del file per memorizzare il report co
 no_scan_to_compare: "L'ID della scansione da confrontare non è stato trovato"
 compare_report_saved: "Risultati del confronto salvati in {0}"
 build_compare_report: "Creazione del report di confronto"
-finish_build_report: "Creazione del report di confronto completata"
+finish_build_report: "Creazione del report di confronto completata"

nettacker/locale/ja.yaml

@@ -191,4 +191,4 @@ compare_report_path_filename: "compare_scanレポートを保存するための
 no_scan_to_compare: "比較対象のscan_idが見つかりません"
 compare_report_saved: "比較結果が{0}に保存されました"
 build_compare_report: "比較レポートを作成中"
-finish_build_report: "比較レポートの作成が完了しました"
+finish_build_report: "比較レポートの作成が完了しました"

nettacker/locale/readme.md

@@ -1,4 +1,4 @@
 OWASP Nettacker Language Library
 ================================
 
-OWASP Nettacker message libraries stored in here.
+OWASP Nettacker message libraries stored in here.

nettacker/modules/brute/pop3.yaml

@@ -36,4 +36,4 @@ payloads:
           conditions:
             successful_login:
               regex: ""
-              reverse: false
+              reverse: false

nettacker/modules/brute/pop3s.yaml

@@ -36,4 +36,4 @@ payloads:
           conditions:
             successful_login:
               regex: ""
-              reverse: false
+              reverse: false

nettacker/modules/brute/smb.yaml

@@ -0,0 +1,41 @@
+info:
+  name: smb_brute
+  author: OWASP Nettacker Team
+  severity: 3
+  description: SMB Bruteforcer
+  reference:
+  profiles:
+    - brute
+    - brute_force
+    - smb
+
+payloads:
+  - library: smb
+    steps:
+      - method: brute_force
+        timeout: 3
+        host: '{target}'
+        ports:
+          - 445
+        usernames:
+          - administrator
+          - admin
+          - root
+          - user
+          - test
+          - guest
+        passwords:
+          nettacker_fuzzer:
+            input_format: '{{passwords}}'
+            prefix:
+            suffix:
+            interceptors:
+            data:
+              passwords:
+                read_from_file: passwords/top_1000_common_passwords.txt
+        response:
+          condition_type: or
+          conditions:
+            successful_login:
+              regex: ''
+              reverse: false

nettacker/modules/scan/confluence_version.yaml

@@ -40,4 +40,4 @@ payloads:
             content:
               regex: <span id=\'footer-build-information\'>(.+?)</span>
               reverse: false 
-          log: "response_dependent['content']"
+          log: "response_dependent['content']"

nettacker/modules/scan/icmp.yaml

@@ -22,4 +22,4 @@ payloads:
           conditions:
             time_response:
               regex: ""
-              reverse: false
+              reverse: false

nettacker/modules/scan/port.yaml

@@ -1094,4 +1094,4 @@ payloads:
 
               amqp:
                 regex: "AMQP"
-                reverse: false
+                reverse: false

nettacker/modules/vuln/adobe_coldfusion_cve_2023_26360.yaml

@@ -49,4 +49,4 @@ payloads:
           conditions:
             content:
               regex: "(?<=password=)[A-F0-9]+"
-              reverse: false
+              reverse: false

nettacker/modules/vuln/citrix_cve_2019_19781.yaml

@@ -48,4 +48,4 @@ payloads:
               reverse: false
             content:
               regex: "\\[global\\]|lmhosts"
-              reverse: false
+              reverse: false

nettacker/modules/vuln/citrix_cve_2023_4966.yaml

@@ -51,4 +51,4 @@ payloads:
             header:
               Content-type: 
                 regex: application/json
-                reverse: false
+                reverse: false

nettacker/modules/vuln/confluence_cve_2023_22515.yaml

@@ -49,4 +49,4 @@ payloads:
               reverse: false
             content:
               regex: <span id=\'footer-build-information\'>8\.(0\.[0-4]|1\.[0-4]|2\.[0-3]|3\.[0-2]|4\.[0-2]|5\.[0-1])</span>
-              reverse: false 
+              reverse: false 

nettacker/modules/vuln/confluence_cve_2023_22527.yaml

@@ -47,4 +47,4 @@ payloads:
             headers:
               X-Cmd-Response:
                 regex: (.+)$
-                reverse: false
+                reverse: false

nettacker/modules/vuln/exponent_cms_cve_2021_38751.yaml

@@ -46,4 +46,4 @@ payloads:
               reverse: false
             content:
               regex: "random_string_1.com"
-              reverse: false
+              reverse: false

nettacker/modules/vuln/f5_cve_2020_5902.yaml

@@ -46,4 +46,4 @@ payloads:
               reverse: false
             content:
               regex: root:\\C+(:\\d+)+|/etc/passwd|/etc/shadow|uid\\=*.+gid
-              reverse: false
+              reverse: false

nettacker/modules/vuln/msexchange_cve_2021_26855.yaml

@@ -50,4 +50,4 @@ payloads:
                 reverse: false
             content:
               regex: NegotiateSecurityContext
-              reverse: false
+              reverse: false

nettacker/modules/vuln/msexchange_cve_2021_34473.yaml

@@ -46,4 +46,4 @@ payloads:
           conditions:
             content:
               regex: Microsoft.Exchange.Clients.Owa2.Server.Core.OwaADUserNotFoundException|Exchange MAPI\/HTTP Connectivity Endpoint
-              reverse: false
+              reverse: false

nettacker/modules/vuln/sonicwall_sslvpn_cve_2024_53704.yaml

@@ -55,4 +55,4 @@ payloads:
                 reverse: false
             content:
               regex: 'NELaunchX1'
-              reverse: false
+              reverse: false

nettacker/modules/vuln/ssl_certificate_weak_signature.yaml

@@ -34,4 +34,4 @@ payloads:
                 weak_signing_algo:
                   reverse: false
                 signing_algo:
-                  reverse: false
+                  reverse: false

nettacker/modules/vuln/ssl_self_signed_certificate.yaml

@@ -36,4 +36,4 @@ payloads:
                 issuer:
                   reverse: false
                 subject:
-                  reverse: false
+                  reverse: false

nettacker/modules/vuln/ssl_weak_cipher.yaml

@@ -41,4 +41,4 @@ payloads:
                 subject:
                   reverse: false
                 expiration_date:
-                  reverse: false
+                  reverse: false