WinScanX was released today. A Windows command-line enumeration tool plus an optional GUI front-end. A must have for any security professional.
Download link: http://windowsaudit.com/
Web site: http://www.windowsaudit.com/
Features and usage information:
WinScanX v1.0 | http://www.windowsaudit.com/
Usage: WinScanX [-
<username> <password>
[-
<hostname> -- required argument
<username> -- optional argument
<password> -- optional argument
If the <username> and <password> arguments are omitted, this utility
will attempt to establish a NetBIOS null session and gather information
via the null session.
If the <username> and <password> arguments are both plus signs (+), the
existing credentials of the user running this utility will be used.
Examples:
WinScanX -1 10.10.10.10
WinScanX -2 10.10.10.10 + +
WinScanX -3 10.10.10.10 administrator password
WinScanX -3 10.10.10.10 domain\admin password
WinScanX -1 WINSERVER01
WinScanX -2 WINSERVER01 + +
WinScanX -3 WINSERVER01 administrator password
WinScanX -3 WINSERVER01 domain\admin password
WinScanX -1 192.168.1-254
WinScanX -2 192.168.1-254 + +
WinScanX -3 192.168.1-254 administrator password
WinScanX -3 192.168.1-254 domain\admin password
WinScanX -1 IPInputFile.txt
WinScanX -2 IPInputFile.txt + +
WinScanX -3 IPInputFile.txt administrator password
WinScanX -3 IPInputFile.txt domain\admin password
==== WinScanX Advanced Features ====
-a -- Get Account Policy Information
-b -- Get Audit Policy Information
-c -- Get Display Information
-d -- Get Domain Information
-e -- Get LDAP Information
-f -- Get Administrative Local & Global Group Information
-g -- Get Local & Global Group Information
-p -- Get Installed Programs
-k -- Get Interactively Logged On Users
-l -- Get Logged On Users
-i -- Get Patch Information
-j -- Get Registry Information
-m -- Get Scheduled Task Information
-n -- Get Server Information
-o -- Get Service Information
-s -- Get Share Information
-t -- Get Share Permissions
-q -- Get SNMP Community Information
-u -- Get User Information
-r -- Get User Information via RA Bypass
-x -- Get User Rights Information
-w -- Get WinVNC3 & WinVNC4 Passwords
-y -- Save Remote Registry Hives
-z -- Ping Remote Host Before Scanning
-S -- Guess SNMP Community Strings
-W -- Guess Windows Passwords
-v -- Verbose Output
-1 -- Group 1 (includes -adglnsur)
-2 -- Group 2 (includes -adgpljnsquw)
-3 -- Group 3 (includes -abdgplijmnostquxw)
==== Retrieving Patch Information ====
The information that is queried for each host to determine the existance
of a patch is included in the PatchInfo.input file.
==== Retrieving Registry Information ====
The registry key/value pairs that are queried for each host are included
in the RegistryInfo.input file.
==== SNMP Community String Guessing ====
The SNMP community strings that are attempted for each host are included
in the CommunityStrings.input file.
==== Windows Password Guessing ====
For Windows password guessing to occur, there must be a matching
<hostname>.users file in the UserCache directory for each host on which
you attempt to guess passwords. WinScanX options -c, -r, -u, and -S can be
used to generate <hostname>.users cache files.
The passwords that are attempted for each user account are included in the
Dictionary.input file.
The following can also be used in the Dictionary.input file:
<username> -- The name of the current user
<lcusername> -- The name of the current user in lower case
<ucusername> -- The name of the current user in upper case
<blank> -- A blank or null password
