How to scan your network for WannaCry vulnerability (SMBv1 MS17-010)?

This tutorial is for Linux systems, especially Debian derivatives.

Update Nmap

At first please check your Nmap version:

nmap --version

You will need at least 7.5. If it’s lower than that, simply go to https://nmap.org/download.html and follow their instructions. I’ve used alien to convert RPM package because Debian ones are very old.

sudo alien nmap-7.50-1.x86_64.rpm 
sudo dpkg --force-overwrite -i nmap_7.50-2_amd64.deb

Preapare Nmap for scan

You need to determine where NSE scripts are stored in your system. I’ve used:

find / -type f -name "*.nse"

And I’ve found out that they are in /usr/share/nmap/scripts/. Download https://github.com/cldrn/nmap-nse-scripts/blob/master/scripts/smb-vuln-ms17-010.nse and place it there.

Scan your network

Now simply scan your network:

nmap -p445 -Pn --script smb-vuln-ms17-010 192.168.x.x/24 | grep -B 8 VULNERABLE

Grep will list only these machines which are vulnerable. Results look like this:

Nmap scan report for 192.168.x.x
Host is up (0.00029s latency).

PORT    STATE SERVICE
445/tcp open  microsoft-ds

Host script results:
| smb-vuln-ms17-010: 
|   VULNERABLE:
|   Remote Code Execution vulnerability in Microsoft SMBv1 servers (ms17-010)
|     State: VULNERABLE

Of course you can put them into file for latter investigation:

nmap -p445 -Pn --script smb-vuln-ms17-010 192.168.x.x/24 | grep -B 8 VULNERABLE > scan_result.txt

Published by

Konrad Fedorczyk

Konrad Fedorczyk

I'm interested in programming and gamedev. I especially luv HTML5 and everything connected to web technologies.

Leave a Reply

Your email address will not be published. Required fields are marked *