This tutorial is for Linux systems, especially Debian derivatives.
At first please check your Nmap version:
You will need at least 7.5. If it’s lower than that, simply go to https://nmap.org/download.html and follow their instructions. I’ve used alien to convert RPM package because Debian ones are very old.
sudo alien nmap-7.50-1.x86_64.rpm sudo dpkg --force-overwrite -i nmap_7.50-2_amd64.deb
Preapare Nmap for scan
You need to determine where NSE scripts are stored in your system. I’ve used:
find / -type f -name "*.nse"
And I’ve found out that they are in /usr/share/nmap/scripts/. Download https://github.com/cldrn/nmap-nse-scripts/blob/master/scripts/smb-vuln-ms17-010.nse and place it there.
Scan your network
Now simply scan your network:
nmap -p445 -Pn --script smb-vuln-ms17-010 192.168.x.x/24 | grep -B 8 VULNERABLE
Grep will list only these machines which are vulnerable. Results look like this:
Nmap scan report for 192.168.x.x Host is up (0.00029s latency). PORT STATE SERVICE 445/tcp open microsoft-ds Host script results: | smb-vuln-ms17-010: | VULNERABLE: | Remote Code Execution vulnerability in Microsoft SMBv1 servers (ms17-010) | State: VULNERABLE
Of course you can put them into file for latter investigation:
nmap -p445 -Pn --script smb-vuln-ms17-010 192.168.x.x/24 | grep -B 8 VULNERABLE > scan_result.txt