[SHAREENUM]

Network share scanner for security assessment, permission auditing, and unauthorized access detection

Difficulty: Beginner
Category: Security

Key Features

Network Scanning
Discover shared resources across network ranges
Permission Analysis
Analyze share permissions and access controls
GUI Interface
User-friendly interface for interactive scanning
Security Assessment
Identify overly permissive shares and misconfigurations

How to Use ShareEnum

Basic Operation

1
Launch ShareEnum: Run shareenum.exe with administrative privileges
2
Configure Target: Enter IP range or specific hostnames to scan
3
Set Credentials: Specify authentication credentials if required
4
Start Scan: Begin enumeration and analyze results

Scan Configuration

  • IP Range: 192.168.1.1-192.168.1.254 or 10.0.0.0/24
  • Specific Hosts: server1.domain.com, 192.168.1.100
  • Ports: Default SMB ports (139, 445) or custom ranges
  • Timeout: Adjust for network conditions and response times

Security Use Cases

๐Ÿ” Network Assessment

Discover all shared resources on the network for security evaluation.

Scope: Internal network reconnaissance and mapping

๐Ÿšจ Unauthorized Access

Identify shares with weak permissions or unauthorized access.

Risk: Data exposure through overpermissive shares

๐Ÿ“‹ Compliance Auditing

Ensure share permissions comply with security policies.

Standards: PCI-DSS, HIPAA, SOX compliance requirements

๐Ÿงช Penetration Testing

Enumerate network shares during security assessments.

Phase: Network discovery and enumeration phase

Common Security Findings

๐Ÿšจ Critical Issues

  • Anonymous access enabled: Shares accessible without authentication
  • Everyone group Full Control: All users have complete access to sensitive data
  • C$ administrative shares exposed: System drives accessible remotely
  • Database backups exposed: Sensitive database files in accessible shares

โš ๏ธ Warning Issues

  • Domain Users write access: All domain users can modify shared content
  • Weak share passwords: Easily guessable or default credentials
  • Excessive permissions: Users with more access than required
  • Unencrypted sensitive shares: Confidential data without encryption

โ„น๏ธ Information Findings

  • Standard administrative shares: Expected ADMIN$, IPC$, PRINT$ shares
  • Application shares: Software-specific shared directories
  • User home directories: Personal folders with appropriate permissions
  • Public folders: Intentionally shared common resources

Command Line Alternatives

Native Windows Commands

# List shares on local system
net share

# List shares on remote system
net view \\192.168.1.100

# List all computers in domain
net view /domain

PowerShell Commands

# Get SMB shares
Get-SmbShare

# Get SMB share access
Get-SmbShareAccess -Name "ShareName"

# Find network computers
Get-ADComputer -Filter * | Select Name

Best Practices & Tips

Use appropriate credentials: Run with domain admin or local admin rights for complete enumeration
Start with local subnets: Begin scanning from known internal network ranges
Document findings: Export results for security remediation and compliance reporting
Check for hidden shares: Look for shares ending with $ that may be intentionally hidden
Regular scanning schedule: Perform periodic scans to detect new or changed shares

Get ShareEnum

Download ShareEnum as part of the Sysinternals Suite

Download ShareEnum.exe