SharpShares – Multithreaded C# .NET Assembly To Enumerate Accessible Network Shares In A Domain

Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain

Built upon djhohnstein’s SharpShares project

> .SharpShares.exe help

SharpShares.exe /threads:50 /ldap:servers /ou:”OU=Special Servers,DC=example,DC=local” /filter:SYSVOL,NETLOGON,IPC$,PRINT$ /verbose /outfile:C:pathtofile.txt

Optional Arguments:
/threads – specify maximum number of parallel threads (default=25)
/dc – specify domain controller to query (if not ran on a domain-joined host)
/domain – specify domain name (if not ran on a domain-joined host)
/ldap – query hosts from the following LDAP filters (default=all)
:all – All enabled computers with ‘primary’ group ‘Domain Computers’
:dc – All enabled Domain Controllers (not read-only DCs)
:exclude-dc – All enabled computers that are not Domain Controllers or read-only DCs
:servers – All enabled servers
:servers-exclude-dc – All enabled servers excluding Domain Controllers or read-only DCs
/ou – specify LDAP OU to query enabled computer objects from
ex: “OU=Special Servers,DC=example,DC=local”
/stealth – list share names without performing read/write access checks
/filter – list of comma-separated shares to exclude from enumeration
/outfile – specify file for shares to be appended to instead of printing to std out
/verbose – return unauthorized shares

Execute Assembly

execute-assembly /path/to/SharpShares.exe /ldap:all /filter:sysvol,netlogon,ipc$,print$

Example Output

Specifying Targets

The /ldap and /ou flags can be used together or seprately to generate a list of hosts to enumerate.

All hosts returned from these flags are combined and deduplicated before enumeration starts.

Download SharpShares