- If you havent already got it, download and install NMAP from https://nmap.org/
- Steps 2,3 are probably not required anymore as the script might be deployed already with the install, but check.
- Download the script from https://github.com/cldrn/nmap-nse-scripts/blob/master/scripts/smb-vuln-ms17-010.nse
- Save it to Nmap NSE script directory
- Windows location is C:\Program Files (x86)\Nmap\scripts
- Linux – /usr/share/nmap/scripts/ or /usr/local/share/nmap/scripts/
- OSX – /opt/local/share/nmap/scripts/
- Test the script on a known vulnerable device such as 18.104.22.168 or 22.214.171.124
- nmap -sC -p 445 -max-hostgroup 3 -open -script smb-vuln-ms17-010.nse 126.96.36.199
- Run against your enviroment
Starting Nmap 7.40 ( https://nmap.org ) at 2017-05-15 10:30 South Africa Standard Time
Nmap scan report for ns.bvtsvc.com (188.8.131.52)
Host is up (0.22s latency).
PORT STATE SERVICE
445/tcp open microsoft-ds
Host script results:
| Remote Code Execution vulnerability in Microsoft SMBv1 servers (ms17-010)
| State: VULNERABLE
| IDs: CVE:CVE-2017-0143
| Risk factor: HIGH
| A critical remote code execution vulnerability exists in Microsoft SMBv1
| servers (ms17-010).
| Disclosure date: 2017-03-14
Nmap done: 1 IP address (1 host up) scanned in 4.63 seconds