'********************************************************************************** ' File: ScanWriteable.vbs (WSH2 for VBscript) ' Author: (c) M. Gallant Nortel Networks 10/12/2000 ' Version: 1.0 ' Modified: Pete Sherwood 02 Feb 2001 ' ' This WSH (Windows Script Host) application is designed to run on Win2000 or NT4. ' It requires WSH2 support (native on Win2000). The script is written ' in VBS script. ' ' There are several lines you will want to edit: ' 1. the list of domains you want to scan ' 2. the message you want to leave on the writeable share ' ' find: ' ' ***** Edit the following line ***** ' ' ----------- Script Details ---------- ' This network-scanning script performs 3 separate tasks, depending on ' status of the boolean variables "gennetviewlist", "genmachinelist", "genstatslist" : ' ' (1) For each domain in the domains array generates ' a text file "domaininarray.txt" containing the output of the command: ' net view /DOMAIN:domaininarray ' The file is generated in the script launch directory. ' ' (2) For each of the files listed in part (1), new files "mach_domaininarray.txt" ' are generated which contain just the UNC computer names \\computerindomain, ' with all comments stripped out using standard VBScript string functions. ' ' (3) This section enumerates all shares for each computer found in a *specific* ' domain, specified by the parameter "infile". The computer names, followed ' by each DISK share found (shared printers are not included) are output to a ' file "sharestats.txt" in the current script directory; for example an entry ' for a computer with two shared folders appears as: ' \\machine1 ' VPHOME ' VPLOGON ' ' Also, a more detailed file, "logexists.txt" is generated simultaneously, ' which reports the results of: ' (a) whether a specific file, specified by the "seek" variable, is present ' (there "seek" can contain a path as well as the file sought). The ' purpose of the "seek" test is to search for viral infector files, or ' specific files indicating certain share status .. for example, autoexec.bat ' would indicate high probabability of a share being a shared system drive ' folder on Win95. If the "seek" file is found, it is printed immediately ' below the share name in the logexists.txt file (using a simple redirect ' of a DOS dir /b command. Only a single "seek" item is implemented, but ' extending to multiple "seek" items is a possible extension. ' (b) whether an attempted text-file write operation succeeds or fails on each ' network share. The "calling card" file, "$$avertshare.txt" is generated ' dynamically by the script, and contains the scan start-time as well as ' contact information. ' This file-write to the network share is implemented using a ' simple network copy file command: ' copy /y callingcard.txt \\computername\sharename ' where the output of the command again is redirected to the log file. ' ' (A temporary file, "tempout.txt" is generated holding the redirected results of: ' "net view \\computer" which is parsed and analysed for parts (a) and (b) above). ' ' ' A typical entry in "logexists.txt", for a computer containing 2 shared folders, ' one containing the "seek" file autoexec.bat, and both shares writeable: ' \\somecomputer ' C ' AutoExec.bat ' 1 file(s) copied. ' D ' 1 file(s) copied. ' ' (shares where the file-write attempt fails reports "0 file(s) copied") ' ' --------- Summary of Files Generated Dynamically by this Script ----------- ' somedomain.txt -- Raw redirected output of net view //DOMAIN:somedomain. ' mach_somedomain.txt -- Filtered output with ONLY \\machine entires (no details). ' sharestats.txt -- Listing of all \\machine and visible shares (date stamped). ' logexists.txt -- Analysis file showing \\machine and redirected results of: ' dir /b \\machine\share\seek ' copy /y callcardpath \\machine\share ' (/b == "bare bones" listing; no stdio if file not found) ' (/y == "suppress prompting" for overwriting existing file) ' ' tempout.txt -- Temporary file containing output of net view \\machine ' ' $$avertshare.txt -- "Calling Card" file, (autogenerated) to test-write ' to shared network folders. ' '*********************************************************************************** Option Explicit Dim wshShell, fso, scriptpath Dim domains, domain, filename, inStream, outfile, outStream, tempinStream Dim i, LineOfText, LineofTempText Dim gennetviewlist, genmachinelist, genstatslist, statuswindows Dim runcommand, tempfilepath, sharename, sharefile, logfileexist, UNCname Dim infile, seek, callcardpath Dim infiles() Const ForWriting = 2 statuswindows = True ' display interim Echo windows? gennetviewlist = True ' get the net view /Domain:domain listing genmachinelist = False ' parse each entry in net view listing to just \\unc data genstatslist = False ' analyze the data in specific unc listing file for specific path ' ***** Edit the following line ***** domains = Array("your domain names", "in quotes go here", "another one", "etc." ) ' list of Domains to scan Redim infiles(Ubound(domains)) For i=0 TO Ubound(domains) ' generate Array of listing file names. infiles(i) = domains(i) & ".txt" NExt Set WshShell = CreateObject("WScript.Shell") Set fso = CreateObject("Scripting.FileSystemObject") scriptpath = fso.GetParentFolderName(WSCript.ScriptFullName) '-------- (1) Generate net view /Domain:domain listing files ------------- If gennetviewlist Then For Each domain In domains runcommand = "%comspec% /C net view /DOMAIN:" & domain & " >" & scriptpath & "\" & domain & ".txt" WshShell.Run runcommand, 0, True Next IF statuswindows then WScript.Echo "Finished generating net view /DOMAIN:xxxx listings" End If '-------- (2) Output Simple UNC-list Files ------------- If genmachinelist Then For Each filename In infiles infile = scriptpath & "\" & filename outfile = scriptpath & "\" & "mach_" & filename If fso.FileExists(infile) Then Set inStream = fso.OpenTextFile(infile) Set outStream = fso.openTextFile(outfile, ForWriting, True) Do While Not (inStream.atEndOfStream) LineOfText = inStream.ReadLine If Instr(LineOfText, "\\")<>0 then outStream.WriteLine Trim(Mid(LineOfText,1,22)) End If Loop Else WScript.Echo "File " & infile & " not found" End If Next IF statuswindows then WScript.Echo "Finished Generating Simple UNC machine lists" End If '-------- (3) Generate Ouput Stats Files (sharestats.txt, logexists.txt) ------------- if genstatslist Then ' ------ File Containing Pure UNC names to be scanned (in current script directory)------ ' infile = "mach_domain1.txt" infile = "mach_domain2.txt" ' infile = "mach_domain3.txt" ' --------------------------------------------------------------------------------------- ' Path to seek file below share name; file may contain wildcards. seek = "autoexec.bat" ' seek = "windows\_setup.exe" ' seek = "windows\system\explore.exe" ' seek = "winnt\system32\explore.exe" ' seek = "windows\system\flcss.exe" sharefile = "sharestats.txt" 'Save *visible* Disk shares for all computers here. logfileexist = "logexists.txt" 'Save results of search on "seek" path. tempfilepath = scriptpath & "\tempout.txt" ' temp file to store net view \\unc\sharename output. callcardpath = scriptpath & "\$$avertshare.txt" ' Calling card file to write to shared-writeable folders. ' create the calling card file. Set outStream = fso.OpenTextFile(callcardpath, ForWriting, True) outStream.Write Now & vbCrLf ' append the date×tamp ' ***** Edit the following line ***** outStream.Write "Share-Aware scan" & vbCrLf & "--- Avert Team: http://virus.your.domain" outStream.close Set inStream = fso.OpenTextFile(scriptpath & "\" & infile) Set outStream = fso.OpenTextFile(scriptpath & "\" & sharefile, ForWriting, True) outstream.WriteLine "----- Visible File Shares for: " & infile & " -----" ' Header Information outStream.WriteLine "Start: " & Now & vbCrLf 'Time/Date stamp at start of scan. runcommand = "%comspec% /C net view " WshShell.Run "%comspec% /C echo Analysis of " & infile & " for " & seek & " " & Now & " >" & logfileexist, 0, True 'Generate logexists.txt WshShell.Run "%comspec% /C echo. >>" & logfileexist, 0, True 'Generate logexists.txt Do While Not (inStream.atEndOfStream) ' read in list of UNC machine names. LineOfText = inStream.ReadLine If Instr(LineOfText, "\\")<>0 then ' make sure entries are correct UNC names. UNCname = Trim(LineofText) WshShell.Run "%comspec% /C echo " & UNCname & " >>" & logfileexist, 0, True ' Hide DOS window and wait WshShell.Run runcommand & UNCname & " >" & tempfilepath, 0, True ' generate net view output. outStream.WriteLine UNCname 'Write the computer UNC name to sharefile. Set tempinStream = fso.OpenTextFile(tempfilepath) Do While Not (tempinStream.atEndOfStream) LineOfTempText = tempinStream.ReadLine If Instr(LineOfTempText, " Disk ")<>0 then ' only record machine share names sharename = Trim(Left(LineofTempText, Instr(LineOfTempText, "Disk")-1)) ' parse it. outStream.WriteLine sharename WshShell.Run "%comspec% /C echo " & sharename & " >>" & logfileexist, 0, True sharename = """" & sharename & """" 'Properly handle share names with spaces WshShell.Run "%comspec% /C dir /b " & UNCname & "\" & sharename & "\" & seek & " >>" & logfileexist, 0, True WshShell.Run "%comspec% /C copy /y " & callcardpath & " " & UNCname & "\" & sharename & " >>" & logfileexist, 0, True End If Loop outStream.WriteLine ' separator for different computer results WshShell.Run "%comspec% /C echo. >>" & logfileexist, 0, True End If Loop outStream.WriteLine vbCrLf & "Finished: " & Now ' Output The Date/Time stamp at finish. WshShell.Run "%comspec% /C echo Finished: " & Now & " >>" & logfileexist, 0, True IF statuswindows then WSCript.Echo "Finished Network Scan using " & infile & ". Seeking: Share\" & seek End If WScript.Echo "ParseMach.vbs script finished at " & Now '---------------------------- End Script ------------------------------------------------------------