Skip to content
Nuclei Templates

SMB v1 Protocol Enabled

ID: smb-v1-enabled

Severity: critical

Author: princechaddha

Tags: windows,smb,network,protocol,code,windows-audit

Description

Section titled “Description”

Detects if SMB v1 protocol is enabled, which is vulnerable to numerous exploits.

YAML Source

Section titled “YAML Source”
id: smb-v1-enabled


info:
  name: SMB v1 Protocol Enabled
  author: princechaddha
  severity: critical
  description: Detects if SMB v1 protocol is enabled, which is vulnerable to numerous exploits.
  impact: |
    SMB v1 is vulnerable to multiple attacks, including the infamous WannaCry ransomware.
  remediation: |
    Disable SMB v1 protocol to enhance the security of your system.
  tags: windows,smb,network,protocol,code,windows-audit


self-contained: true


code:
  - pre-condition: |
      IsWindows();
    engine:
      - powershell
      - powershell.exe
    args:
      - -ExecutionPolicy
      - Bypass
    pattern: "*.ps1"
    source: |
      (Get-SmbServerConfiguration).EnableSMB1Protocol


    matchers:
      - type: word
        words:
          - "True"
# digest: 4b0a00483046022100ec7a4d00dca9aaec04dacb6360a1e4ac43cd5bf12d5220fe3e0cfd2834420732022100e753ea5c51bb82e13a24d65e62a730ff489be81c01baa544b0d1cc9813ed1634:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "code/windows/audit/smb-v1-enabled.yaml"

View on Github