It is good to scan the devices with nmap and run some scripts to find out if an application on the target machine is vulnerable. This is the location of those scripts in case you want to see what scripts to use:




I run nmap to a specific port on smb and got this:


root@kali:~# nmap -script "smb-v*" -p445

Starting Nmap 7.70 ( ) at 2019-01-29 18:25 CST

Nmap scan report for

Host is up (0.020s latency).



445/tcp open microsoft-ds


Host script results:

|_smb-vuln-ms10-054: false

|_smb-vuln-ms10-061: NT_STATUS_OBJECT_NAME_NOT_FOUND

| smb-vuln-ms17-010:


|   Remote Code Execution vulnerability in Microsoft SMBv1 servers (ms17-010)

|     State: VULNERABLE

|     IDs: CVE:CVE-2017-0143

|     Risk factor: HIGH

|       A critical remote code execution vulnerability exists in Microsoft SMBv1

|       servers (ms17-010).


|     Disclosure date: 2017-03-14

|     References:





Nmap done: 1 IP address (1 host up) scanned in 5.90 seconds