smb1_smb2_verify

#!/usr/bin/env python3
# -*- coding: utf-8 -*-
# Filename: smb1_smb2_verify.py
# Version: 1.0.0
# Author: Jeoi Reqi

"""
This script verifies the status of SMB1 and SMB2 protocols on the system.

Requirements:
    - Python 3.x
    - Access to the Windows Registry (for SMB1 verification)
    - PowerShell (for SMB2 verification)

Usage:
    - Run the script in a terminal or command prompt.

Additional Notes:
    - SMB1 and SMB2 are network communication protocols used by Windows operating systems for sharing files, printers, and other resources over a network.
    - Enabling SMB1 exposes the system to potential vulnerabilities such as EternalBlue, a cyberattack exploit developed by the U.S. National Security Agency (NSA) that targets Microsoft Windows operating systems.
    - Disabling SMB1 and SMB2 reduces the risk of exploitation by known vulnerabilities.
    - This script provides a warning if both SMB1 and SMB2 protocols are enabled, indicating a high risk of vulnerability to exploits such as EternalBlue.

Known exploits that use EternalBlue attack methods:
1. WannaCry
2. EternalRocks
3. Petya
4. NotPetya
5. Bad Rabbit
6. TrickBot
7. Emotet
8. Ryuk
9. GandCrab
10. SamSam
11. Smominru
12. RobbinHood
13. Dharma
"""

import subprocess

def verify_smb1_status():
    """
    Verify the status of SMB1 protocol.

    This function checks whether SMB1 protocol is enabled or disabled on the system.

    Returns:
        bool or None: True if SMB1 is enabled, False if SMB1 is disabled,
                      None if the status cannot be determined.
    """
    try:
        # Check the value of the SMB1 registry key
        result = subprocess.run(
            [
                "reg",
                "query",
                "HKLM\\SYSTEM\\CurrentControlSet\\Services\\LanmanServer\\Parameters",
                "/v",
                "SMB1",
            ],
            capture_output=True,
            text=True,
        )
        if "SMB1    REG_DWORD    0x1" in result.stdout:
            print(
                "\nSMB1 is enabled. \n\t\t:: ⚠️ Warning ⚠ ::\n\n\t- Enabling SMB1 exposes your system to potential vulnerabilities such as EternalBlue.\n"
            )
            return True
        elif "SMB1    REG_DWORD    0x0" in result.stdout:
            print("\nSMB1 is disabled.\n")
            return False
        else:
            print(
                "\nSMB1 status could not be determined or registry key not found on the system.\n"
            )
            return None
    except subprocess.CalledProcessError as e:
        print("\nAn error occurred while checking SMB1 status:", e.stderr)
        return None


def verify_smb2_status():
    """
    Verify the status of SMB2 protocol.

    This function checks whether SMB2 protocol is enabled or disabled on the system.

    Returns:
        bool or None: True if SMB2 is enabled, False if SMB2 is disabled,
                      None if the status cannot be determined.
    """
    result = subprocess.run(
        [
            "powershell",
            "-Command",
            '$SMB2Enabled = (Get-SmbServerConfiguration).EnableSMB2Protocol; if ($SMB2Enabled) { Write-Output "SMB2 is enabled" } else { Write-Output "SMB2 is disabled" }',
        ],
        capture_output=True,
        text=True,
    )
    if "SMB2 is enabled" in result.stdout:
        return True
    elif "SMB2 is disabled" in result.stdout:
        return False
    else:
        return None


if __name__ == "__main__":
    smb1_enabled = verify_smb1_status()
    smb2_enabled = verify_smb2_status()

    if smb1_enabled is True and smb2_enabled is True:
        print(
            "\n⚠️ Warning: Both SMB1 and SMB2 are enabled!\nYour system is at high risk due to vulnerabilities such as EternalBlue.\n"
        )
    else:
        print("\nNo vulnerability to EternalBlue exploits detected.\n")