.TH NAT 1
.SH NAME
smb-nat - NetBIOS Auditing Tool
.SH SYNOPSIS
smb-nat [-d <\fBdebuglevel\fP>] [-o <\fBoutput\fP>] [-u <\fBuserlist\fP>] [-p <\fBpasslist\fP>] \fB<address>\fP
.SH DESCRIPTION
.PP
\fBsmb-nat\fP is a tool written to perform various security checks on systems
offering the NetBIOS file sharing service.  \fBsmb-nat\fP will attempt to retrieve
all information availible from the remote server, and attempt to access any
services provided by the server.
.SH OPTIONS
.IP \fB-o\fP
Specify the \fBoutput\fP file.  All results from the scan will be written to
the specified file, in addition to standard output.
.IP \fB-u\fP
Specify the file to read \fBusernames\fP from.  Usernames will be read from
the specified file when attempting to guess the password on the remote server.
Usernames should appear one per line in the specified file.
A sample username file can be found at \fB/usr/share/smb-nat/userlist.txt\fP.
.IP \fB-p\fP
Specify the file to read \fBpasswords\fP from.  Passwords will be read from
the specified file when attempting to guess the password on the remote server.
Passwords should appear one per line in the specified file.
A sample password file can be found at \fB/usr/share/smb-nat/passlist.txt\fP.
.IP \fB<address>\fP
Addresses should be specified in comma deliminated format, with no spaces.
Valid address specifications include:

hostname - "hostname" is added

127.0.0.1-127.0.0.3, adds addresses 127.0.0.1 through 127.0.0.3

127.0.0.1-3, adds addresses 127.0.0.1 through 127.0.0.3

127.0.0.1-3,7,10-20, adds addresses 127.0.0.1 through 127.0.0.3, 127.0.0.7,
127.0.0.10 through 127.0.0.20.

hostname,127.0.0.1-3, adds "hostname" and 127.0.0.1 through 127.0.0.1

All combinations of hostnames and address ranges as specified above are valid.
.PP
If no userlist or password list files are specified on the command line,
a small set of defaults are used.  This list includes the following:

  \fBUsernames\fP

  "ADMINISTRATOR", "GUEST", "BACKUP", "ROOT", "ADMIN", "USER", "DEMO", "TEST", "SYSTEM", "OPERATOR", "OPER", "LOCAL"

  \fBPasswords\fP

  "ADMINISTRATOR", "GUEST", "ROOT", "ADMIN", "PASSWORD", "TEMP", "SHARE", "WRITE", "FULL", "BOTH", "READ", "FILES", "DEMO", "TEST", "ACCESS", "USER", "BACKUP", "SYSTEM", "SERVER", "LOCAL"

The password guessing routines are written in such a way that all passwords are
tried for all usernames.  Keep this in mind when using larger lists of passwords
and usernames, as the time required increases exponentially with the size of
these lists.
.SH SUPPORTED PLATFORMS
This version of \fBsmb-nat\fP has been tested against Windows NT 4.0 and various
versions of the Samba server written by Andrew Tridgell.
.PP
This version of \fBsmb-nat\fP has been tested and compiled on the following
operating systems:
\fBSolaris\fP 2.5,
\fBLinux\fP 2.0,
\fBFreeBSD\fP 2.1.5,
\fBOpenBSD\fP 2.0,
\fBBSDI\fP 2.1,
\fBWindows NT\fP 4.0,
\fBWindows 95\fP

.SH FILES
\fBsmb-nat\fP, \fB/usr/share/smb-nat/userlist.txt\fP, \fB/usr/share/smb-nat/passlist.txt\fP