Description
Scans targets for CVE-2020-0796 (SMBGhost). Probes SMBv3 COMPRESSION_CAPABILITIES negotiate context to detect unpatched Windows 10 1903–2004 (builds 18362–19041). Optionally sends crash trigger packets.
Overview
Scans one or more hosts for CVE-2020-0796 (SMBGhost) by probing whether they advertise SMBv3 compression support via the COMPRESSION_CAPABILITIES negotiate context. This is a reliable indicator of a vulnerable and unpatched build.
Affected builds: Windows 10 1903/1909/2004 and Windows Server 2019 without KB4551762.
Arguments
| Parameter | Type | Required | Description |
|---|---|---|---|
| Targets | string[] | Yes | IP addresses or hostnames to scan. |
| Port | int | No | SMB port. Default: 445. |
| TriggerCrash | bool | No | If true, sends crash trigger packets after a positive check. WARNING: causes immediate BSOD on the target. Default: false. |
Dependencies
- smb
Operating Systems
- Windows
Example Text Output
ComputerName Vulnerable Triggered Error
------------ ---------- --------- -----
10.0.0.50 True False
10.0.0.51 False False