findsmb

findsmb [options]

-r <retries>
    Sets the number of retries for queries to find SMB hosts.

-t <timeout>
    Sets the timeout in seconds for each query to find SMB hosts.

-b <broadcast_address>
    Specifies a particular broadcast address to use instead of the default.

-W <workgroup>
    Specifies the workgroup or domain to which the query should be directed.

-U <username>
    Specifies a username for authentication when connecting to discovered shares. Required for protected shares.

-p <password>
    Specifies the password for authentication. Caution: Using this on the command line is insecure due to clear text visibility.

-N
    Suppresses the password prompt, useful for scripting or when no password is required.

-L
    Lists only detected servers, suppressing the enumeration of their individual shares for a more concise output.

-v
    Enables verbose output, providing more detailed information about the discovery process and detected entities.

findsmb is a utility included with the Samba suite, designed to discover SMB/CIFS (Server Message Block/Common Internet File System) hosts and their available shares on a local network segment. It operates by sending broadcast queries (or targeted queries if specified) to identify active SMB servers.

Upon discovery, findsmb attempts to retrieve and display valuable information such as the server's IP address, NetBIOS name, workgroup or domain affiliation, and a list of shared resources. This command is particularly useful for network administrators and users for various tasks including network auditing, identifying potential security vulnerabilities (e.g., unintentionally open shares), troubleshooting connectivity issues, or simply gaining an overview of available SMB/CIFS services within a given network environment. It provides a quick and straightforward way to assess SMB presence without requiring deeper interaction with each individual server.

findsmb primarily relies on network broadcasts for discovery, which may not traverse routed networks or VPNs without specific configurations.
Firewalls configured to block SMB/CIFS (ports 137, 138, 139, 445) can prevent successful host and share discovery.
Providing sensitive information like passwords directly on the command line using -p is a security risk.
The command might report shares that are not accessible due to permissions or authentication requirements if credentials are not provided.

By default, findsmb outputs a tabular view, typically showing the IP address, NetBIOS name, workgroup/domain, and then a list of all discovered shares for each server. If shares are not accessible or permissions prevent enumeration, they might still be listed as 'disk' or 'IPC$'.
Example output structure:
IP ADDRESS NETBIOS NAME WORKGROUP OS SERVER
-----------------------------------------------------------------------------
192.168.1.100 MYSERVER MYWORKGROUP Unix Samba 4.x.x
Sharename Type Comment
--------- ---- -------
myshare Disk My shared folder
print$ Printer Printer Drivers

The most common way to use findsmb is simply by running it without any options to discover all SMB/CIFS hosts and shares on the current local broadcast domain: findsmb

To list only servers without enumerating shares, for a quicker overview: findsmb -L

findsmb is an integral part of the Samba project, which was initiated by Andrew Tridgell in 1992. As the SMB/CIFS protocol evolved, so did the Samba suite and its accompanying utilities. findsmb has consistently served as a foundational tool for network discovery, enabling users to quickly survey SMB/CIFS resources on their local network. Its development has mirrored the broader advancements in Samba, focusing on efficiency, compatibility, and providing a convenient command-line interface for network introspection.

nmblookup(1), smbclient(1), smbstatus(1), mount.cifs(8), samba(7)