This PowerShell script, written by our friend Rafael Montoya, will allow you to scan open shares based on a list you provide or a subnet you enter. It will process hostnames or IP addresses and attempt to connect to the shares on a machine using WMI to make the connection.

Using PowerShell it will call the Get-WMIObject with the Class of Win32_ConnectionShare and it can be modified to allow more properties that can be listed. The current properties that are listed are PSComputerName, Name, Path and Description.

For use with subnets and cidr notation the GET-IPRange will currently list out the IP addresses in the subnet that was entered. For a /24 it will list out all 254 usable addresses and scan those IPs for a SMB share.

The framework is basically a simple interface to interact with both of these functions; it will ask you to provide a CIDR or file and depending on which one you pick it will run the proper command to get the shares. The script will output the results into a separate file that you have to specify and it will append and only write shares that it finds.

All the code you need is here: GitHub