Main arguments:

-H HOST

IP of host

--host-file FILE

File containing a list of hosts

-u USERNAME

Username, if omitted null session assumed

-p PASSWORD

Password or NTLM hash

-s SHARE

Specify a share (default C$), ex 'C$'

-d DOMAIN

Domain name (default WORKGROUP)

-P PORT

SMB port (default 445)

Command Execution:

Options for executing commands on the specified host

-x COMMAND

Execute a command ex. 'ipconfig /all'

Filesystem Search:

Options for searching/enumerating the filesystem of the specified host

-L

List all drives on the specified host

-R [PATH]

Recursively list dirs, and files (no share\path lists ALL shares), ex. 'C$\Finance'

-r [PATH]

List contents of directory, default is to list root of all shares, ex. -r 'C$\Documents and Settings\Administrator\Documents'

-A PATTERN

Define a file name pattern (regex) that auto downloads a file on a match (requires -R or -r), not case sensitive, ex '(web|global).(asax|config)'

-q

Disable verbose output. Only shows shares you have READ/WRITE on, and suppresses file listing when performing a search (-A).

--depth DEPTH

Traverse a directory tree to a specific depth

File Content Search:

Options for searching the content of files

-F PATTERN

File content search, -F '[Pp]assword' (requries admin access to execute commands, and powershell on victim host)

--search-path PATH

Specify drive/path to search (used with -F, default C:\Users), ex 'D:\HR\'

Filesystem interaction:

Options for interacting with the specified host's filesystem

--download PATH

Download a file from the remote system, ex.'C$\temp\passwords.txt'

--upload SRC DST

Upload a file to the remote system ex. '/tmp/payload.exe C$\temp\payload.exe'

--delete PATH TO FILE

Delete a remote file, ex. 'C$\temp\msf.exe'

--skip

Skip delete file confirmation prompt

Optional arguments:

-h, --help

show help message and exit