NBTSCAN: scanning IP networks for NetBIOS name information

As part of penetration testing is often necessary to search for something interesting in the network, especially if we are in the segment of workstations. For example search for specific workstation users who hold positions implying elevated privileges. Why do this? Eg for narrowcasting MITM attack or find vulnerabilities in individual workstations or servers.

In search, we can help the PC names. Learn the names of most PCs and other devices, you can use the protocol NETBIOS and nbtscan tool.

Nbtscan is a program for scanning IP networks for NetBIOS name information. It sends Net‐BIOS status query to each address in supplied range and lists received information in human readable form. For each responded host it lists IP address, NetBIOS computer name, logged-in user name and MAC address (such as Ethernet).

nbtscan 192.168.1.1/24

At the output, we get a list of IP addresses and NETBIOS names.