WSPSEARCH(1) | User Commands | WSPSEARCH(1) |
NAME¶
wspsearch - Run Windows Search Protocol searches against a SMB server
SYNOPSIS¶
wspsearch {//server/share} [--limit=results] [--search=phrase] [--kind=KIND] [--query=QUERY] [-?|--help] [--usage] [-d|--debuglevel=DEBUGLEVEL] [--debug-stdout] [-s|--configfile=CONFIGFILE] [--option=name=value] [-l|--log-basename=LOGFILEBASE] [--leak-report] [--leak-report-full] [-R|--name-resolve=NAME-RESOLVE-ORDER] [-O|--socket-options=SOCKETOPTIONS] [-m|--max-protocol=MAXPROTOCOL] [-n|--netbiosname=NETBIOSNAME] [--netbios-scope=SCOPE] [-W|--workgroup=WORKGROUP] [--realm=REALM] [-U|--user=[DOMAIN/]USERNAME[%PASSWORD]] [-N|--no-pass] [--password=STRING] [--pw-nt-hash] [-A|--authentication-file=FILE] [-P|--machine-pass] [--simple-bind-dn=DN] [--use-kerberos=desired|required|off] [--use-krb5-ccache=CCACHE] [--use-winbind-ccache] [--client-protection=sign|encrypt|off]
DESCRIPTION¶
This tool is part of the samba(1) suite.
wspsearch is a simple utility to run Windows Search Protocol searches against a SMB server that has the WSP service enabled.
OPTIONS¶
server
sharename
--query
Basic (AQS) syntax is supported (See SEE ALSO). A query consists of a sequence of queries connected by AND, OR and NOT boolean operators. The query elements are essentially restrictions defined by a property. There are some limitations on the operators supported and some types of properties like enumerated ranges are not supported at all. Additionally syntactically range values are not delimited as specified by AQS (ranges are instead specified as value-value). Some special cases that you see in the windows search UI (for example sizes like 'tiny', 'small', 'large' etc.) are exceptions which are handled more or less as keywords. See EXAMPLES.
--search=phrase
--kind=KIND
--limit
-?|--help
--usage
-d|--debuglevel=DEBUGLEVEL
The higher this value, the more detail will be logged to the log files about the activities of the server. At level 0, only critical errors and serious warnings will be logged. Level 1 is a reasonable level for day-to-day running - it generates a small amount of information about operations carried out.
Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic.
Note that specifying this parameter here will override the log level parameter in the /etc/samba/smb.conf file.
--debug-stdout
--configfile=<configuration file>
--option=<name>=<value>
-l|--log-basename=logdirectory
--leak-report
--leak-report-full
-V|--version
-U|--user=[DOMAIN\]USERNAME[%PASSWORD]
If %PASSWORD is not specified, the user will be prompted. The client will first check the USER environment variable (which is also permitted to also contain the password separated by a %), then the LOGNAME variable (which is not permitted to contain a password) and if either exists, the value is used. If these environmental variables are not found, the username found in a Kerberos Credentials cache may be used.
A third option is to use a credentials file which contains the plaintext of the username and password. This option is mainly provided for scripts where the admin does not wish to pass the credentials on the command line or via environment variables. If this method is used, make certain that the permissions on the file restrict access from unwanted users. See the -A for more details.
Be cautious about including passwords in scripts or passing user-supplied values onto the command line. For security it is better to let the Samba client tool ask for the password if needed, or obtain the password once with kinit.
While Samba will attempt to scrub the password from the process title (as seen in ps), this is after startup and so is subject to a race.
-N|--no-pass
Unless a password is specified on the command line or this parameter is specified, the client will request a password.
If a password is specified on the command line and this option is also defined the password on the command line will be silently ignored and no password will be used.
--password
Be cautious about including passwords in scripts or passing user-supplied values onto the command line. For security it is better to let the Samba client tool ask for the password if needed, or obtain the password once with kinit.
If --password is not specified, the tool will check the PASSWD environment variable, followed by PASSWD_FD which is expected to contain an open file descriptor (FD) number.
Finally it will check PASSWD_FILE (containing a file path to be opened). The file should only contain the password. Make certain that the permissions on the file restrict access from unwanted users!
While Samba will attempt to scrub the password from the process title (as seen in ps), this is after startup and so is subject to a race.
--pw-nt-hash
-A|--authentication-file=filename
username = <value> password = <value> domain = <value>
Make certain that the permissions on the file restrict access from unwanted users!
-P|--machine-pass
--simple-bind-dn=DN
--use-kerberos=desired|required|off
Note that specifying this parameter here will override the client use kerberos parameter in the /etc/samba/smb.conf file.
--use-krb5-ccache=CCACHE
This will set --use-kerberos=required too.
--use-winbind-ccache
--client-protection=sign|encrypt|off
Note that specifying this parameter here will override the client protection parameter in the /etc/samba/smb.conf file.
In case you need more fine grained control you can use: --option=clientsmbencrypt=OPTION, --option=clientipcsigning=OPTION, --option=clientsigning=OPTION.
EXAMPLES¶
Search using a basic phrase:
'wspsearch -Usomeuser%password //server/share --phrase="cats"'
Search using an AQS like query for a picture whose name starts with p403 or p404:
'wspsearch -Usomeuser%password //server/share --query="ALL:$<p403 OR ALL:$<p404 AND System.Kind:picture"'
SEE ALSO¶
Adanced Query Syntax https://learn.microsoft.com/en-gb/windows/win32/search/-search-3x-advancedquerysyntax
VERSION¶
This man page is part of version 4.21.1-git.372.cb50f2d0a68SUSE-oS16.9-x86_64 of the Samba suite.
AUTHOR¶
The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.
The wspsearch manpage was written by Noel Power.
10/31/2024 | Samba 4.21.1-git.372.cb50f2d0a6 |