Samba

Basic scanning

nmap -T4 -A -p 445 --script=smb-\* 203.125.181.78 -Pn

List drives with read/write attributes

smbmap -H <ip>
smbmap -H <ip> -u <user> -p <pass>

Way more useful things can be done with crackmapexec, read help.

crackmapexec smb <ip> -u '' -p '' -d <domain, optionnal> --shares

Gather more information and potentially some users

enum4linux <ip>

In case of authentification, brute force a user with a dictionnary

python smbrute.py -h <ip> -u <user> -P <password_dict> -f <share_name>