Scan Intranet for Windows PCs missing MS17-010 / WannaCry / NSA ETERNALBLUE patches

So you have used all you tricks to get MS17-010 fix deployed but how to confirm that every forgotten PC on your network is actually patched?

We'll scan our intranet using Metasploit checking for this particular vulnerability. PCs with local firewall blocking SMB traffic will be missed, but those are not exploitable anyway due same firewall.

I'll keep this short.

- Install virtual machine with Ubuntu 16.04 Server: http://releases.ubuntu.com/16.04/ubuntu-16.04.2-server-amd64.iso

- You can use defaults during install but it's recommended to enable OpenSSH Server for remote access over LAN

- After install is complete login using account you created during install

- Switch to root

   sudo su -

- Apply latest bugfixes and reboot 

   apt-get update && apt-get -y dist-upgrade && reboot

- After reboot login and switch to root

   sudo su -

- Install latest Metasploit nightly

   cd /tmp

   wget -O msfinstall https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb

   chmod a+x msfinstall

   ./msfinstall

- After install is complete launch Metasploit

   msfconsole

- Select module, set IP subnet to scan, number of parallel connections and GO

   use auxiliary/scanner/smb/smb_ms17_010

   set RHOSTS 10.0.0.0/24

   set THREADS 30

   run

And that's about it. You'll soon know how vulnerable you still are.

[-] 10.0.0.54:445        - Host does NOT appear vulnerable.

[-] 10.0.0.10:445        - Host does NOT appear vulnerable.

[+] 10.0.0.92:445        - Host is likely VULNERABLE to MS17-010!  (Windows Server 2008 R2 Standard 7601 Service Pack 1)

[-] 10.0.0.100:445       - Host does NOT appear vulnerable.

[-] 10.0.0.250:445       - Host does NOT appear vulnerable.

P.S. To save Metasploit output to file use command "spool /root/mylog.txt" before typing "run".