Eternal Blues – Versions & Reporting


Version Date Size Notes SHA-256 (latest) July 25, 2017 886 KB Increased timeout (for slow networks)

Removed “Are you sure” button before exit

7f5f447fe870449a8245e7abc19b9f4071095e02813d5f42c622add56da15b8b July 10, 2017 1.43 MB Added host name column for better analysis 21cc36e60e661613f0c05e73b9496bf2d456931686b0693112842d91d7e64e78 July 6, 2017 1.43 MB Some GUI fixes 7a08f7010402e2813830c77be1e992f6193f5c1ea97b76fbe706c2090ba66cb3 July 3, 2017 1.42 MB Some GUI fixes 1e6fc5078edd00a8ecedcbd2e2054a769610bfacce81b22f1285a7e14dbeacb0 July 2, 2017 1.42MB Vulnerability detection fix 952feb69a311e0a7602b65b0e981364bc2f0d79bb7af79ea342234c28b6df099 June 29, 2017 1.42MB First versions N/A

Privacy & Reporting

Anonymous statistics are being sent to every time Eternal Blues starts a scan or when it is finished. Your privacy is a top concern of mine.

Below described the information being collected  (each new version includes all the previous collected data) –

    • Eternal Blues version
    • Random ID
      • Generated with each new launch of the application. It is used for my own debugging – to see if a scan started but did not end (or ended with different number of hosts). Launching twice by the same user/host will result with a different random number
    • # of scanned IPs
    • # of vulnerable IPs
    • # of responsive IPs
  • and later
    • # of IPs with SMBv1 enabled

Some other metadata is being appended by default with Google Analytics, like time of scan & country.

I don’t know about your IP, don’t care about it and frankly, quite glad not to know anything about it in order to completely eliminate any unnecessary privacy/legal issues.

What’s not being collected?

User names, host names, IP addresses, domain name. It is really none of my interest.
Two scans taken by the same user & computer cannot be correlated (the only common data is the fact they share the same country)

Why collecting data at all?

Understanding how the world’s EternalBlue vulnerability (and SMBv1) posture really looks like, is a great interest to me and actually to many more in the cyber security ecosystem. I doubt if anyone has good visibility for that. Not sure even if Microsoft really knows the average ratio of hosts with SMBv1 enabled in a standard network is.

Stats are coming soon.
July 10 teaser: More than 7 million IPs were scanned so far. PowerBI is coming…

Here they are 😉

2 thoughts on “Eternal Blues – Versions & Reporting”

  1. This is great stats! Two questions:
    1. Do you determine a host is vulnerable if it has SMBv1 enabled *and* not patched with the latest Microsoft updates that addressed the EternalBlue vulns?

    2. Does your tool collect OS versions of the scanned machines? If yes, would you please publish the OS version data?


Leave a Reply

Your email address will not be published.