Versions
| Version | Date | Size | Notes | SHA-256 |
|---|---|---|---|---|
| 0.0.0.9 (latest) | July 25, 2017 | 886 KB | Increased timeout (for slow networks)
Removed “Are you sure” button before exit |
7f5f447fe870449a8245e7abc19b9f4071095e02813d5f42c622add56da15b8b |
| 0.0.0.8 | July 10, 2017 | 1.43 MB | Added host name column for better analysis | 21cc36e60e661613f0c05e73b9496bf2d456931686b0693112842d91d7e64e78 |
| 0.0.0.7 | July 6, 2017 | 1.43 MB | Some GUI fixes | 7a08f7010402e2813830c77be1e992f6193f5c1ea97b76fbe706c2090ba66cb3 |
| 0.0.0.6 | July 3, 2017 | 1.42 MB | Some GUI fixes | 1e6fc5078edd00a8ecedcbd2e2054a769610bfacce81b22f1285a7e14dbeacb0 |
| 0.0.0.5 | July 2, 2017 | 1.42MB | Vulnerability detection fix | 952feb69a311e0a7602b65b0e981364bc2f0d79bb7af79ea342234c28b6df099 |
| 0.0.0.1-0.0.0.4 | June 29, 2017 | 1.42MB | First versions | N/A |
Privacy & Reporting
Anonymous statistics are being sent to omerez.com every time Eternal Blues starts a scan or when it is finished. Your privacy is a top concern of mine.
Below described the information being collected (each new version includes all the previous collected data) –
- 0.0.0.1-0.0.0.4
- Eternal Blues version
- Random ID
- Generated with each new launch of the application. It is used for my own debugging – to see if a scan started but did not end (or ended with different number of hosts). Launching twice by the same user/host will result with a different random number
- # of scanned IPs
- # of vulnerable IPs
- 0.0.0.5
- # of responsive IPs
- 0.0.0.6 and later
- # of IPs with SMBv1 enabled
Some other metadata is being appended by default with Google Analytics, like time of scan & country.
I don’t know about your IP, don’t care about it and frankly, quite glad not to know anything about it in order to completely eliminate any unnecessary privacy/legal issues.
What’s not being collected?
User names, host names, IP addresses, domain name. It is really none of my interest.
Two scans taken by the same user & computer cannot be correlated (the only common data is the fact they share the same country)
Why collecting data at all?
Understanding how the world’s EternalBlue vulnerability (and SMBv1) posture really looks like, is a great interest to me and actually to many more in the cyber security ecosystem. I doubt if anyone has good visibility for that. Not sure even if Microsoft really knows the average ratio of hosts with SMBv1 enabled in a standard network is.
Stats are coming soon.
July 10 teaser: More than 7 million IPs were scanned so far. PowerBI is coming…
This is great stats! Two questions:
1. Do you determine a host is vulnerable if it has SMBv1 enabled *and* not patched with the latest Microsoft updates that addressed the EternalBlue vulns?
2. Does your tool collect OS versions of the scanned machines? If yes, would you please publish the OS version data?
Thx!
1. Sort of. The tool is taking the required SMB (crafted) requests in order to find a vulnerable host. See detailed explanation in Eternal Blues – Day 4 (important update) (under “How this tool works“)?
2. Nope. Moreover, host names are checked and presented in the GUI, but are not being reported back to me