nmap -p445 10.64.2.12 --script smb-security-mode.nse


nmap: 

Execute open source scanning tool used to monitor network and security


-p445:

Designate port 445.

Port 445 is default port which Microsoft Windows use for file and print sharing service.


--script smb-security-mode.nse:

Execute smb-security-mode.nse which is specific diagnosis  script using Nmap scripting engine(NSE)


=> This command verifys whether port 445 is open and monitor the level of SMB service's enciphering .

1) Account Lvl Auth:

You can check whether specific account verification is needed when user access resources.

2) Message Signing:

You can check whether 'packet signing' is enabled or required.

The serve is vulnerable to SMB Relay attack that attacker steal packet on the middle, if message signing is disabled or supported.