Another interesting property enum4linux-ng could show is the status of SMB signing. Whether it is enabled/disabled and optional/required.

This is good to know because without required SMB signing, NTLM relaying attacks could be possible.

Nmap contains a script that can check that: smb2-security-mode.nse

Have a look at the dev branch. I added something which checks whether signing is required or not (it also does some SMB dialect checks).

Regarding the "enabled" check I'm a bit confused. Microsoft says:

The EnableSecuritySignature registry setting for SMB2+ client and SMB2+ server is ignored. Therefore, this setting does nothing unless you're using SMB1. SMB2 signing is controlled solely by being required or not. This setting is used when either the server or client requires SMB signing. Only if both have signing set to 0 will signing not occur.

If I understood that correct, you can't disable SMB2 signing, but you can for SMB1, by not enabling it. Since the NSE script does only seem to check SMB2 I wonder if the enabled check is even needed, because the client (nmap) can decide to enable signing or not.

Nice, looks good. But it seems the result is not shown to the user at the moment.

Your conclusion about enabled/required for SMB2 sounds reasonable. I'm not an expert in Microsoft specifications but I assume this is correct. Good to know :)

It should look like that:

Edit: That is the version from the dev branch. You can get it via git checkout dev.

Yes you are right. I did an editable install via pip before switching branches. Turns out it's not that editable in this case :D (EDIT: ah, because setup.py copies the whole script file. That is a bit unusual but explains my mistake)

Thank you!

Glad it works. :) If you are happy with this solution, I would close that issue.

Yes, please merge to master and close this issue 👍

Will do.