Usage Tips:
- Click on a keyword to enable inline editing.
- Click inside a code block to copy (excludes comments).
- Use the button to view examples.
- Click outside to collapse all examples.
Bruteforce commmuity string
# Brute force community string for snmpwalk use
onesixtyone <TARGET> -c /usr/share/doc/onesixtyone/dict.txt
Sample Output:
$ onesixtyone 10.10.11.248 -c /usr/share/doc/onesixtyone/dict.txt
Scanning 1 hosts, 50 communities
10.10.11.248 [public] Linux monitored 5.10.0-28-amd64 #1 SMP Debian 5.10.209-2 (2024-01-31) x86_64
Ref: onesixtyone
# Brute force community string (Check also SNMPv2)
python3 snmpbrute.py -t <TARGET>
Sample Output:
$ python3 snmpbrute.py -t 10.10.11.248
_____ _ ____ _______ ____ __
/ ___// | / / |/ / __ \ / __ )_______ __/ /____
\__ \/ |/ / /|_/ / /_/ / / __ / ___/ / / / __/ _ \
___/ / /| / / / / ____/ / /_/ / / / /_/ / /_/ __/
/____/_/ |_/_/ /_/_/ /_____/_/ \__,_/\__/\___/
SNMP Bruteforce & Enumeration Script v2.0
http://www.secforce.com / nikos.vassakis <at> secforce.com
###############################################################
...[SNIP]...
Identified Community strings
0) 10.10.11.248 public (v1)(RO)
1) 10.10.11.248 public (v2c)(RO)
2) 10.10.11.248 public (v1)(RO)
3) 10.10.11.248 public (v2c)(RO)
Select Community to Enumerate [0]:
Ref: snmpbrute.py
Tools
# Install
sudo apt install snmp
Sample Output:
TO-DO# Install Add-on for better result readability
sudo apt install snmp-mibs-downloader
Sample Output:
TO-DO# Comment out this line in /etc/snmp/snmp.conf
# mibs :
# Uncomment this line in /etc/snmp/snmp.conf
mibdirs /usr/share/snmp/mibs:/usr/share/snmp/mibs/iana:/usr/share/snmp/mibs/ietf
Sample Output:
TO-DOBasic Commands
snmpwalk -v1 -c public <TARGET> | tee snmpwalk_result
Sample Output:
$ snmpwalk -v1 -c public 10.10.11.248 | tee snmpwalk_result
SNMPv2-MIB::sysDescr.0 = STRING: Linux monitored 5.10.0-28-amd64 #1 SMP Debian 5.10.209-2 (2024-01-31) x86_64
SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (33245) 0:05:32.45
SNMPv2-MIB::sysContact.0 = STRING: Me <root@monitored.htb>
SNMPv2-MIB::sysName.0 = STRING: monitored
...[SNIP]...
snmpwalk -v2c -c public <TARGET> | tee snmpwalk_result
Sample Output:
$ snmpwalk -v2c -c public 10.10.11.248 | tee snmpwalk_result
SNMPv2-MIB::sysDescr.0 = STRING: Linux monitored 5.10.0-28-amd64 #1 SMP Debian 5.10.209-2 (2024-01-31) x86_64
SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (61445) 0:10:14.45
SNMPv2-MIB::sysContact.0 = STRING: Me <root@monitored.htb>
SNMPv2-MIB::sysName.0 = STRING: monitored
...[SNIP]...
# Query specific OID, e.g, ipAddressIfIndex.ipv6
snmpwalk -v2c -c public <TARGET> ipAddressIfIndex.ipv6
Sample Output:
$ snmpwalk -v2c -c public 10.10.11.248 ipAddressIfIndex.ipv6
IP-MIB::ipAddressIfIndex.ipv6."00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:01" = INTEGER: 1
IP-MIB::ipAddressIfIndex.ipv6."fe:80:00:00:00:00:00:00:02:50:56:ff:fe:b9:b0:de" = INTEGER: 2
# Multithreads, much faster
snmpbulkwalk -C r10 -c public -v2c <TARGET>
Sample Output:
snmpbulkwalk -C r10 -c public -v 2c 10.10.11.248
SNMPv2-MIB::sysDescr.0 = STRING: Linux monitored 5.10.0-28-amd64 #1 SMP Debian 5.10.209-2 (2024-01-31) x86_64
SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (99347) 0:16:33.47
SNMPv2-MIB::sysContact.0 = STRING: Me <root@monitored.htb>
SNMPv2-MIB::sysName.0 = STRING: monitored
...[SNIP]...