Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: nmap snmp scanning
From: Patrik Karlsson <patrik () cqure net>
Date: Tue, 6 Dec 2011 18:49:59 +0100

On Tue, Dec 6, 2011 at 4:20 PM, Kent Hundley <khundley () opnet com> wrote:


Thanks much, you hit the nail on the head. For some reason, nmap was not
using the file I was supplying with the snmp community strings. I tried
using the snmp-brute script option and I noticed that if I supplied the
snmpcommunities file option, nmap kept just using some default values.
Looking at the snmp-brute.nse file, I found a section that specified a list
of default communities to use and just substituted the string I wanted for
one of the defaults and lo and behold the scan told me which string was in

After trying this I then went back and re-created the snmpcommunities.lst
file in the root of the nmap dir and suddenly it started working. I'm not
sure what the issue was originally, but its working now. For completeness
and to help anyone else who has this issue, here is the exact command that
is working now, the "snmpcommunities.lst" file is in the same dir as the
nmap.exe (this is on Windows BTW):

C:\Program Files (x86)\Nmap>type snmpcommunities.lst

C:\Program Files (x86)\Nmap>nmap -sU -p161 --script snmp-brute --s
cript-args snmplist=snmpcommunities.lst

Starting Nmap 5.51 ( http://nmap.org ) at 2011-12-06 09:42 Eastern
Standard Time

Nmap scan report for
Host is up (0.012s latency).

161/udp open  snmp
|_snmp-brute: test
MAC Address: CC:02:1B:80:00:00 (Unknown)

Nmap done: 1 IP address (1 host up) scanned in 2.35 seconds

C:\Program Files (x86)\Nmap>


Hi Kent,

Thanks for this write-up, it lead me to looking into the snmp-brute script.
There's actually a bug in the script that doesn't allow the file containing
the list of communities to reside outside of nmap's directory
structure. Also, the script fails to properly check and report back if it
did not successfully open the file, making it a bit difficult to track down
this bug.

If someone has the time to look into this please do and let the list know,
otherwise I will, eventually.

Patrik Karlsson
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]