mailing list archives
Re: nmap snmp scanning
From: Duarte Silva <duarte.silva () serializing me>
Date: Tue, 6 Dec 2011 18:04:24 +0000
On Tuesday 06 December 2011 17:49:59 Patrik Karlsson wrote:
On Tue, Dec 6, 2011 at 4:20 PM, Kent Hundley <khundley () opnet com> wrote:
Thanks much, you hit the nail on the head. For some reason, nmap was not
using the file I was supplying with the snmp community strings. I tried
using the snmp-brute script option and I noticed that if I supplied the
snmpcommunities file option, nmap kept just using some default values.
Looking at the snmp-brute.nse file, I found a section that specified a
list of default communities to use and just substituted the string I
wanted for one of the defaults and lo and behold the scan told me which
string was in use.
After trying this I then went back and re-created the snmpcommunities.lst
file in the root of the nmap dir and suddenly it started working. I'm not
sure what the issue was originally, but its working now. For completeness
and to help anyone else who has this issue, here is the exact command
that is working now, the "snmpcommunities.lst" file is in the same dir
as the nmap.exe (this is on Windows BTW):
C:\Program Files (x86)\Nmap>type snmpcommunities.lst
C:\Program Files (x86)\Nmap>nmap -sU -p161 --script snmp-brute
Starting Nmap 5.51 ( http://nmap.org ) at 2011-12-06 09:42 Eastern
Nmap scan report for 192.168.200.2
Host is up (0.012s latency).
PORT STATE SERVICE
161/udp open snmp
MAC Address: CC:02:1B:80:00:00 (Unknown)
Nmap done: 1 IP address (1 host up) scanned in 2.35 seconds
C:\Program Files (x86)\Nmap>
Thanks for this write-up, it lead me to looking into the snmp-brute script.
There's actually a bug in the script that doesn't allow the file containing
the list of communities to reside outside of nmap's directory
structure. Also, the script fails to properly check and report back if it
did not successfully open the file, making it a bit difficult to track down
If someone has the time to look into this please do and let the list know,
otherwise I will, eventually.
If it can wait for the weekend, I will look into it.
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/