Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: nmap snmp scanning
From: Duarte Silva <duarte.silva () serializing me>
Date: Sun, 18 Dec 2011 18:19:55 +0000


this is a very intial rewrite of the snmp-brute.nse script. As such, it 
needs loads of testing. Some stuff is still missing but I wanted some feedback.

Duarte Silva

On Sunday 11 December 2011 20:29:07 Patrik Karlsson wrote:
On Sun, Dec 11, 2011 at 6:59 PM, Duarte Silva

<duarte.silva () serializing me>wrote:
On Tuesday 06 December 2011 19:59:34 Patrik Karlsson wrote:
If it can wait for the weekend, I will look into it.

Duarte Silva


Thanks Duarte, sounds good to me. What I saw during my brief look
* nmap.fetchfile is used (limits the location of the communityfile)
* the result from nmap.fetchfile isn't checked
* there's no good way to return an error back to the action
function, if the file wasn't found



I had a look at the script and I have some doubts about it. If the user
not supply the snmpcommunity (ant it isn't defined in the nmap.registry)
script will not run. But the script allows the user to supply a file
with a list of community strings to try out. Weird to say the least =P

If I ain't missing something I should remove that restriction and make
like, "supply a community string or a file containing community strings,
otherwize I will use my own file"?

Duarte Silva

Hi Duarte,

The snmpcommunity registry thing looks strange, not sure why it's there,
but it seems to be the other way around, if it's defined, the script won't
run. I couldn't find any other scripts making use of that registry value,
so I guess that check could be removed.

I think your assessment is right, first check for a list of communities,
either as a string or file and then fallback to the default list. I had a
quick look over the script again and it currently works like this:
* if the passdb argument is supplied, this file is used as the community
* it then tries an alternative file supplied with the argument snmplist
* if the above two arguments are not used, it falls back to the file

The problems I see are:
* if the files supplied by snmplist or passdb fail to open, the script
silently fails
* the script uses nmap.fetchfile for the snmplist file, which requires the
file to reside within nmap's directory structure


Attachment: snmp-brute.patch

Attachment: smime.p7s

Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]