 |
Vanstechelman.eu | |
|
|
Navigation
My posts on Twitter
- lvanstechelman: OWASP Top 10 for .NET developers part 9: Insufficient Transport Layer Protection http://t.co/oFDY8lgJ
- lvanstechelman: RT @PortSwigger: Burp Suite Pro v1.4.03 released - CSRF generator, in-proxy comments, SSL strip and more - http://t.co/aDUiGdZV
- lvanstechelman: Burp Suite Professional - released v1.4.03 http://t.co/JBmBEhrg
- lvanstechelman: Free webinar: ISO 27001 ISMS implementation process http://t.co/fzbpzqvx
- lvanstechelman: Microsoft November 2011 Black Tuesday Overview http://t.co/UPMaq1Q8
Scanning for SNMP services with default community strings
You can use the following commands to scan a netblock for the presence of systems with an SNMP service which still use the community strings "public" and/or "private".
nmap -P0 -v -sU -p 161 -oA snmp_scan 192.168.0.1/24
for i in *.gnmap
do
for j in $(grep ‘161/open/’ $i | awk ‘{ print $2 }’)
do
echo $j
snmpwalk -v2c -c public $j &> snmpwalk_${j}_public.txt
if [ "$?" = "0" ]; then echo "$j accepts SNMP community string public"; fi
snmpwalk -v2c -c private $j &> snmpwalk_${j}_private.txt
if [ "$?" = "0" ]; then echo "$j accepts SNMP community string private"; fi
done
done
for i in *.gnmap
do
for j in $(grep ‘161/open/’ $i | awk ‘{ print $2 }’)
do
echo $j
snmpwalk -v2c -c public $j &> snmpwalk_${j}_public.txt
if [ "$?" = "0" ]; then echo "$j accepts SNMP community string public"; fi
snmpwalk -v2c -c private $j &> snmpwalk_${j}_private.txt
if [ "$?" = "0" ]; then echo "$j accepts SNMP community string private"; fi
done
done