Nmap Development mailing list archives
Re: nmap snmp scanning
From: Patrik Karlsson <patrik () cqure net>
Date: Tue, 6 Dec 2011 18:49:59 +0100
On Tue, Dec 6, 2011 at 4:20 PM, Kent Hundley <khundley () opnet com> wrote:
David, Thanks much, you hit the nail on the head. For some reason, nmap was not using the file I was supplying with the snmp community strings. I tried using the snmp-brute script option and I noticed that if I supplied the snmpcommunities file option, nmap kept just using some default values. Looking at the snmp-brute.nse file, I found a section that specified a list of default communities to use and just substituted the string I wanted for one of the defaults and lo and behold the scan told me which string was in use. After trying this I then went back and re-created the snmpcommunities.lst file in the root of the nmap dir and suddenly it started working. I'm not sure what the issue was originally, but its working now. For completeness and to help anyone else who has this issue, here is the exact command that is working now, the "snmpcommunities.lst" file is in the same dir as the nmap.exe (this is on Windows BTW): C:\Program Files (x86)\Nmap>type snmpcommunities.lst test C:\Program Files (x86)\Nmap>nmap -sU -p161 --script snmp-brute 192.168.200.2 --s cript-args snmplist=snmpcommunities.lst Starting Nmap 5.51 ( http://nmap.org ) at 2011-12-06 09:42 Eastern Standard Time Nmap scan report for 192.168.200.2 Host is up (0.012s latency). PORT STATE SERVICE 161/udp open snmp |_snmp-brute: test MAC Address: CC:02:1B:80:00:00 (Unknown) Nmap done: 1 IP address (1 host up) scanned in 2.35 seconds C:\Program Files (x86)\Nmap> Thanks, Kent
Hi Kent, Thanks for this write-up, it lead me to looking into the snmp-brute script. There's actually a bug in the script that doesn't allow the file containing the list of communities to reside outside of nmap's directory structure. Also, the script fails to properly check and report back if it did not successfully open the file, making it a bit difficult to track down this bug. If someone has the time to look into this please do and let the list know, otherwise I will, eventually. Cheers, Patrik -- Patrik Karlsson http://www.cqure.net http://twitter.com/nevdull77 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- nmap snmp scanning Kent Hundley (Nov 29)
- Re: nmap snmp scanning David Fifield (Dec 01)
- Re: nmap snmp scanning Kent Hundley (Dec 05)
- Re: nmap snmp scanning David Fifield (Dec 05)
- Re: nmap snmp scanning Kent Hundley (Dec 06)
- Re: nmap snmp scanning Patrik Karlsson (Dec 06)
- Re: nmap snmp scanning Duarte Silva (Dec 06)
- Re: nmap snmp scanning Patrik Karlsson (Dec 06)
- Re: nmap snmp scanning Duarte Silva (Dec 11)
- Re: nmap snmp scanning Patrik Karlsson (Dec 11)
- Re: nmap snmp scanning Duarte Silva (Dec 18)
- Re: nmap snmp scanning Patrik Karlsson (Dec 19)
- Re: nmap snmp scanning Duarte Silva (Dec 20)
- Re: nmap snmp scanning Patrik Karlsson (Dec 20)
- Re: nmap snmp scanning Duarte Silva (Dec 21)
- Re: nmap snmp scanning Duarte Silva (Dec 25)
- Re: nmap snmp scanning Kent Hundley (Dec 05)
- Re: nmap snmp scanning David Fifield (Dec 01)