Nmap Development mailing list archives

Re: [SCRIPT] snmpenum.nse

From: William <william.njuguna () gmail com>
Date: Thu, 25 Feb 2010 09:53:18 +0300

Sorry for the delayed response. My idea was to use the script to reveal
more info about network devices. Think about a scenario where other
ports are filtered but snmp is not. The tcpports output would reveal
open tcp ports, nexthop output would return the gateway for each network
for multihomed devices.

On Mon, 2010-01-18 at 12:20 -0700, David Fifield wrote:

On Wed, Dec 30, 2009 at 09:24:37PM +0300, William wrote:

Here's a script that walks the selected subtree and prints out info
discovered. If the 'subtree' argument is not specified, results from the
system subtree are returned.

Feedback will be appreciated.


Can you tell us more about what the script does? I don't know much about
SNMP. What is this first example telling us?

nmap -P0 -n -sU -sC -p161 192.168.2.2 --script-args="subtree=ipaddr"

PORT    STATE SERVICE
161/udp open  snmp
| snmpenum:  
|   1.3.6.1.2.1.4.20.1.1.10.35.60.10: 10.35.60.10
|   1.3.6.1.2.1.4.20.1.1.192.168.180.9: 192.168.180.9
|   1.3.6.1.2.1.4.20.1.1.192.168.2.2: 192.168.2.2
|   1.3.6.1.2.1.4.20.1.1.192.168.185.246: 192.168.185.246
|_  1.3.6.1.2.1.4.20.1.1.192.168.118.61: 192.168.118.61

This is the output of walking the ip subtree (1.3.6.1.2.1.4.20.1.1) and
reveals additional IPs configured on this particular device.

In this example, is there any way to find out what the OID
1.3.6.1.2.1.1.*.0 mean?

---
-- @output
-- | snmpwalk:  
-- |   1.3.6.1.2.1.1.1.0: D-link Corp. Access Point
-- |   1.3.6.1.2.1.1.2.0: 1.3.6.1.4.1.129.43.10.37.15
-- |   1.3.6.1.2.1.1.3.0: 452533
-- |   1.3.6.1.2.1.1.4.0: 
-- |   1.3.6.1.2.1.1.5.0: D-link Corp. Access Point
-- |   1.3.6.1.2.1.1.6.0: 
-- |_  1.3.6.1.2.1.1.7.0: 64


What does the output for nexthop and tcpports look like? What do you see
the script being used for?


I still haven't figured out the best way to print out symbolic notations
instead of OIDs.

Here the tcpports output shows that port 23 and 80 are open.

nmap -n -p161 -sU -sC 192.168.2.2 --script-args="subtree=tcpports"

Starting Nmap 5.10BETA1 ( http://nmap.org ) at 2010-02-21 23:01 EAT
Nmap scan report for 192.168.1.50
Host is up (0.0044s latency).
PORT    STATE SERVICE
161/udp open  snmp
| snmpenum:  
|   1.3.6.1.2.1.6.13.1.3.0.0.0.0.23.0.0.0.0.0: 23
|_  1.3.6.1.2.1.6.13.1.3.0.0.0.0.80.0.0.0.0.0: 80


-- 
Regards,
William Njuguna.

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Re: [SCRIPT] snmpenum.nse David Fifield (Jan 18)
- Re: [SCRIPT] snmpenum.nse William (Feb 24)
  - Re: [SCRIPT] snmpenum.nse David Fifield (Mar 03)