Re: nmap snmp scanning

[David Fifield <david () bamsoftware com>]

On Tue, Nov 29, 2011 at 07:53:43AM -0500, Kent Hundley wrote:
> I am trying to run an nmap SNMP scan to do the following:
>
> 1) scan a range of IP's and tell me if the device responds to any of
> a list of supplied SNMP community strings
> 2) report which of the available community strings the device responded to
>
> I have read the online docs and tried using the syntax of the
> provided examples but I cannot seem to get nmap to report which of
> an available list of snmp strings a device is using. It reports that
> SNMP is open, but it never tells me which snmp string is in use. Is
> this possible with nmap and can someone give me an example of the
> syntax required if it is?

It sounds like what you want is the snmp-brute script:

http://nmap.org/nsedoc/scripts/snmp-brute.html

A usage example is:

nmap -sU -p161 --script snmp-brute --script-args snmplist=community.lst <target>

community.lst is a file containing the community names you want to try.
You can leave that argument off to use the default list.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/