Re: nmap snmp scanning

[David Fifield <david () bamsoftware com>]

On Mon, Dec 05, 2011 at 11:58:42AM -0500, Kent Hundley wrote:
> David,
>
> Thanks for your response, but this doesn't seem to resolve my issue.
> If I run that command, it will tell me that the SNMP port is open,
> but it doesn't tell me which of the available SNMP strings a given
> device is using (I have 3 possible strings in community.lst).
>
> The command and output are below. I tried putting the community.lst
> file in the same dir as the nmap exe as well as in the nselib/data
> dir where the other lst files are located. Interestingly, I get the
> exact same response if I put a single bogus entry in the
> community.lst file or even if I run the command without the
> snmp-brute option at all. Its as if nmap is not reading the
> community file at all.
>
> D:\Program Files (x86)\Nmap>nmap -sU -p161 --script snmp-brute
> --script-args snmplist=community.lst 10.x.y.z
>
> Starting Nmap 5.51 ( http://nmap.org ) at 2011-12-05 16:46 GMT Standard Time
> Nmap scan report for 10.x.y.z
> Host is up (0.80s latency).
> PORT    STATE SERVICE
> 161/udp open  snmp
>
> Nmap done: 1 IP address (1 host up) scanned in 8.52 seconds

Try using the -d and --script-trace options. You may want to read some
more about how the script engine works at http://nmap.org/book/nse.html.

It's possible that the device is using none of the community strings in
community.lst. --script-trace will reveal what is going on.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/