Nmap Development mailing list archives
Re: nmap snmp scanning
From: Kent Hundley <khundley () opnet com>
Date: Tue, 06 Dec 2011 10:20:55 -0500
David,Thanks much, you hit the nail on the head. For some reason, nmap was not using the file I was supplying with the snmp community strings. I tried using the snmp-brute script option and I noticed that if I supplied the snmpcommunities file option, nmap kept just using some default values. Looking at the snmp-brute.nse file, I found a section that specified a list of default communities to use and just substituted the string I wanted for one of the defaults and lo and behold the scan told me which string was in use.
After trying this I then went back and re-created the snmpcommunities.lst file in the root of the nmap dir and suddenly it started working. I'm not sure what the issue was originally, but its working now. For completeness and to help anyone else who has this issue, here is the exact command that is working now, the "snmpcommunities.lst" file is in the same dir as the nmap.exe (this is on Windows BTW):
C:\Program Files (x86)\Nmap>type snmpcommunities.lst testC:\Program Files (x86)\Nmap>nmap -sU -p161 --script snmp-brute 192.168.200.2 --s
cript-args snmplist=snmpcommunities.lstStarting Nmap 5.51 ( http://nmap.org ) at 2011-12-06 09:42 Eastern Standard Time
Nmap scan report for 192.168.200.2 Host is up (0.012s latency). PORT STATE SERVICE 161/udp open snmp |_snmp-brute: test MAC Address: CC:02:1B:80:00:00 (Unknown) Nmap done: 1 IP address (1 host up) scanned in 2.35 seconds C:\Program Files (x86)\Nmap> Thanks, Kent On 12/5/2011 12:21 PM, David Fifield wrote:
On Mon, Dec 05, 2011 at 11:58:42AM -0500, Kent Hundley wrote:David, Thanks for your response, but this doesn't seem to resolve my issue. If I run that command, it will tell me that the SNMP port is open, but it doesn't tell me which of the available SNMP strings a given device is using (I have 3 possible strings in community.lst). The command and output are below. I tried putting the community.lst file in the same dir as the nmap exe as well as in the nselib/data dir where the other lst files are located. Interestingly, I get the exact same response if I put a single bogus entry in the community.lst file or even if I run the command without the snmp-brute option at all. Its as if nmap is not reading the community file at all. D:\Program Files (x86)\Nmap>nmap -sU -p161 --script snmp-brute --script-args snmplist=community.lst 10.x.y.z Starting Nmap 5.51 ( http://nmap.org ) at 2011-12-05 16:46 GMT Standard Time Nmap scan report for 10.x.y.z Host is up (0.80s latency). PORT STATE SERVICE 161/udp open snmp Nmap done: 1 IP address (1 host up) scanned in 8.52 secondsTry using the -d and --script-trace options. You may want to read some more about how the script engine works at http://nmap.org/book/nse.html. It's possible that the device is using none of the community strings in community.lst. --script-trace will reveal what is going on. David Fifield
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- nmap snmp scanning Kent Hundley (Nov 29)
- Re: nmap snmp scanning David Fifield (Dec 01)
- Re: nmap snmp scanning Kent Hundley (Dec 05)
- Re: nmap snmp scanning David Fifield (Dec 05)
- Re: nmap snmp scanning Kent Hundley (Dec 06)
- Re: nmap snmp scanning Patrik Karlsson (Dec 06)
- Re: nmap snmp scanning Duarte Silva (Dec 06)
- Re: nmap snmp scanning Patrik Karlsson (Dec 06)
- Re: nmap snmp scanning Duarte Silva (Dec 11)
- Re: nmap snmp scanning Patrik Karlsson (Dec 11)
- Re: nmap snmp scanning Duarte Silva (Dec 18)
- Re: nmap snmp scanning Patrik Karlsson (Dec 19)
- Re: nmap snmp scanning Duarte Silva (Dec 20)
- Re: nmap snmp scanning Patrik Karlsson (Dec 20)
- Re: nmap snmp scanning Duarte Silva (Dec 21)
- Re: nmap snmp scanning Kent Hundley (Dec 05)
- Re: nmap snmp scanning David Fifield (Dec 01)