SNMP Brute

SNMP brute force, enumeration, CISCO config downloader and password cracking script. Listens for any responses to the brute force community strings, effectively minimising wait time.

Requirements

• metasploit
• snmpwalk
• snmpstat
• john the ripper

Usage

python snmp-brute.py -t [IP]

Options

--help, -h show this help message and exit

--file=DICTIONARY, -f DICTIONARY Dictionary file

--target=IP, -t IP Host IP

--port=PORT, -p PORT SNMP port

Advanced

--rate=RATE, -r RATE Send rate

--timeout=TIMEOUT Wait time for UDP response (in seconds)

--delay=DELAY Wait time after all packets are send (in seconds)

--iplist=LFILE IP list file

--verbose, -v Verbose output

Automation

--bruteonly, -b Do not try to enumerate - only bruteforce

--auto, -a Non Interactive Mode

--no-colours No colour output

Operating Systems

--windows Enumerate Windows OIDs (snmpenum.pl)

--linux Enumerate Linux OIDs (snmpenum.pl)

--cisco Append extra Cisco OIDs (snmpenum.pl)

Alternative Options

--stdin, -s Read communities from stdin

--community=COMMUNITY, -c COMMUNITY Single Community String to use

--sploitego Sploitego's bruteforce method

Features

• Brute forces both version 1 and version 2c SNMP community strings
• Enumerates information for CISCO devices or if specified for Linux and Windows operating systems.
• Identifies RW community strings
• Tries to download the router config (metasploit module).
• If the CISCO config file is downloaded, shows the plaintext passwords (metasploit module) and tries to crack hashed passords with John the Ripper

Credits

• cisc0wn - github.com/nccgroup/cisco-SNMP-enumeration
• sploitego project - github.com/allfro/sploitego/blob/master/src/sploitego/scapytools/snmp.py
• snmpenum.pl script - by Filip Waeytens
• metasploit - www.metasploit.com