Re: [SCRIPT] snmpenum.nse

[ES2010 <bcts () yahoo com>]

Thanks for the tip...I've been working on something similar for a couple of
weeks but couldn't get the right combo with the community string. Thanks for
the help!!!



William Njuguna wrote:
> Hi guys,
>
> Here's a script that walks the selected subtree and prints out info
> discovered. If the 'subtree' argument is not specified, results from the
> system subtree are returned.
>
> Feedback will be appreciated.
>
> nmap -P0 -n -sU -sC -p161 192.168.2.2 --script-args="subtree=ipaddr"
>
> PORT    STATE SERVICE
> 161/udp open  snmp
> | snmpenum:  
> |   1.3.6.1.2.1.4.20.1.1.10.35.60.10: 10.35.60.10
> |   1.3.6.1.2.1.4.20.1.1.192.168.180.9: 192.168.180.9
> |   1.3.6.1.2.1.4.20.1.1.192.168.2.2: 192.168.2.2
> |   1.3.6.1.2.1.4.20.1.1.192.168.185.246: 192.168.185.246
> |_  1.3.6.1.2.1.4.20.1.1.192.168.118.61: 192.168.118.61
>
> -- 
> Regards,
> William Njuguna.
>
> description = [[
> Enumerate device info via snmp
> ]]
>
> ---
> -- @output
> -- | snmpwalk:  
> -- |   1.3.6.1.2.1.1.1.0: D-link Corp. Access Point
> -- |   1.3.6.1.2.1.1.2.0: 1.3.6.1.4.1.129.43.10.37.15
> -- |   1.3.6.1.2.1.1.3.0: 452533
> -- |   1.3.6.1.2.1.1.4.0: 
> -- |   1.3.6.1.2.1.1.5.0: D-link Corp. Access Point
> -- |   1.3.6.1.2.1.1.6.0: 
> -- |_  1.3.6.1.2.1.1.7.0: 64
>
> author = "William"
>
> license = "Same as Nmap--See http://nmap.org/book/man-legal.html";
>
> categories = {"discovery", "default", "safe"}
>
> --run after snmp-brute.nse
> runlevel = 2
>
> require "snmp"
> require "shortport"
> require "stdnse"
>
> portrule = shortport.portnumber(161, "udp", {"open", "open|filtered"})
>
> --Returns the oid to be used in the getnext request
> local function build_nextoid(oid)
>       local skip, nextoid, oid_elements
>       nextoid = {}
>       oid_elements = {}
>       
>       for w in string.gfind(oid, "%d+") do
>               table.insert(oid_elements, tonumber(w))
>       end
>
>       local counter = 1
>       for k,v in pairs(oid_elements) do
>               if (v > 128) then
>                       table.insert(nextoid, oid_elements[counter] + oid_elements[counter+1] -
> 1)
>                       counter = counter + 1
>                       skip = 1
>               elseif (skip == 1) then
>                       counter = counter + 1
>                       skip = 0
>               else
>                       table.insert(nextoid, oid_elements[counter])
>                       counter = counter + 1
>               end
>       end
>       return table.concat(nextoid, ".")
> end
>
> local function parse_response(response, oids, result) 
>       local k, v, i, value, output_table, output
>       output_table = {}
>       output = snmp.fetchResponseValues(response)
>       for k,v in pairs(output[1]) do
>               table.insert(output_table, v)
>       end
>       
> --Print out results for this subtree only
>       i = 1
>       while (i < #output_table - 1) do
>               oids.subtree = build_nextoid(output_table[i + 1])
>               value = output_table[i]
>               i = i + 1
>       
>               if (string.match(string.sub(oids.subtree, 1, string.len(oids.base)),
> oids.base)) then
>                       if type(value) == 'table' then
>                               table.insert(result, string.format("%s: %s", tostring(oids.subtree),
> snmp.oid2str(value)))
>                       else 
>                               table.insert(result, string.format("%s: %s", tostring(oids.subtree),
> tostring(value)))
>                       end
>               end
>       end
> end
>
> -- Sends out snmp getnext requests
> local function snmpwalk(host, port, oids, result)
>       local status, response, payload, request, options
>       options = {}
>       try(socket:connect(host.ip, port.number, "udp"))
>       request = snmp.buildGetNextRequest(options, oids.subtree)
>       payload = snmp.encode(snmp.buildPacket(request))
>       try(socket:send(payload))
>       status, response = socket:receive_bytes(1)
>       parse_response(response, oids, result)
> end
>
> action = function(host, port)
>       local result = {}
>       local oids = { system = "1.3.6.1.2.1.1", 
>                                  ipaddr = "1.3.6.1.2.1.4.20.1.1",
>                                  nexthop = "1.3.6.1.2.1.4.21.1.7",
>                                  tcpports = "1.3.6.1.2.1.6.13.1.3", 
>                                }
>       
>       if nmap.registry.args.subtree then
>               oids.subtree = oids[nmap.registry.args.subtree]
>               oids.base = oids[nmap.registry.args.subtree]
>       else
>               oids.subtree = oids.system
>               oids.base = oids.system
>       end
>
>       socket  = nmap.new_socket()
>       socket:set_timeout(5000)
>       local catch = function()
>               socket:close()
>       end
>       try = nmap.new_try(catch)
>       while (string.match(string.sub(oids.subtree, 1, string.len(oids.base)),
> oids.base)) do
>               snmpwalk(host, port, oids, result)
>       end
>       
>       try(socket:close())
>       return stdnse.format_output(true, result)
> end
>
>  
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://seclists.org/nmap-dev/

-- 
View this message in context: http://old.nabble.com/-SCRIPT--snmpenum.nse-tp26970634p28625803.html
Sent from the Nmap - Dev mailing list archive at Nabble.com.

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/