Nmap Development mailing list archives
Re: [SCRIPT] snmpenum.nse
From: ES2010 <bcts () yahoo com>
Date: Thu, 20 May 2010 12:22:30 -0700 (PDT)
Thanks for the tip...I've been working on something similar for a couple of weeks but couldn't get the right combo with the community string. Thanks for the help!!! William Njuguna wrote:
Hi guys, Here's a script that walks the selected subtree and prints out info discovered. If the 'subtree' argument is not specified, results from the system subtree are returned. Feedback will be appreciated. nmap -P0 -n -sU -sC -p161 192.168.2.2 --script-args="subtree=ipaddr" PORT STATE SERVICE 161/udp open snmp | snmpenum: | 1.3.6.1.2.1.4.20.1.1.10.35.60.10: 10.35.60.10 | 1.3.6.1.2.1.4.20.1.1.192.168.180.9: 192.168.180.9 | 1.3.6.1.2.1.4.20.1.1.192.168.2.2: 192.168.2.2 | 1.3.6.1.2.1.4.20.1.1.192.168.185.246: 192.168.185.246 |_ 1.3.6.1.2.1.4.20.1.1.192.168.118.61: 192.168.118.61 -- Regards, William Njuguna. description = [[ Enumerate device info via snmp ]] --- -- @output -- | snmpwalk: -- | 1.3.6.1.2.1.1.1.0: D-link Corp. Access Point -- | 1.3.6.1.2.1.1.2.0: 1.3.6.1.4.1.129.43.10.37.15 -- | 1.3.6.1.2.1.1.3.0: 452533 -- | 1.3.6.1.2.1.1.4.0: -- | 1.3.6.1.2.1.1.5.0: D-link Corp. Access Point -- | 1.3.6.1.2.1.1.6.0: -- |_ 1.3.6.1.2.1.1.7.0: 64 author = "William" license = "Same as Nmap--See http://nmap.org/book/man-legal.html" categories = {"discovery", "default", "safe"} --run after snmp-brute.nse runlevel = 2 require "snmp" require "shortport" require "stdnse" portrule = shortport.portnumber(161, "udp", {"open", "open|filtered"}) --Returns the oid to be used in the getnext request local function build_nextoid(oid) local skip, nextoid, oid_elements nextoid = {} oid_elements = {} for w in string.gfind(oid, "%d+") do table.insert(oid_elements, tonumber(w)) end local counter = 1 for k,v in pairs(oid_elements) do if (v > 128) then table.insert(nextoid, oid_elements[counter] + oid_elements[counter+1] - 1) counter = counter + 1 skip = 1 elseif (skip == 1) then counter = counter + 1 skip = 0 else table.insert(nextoid, oid_elements[counter]) counter = counter + 1 end end return table.concat(nextoid, ".") end local function parse_response(response, oids, result) local k, v, i, value, output_table, output output_table = {} output = snmp.fetchResponseValues(response) for k,v in pairs(output[1]) do table.insert(output_table, v) end --Print out results for this subtree only i = 1 while (i < #output_table - 1) do oids.subtree = build_nextoid(output_table[i + 1]) value = output_table[i] i = i + 1 if (string.match(string.sub(oids.subtree, 1, string.len(oids.base)), oids.base)) then if type(value) == 'table' then table.insert(result, string.format("%s: %s", tostring(oids.subtree), snmp.oid2str(value))) else table.insert(result, string.format("%s: %s", tostring(oids.subtree), tostring(value))) end end end end -- Sends out snmp getnext requests local function snmpwalk(host, port, oids, result) local status, response, payload, request, options options = {} try(socket:connect(host.ip, port.number, "udp")) request = snmp.buildGetNextRequest(options, oids.subtree) payload = snmp.encode(snmp.buildPacket(request)) try(socket:send(payload)) status, response = socket:receive_bytes(1) parse_response(response, oids, result) end action = function(host, port) local result = {} local oids = { system = "1.3.6.1.2.1.1", ipaddr = "1.3.6.1.2.1.4.20.1.1", nexthop = "1.3.6.1.2.1.4.21.1.7", tcpports = "1.3.6.1.2.1.6.13.1.3", } if nmap.registry.args.subtree then oids.subtree = oids[nmap.registry.args.subtree] oids.base = oids[nmap.registry.args.subtree] else oids.subtree = oids.system oids.base = oids.system end socket = nmap.new_socket() socket:set_timeout(5000) local catch = function() socket:close() end try = nmap.new_try(catch) while (string.match(string.sub(oids.subtree, 1, string.len(oids.base)), oids.base)) do snmpwalk(host, port, oids, result) end try(socket:close()) return stdnse.format_output(true, result) end _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
-- View this message in context: http://old.nabble.com/-SCRIPT--snmpenum.nse-tp26970634p28625803.html Sent from the Nmap - Dev mailing list archive at Nabble.com. _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [SCRIPT] snmpenum.nse ES2010 (May 22)