forked from tjnull/TJ-JPT
-
Notifications
You must be signed in to change notification settings - Fork 7
SNMP Enumeration Tools
TheGetch edited this page Jan 5, 2021
·
1 revision
SNMP Enumeration Tools
$ snmpwalk -c public -v1 ipaddress 1
$ snmpwalk -c private -v1 ipaddress 1
$ snmpwalk -c manager -v1 ipaddress 1
$ ls -lh /usr/share/nmap/scripts/ | grep snmp
-rw-r--r-- 1 root root 7814 Oct 12 09:29 snmp-brute.nse
-rw-r--r-- 1 root root 4388 Oct 12 09:29 snmp-hh3c-logins.nse
-rw-r--r-- 1 root root 5216 Oct 12 09:29 snmp-info.nse
-rw-r--r-- 1 root root 28644 Oct 12 09:29 snmp-interfaces.nse
-rw-r--r-- 1 root root 5978 Oct 12 09:29 snmp-ios-config.nse
-rw-r--r-- 1 root root 4156 Oct 12 09:29 snmp-netstat.nse
-rw-r--r-- 1 root root 4431 Oct 12 09:29 snmp-processes.nse
-rw-r--r-- 1 root root 1867 Oct 12 09:29 snmp-sysdescr.nse
-rw-r--r-- 1 root root 2570 Oct 12 09:29 snmp-win32-services.nse
-rw-r--r-- 1 root root 2739 Oct 12 09:29 snmp-win32-shares.nse
-rw-r--r-- 1 root root 4713 Oct 12 09:29 snmp-win32-software.nse
-rw-r--r-- 1 root root 2016 Oct 12 09:29 snmp-win32-users.nse
$ nmap x.x.x.x -p 161,162 -sV --script=exampleScript1.nse,exampleScript2.nse
auxiliary/scanner/misc/oki_scanner
auxiliary/scanner/snmp/aix_version
auxiliary/scanner/snmp/arris_dg950
auxiliary/scanner/snmp/brocade_enumhash
auxiliary/scanner/snmp/cisco_config_tftp
auxiliary/scanner/snmp/cisco_upload_file
auxiliary/scanner/snmp/cnpilot_r_snmp_loot
auxiliary/scanner/snmp/epmp1000_snmp_loot
auxiliary/scanner/snmp/netopia_enum
auxiliary/scanner/snmp/sbg6580_enum
auxiliary/scanner/snmp/snmp_enum
auxiliary/scanner/snmp/snmp_enum_hp_laserjet
auxiliary/scanner/snmp/snmp_enumshares
auxiliary/scanner/snmp/snmp_enumusers
auxiliary/scanner/snmp/snmp_login
$ onesixtyone -c /usr/share/doc/onesixtyone/dict.txt x.x.x.x
$ snmp-check x.x.x.x -c public
python3 samdump.py SNMP x.x.x.x
_Sidebar
1. Recon
- Ping Sweep: Windows Method
- Ping Sweep: Bash Method
- NetDiscover (ARP Scanning
- Nbtscan
- Ping Sweep: Python Method
- Ping Sweep: PowerShell Method
- Ping Sweep: Nmap method
- HTTP General Notes
- Cross-Site Scripting (XSS)
- SQL Injection (SQLi)
- Deserialization
- Directory Fuzzing
- IDOR Testing
- Intigriti Bug Bounty Tips
- Out of band exploitation
- Server-Side Template Injection (SSTI) Help
- Subdomain Enumeration
- WebFOCUS
- XXE Cheatsheet
- C2 Frameworks
- BloodHound
- Powershell Empire Quick Start Cheatsheet
- Pivoting/Tunneling
- Impacket
- Rubeus
- Mimikatz
- Identifying Hash Types
-
Dumping Hashes
-
- Cracking Hashes Offline
-
- Cracking Hashes Online
-
- Metasploit Meterpreter Migrate Process
- VMWare Port Forwarding
- Veil Simple Usage
- SSH: Generate OpenSSL RSA Key Pair from the Command Line
- Skipfish
- sed & awk: set root password in etc/shadow
- Search for ssh key quickly
- Python Proxy to Burp
- Python Convert .py to .exe
- PuttySCP Commands
- Powershell tidbits
- Password List - Generate quick list
- OS Enumeration - Ping
- Kerberos: Get KDC name and DNS name
- Impacket Scripts Error
- Gcc Compile Windows Executable in Linux
- Find Command: Filter out permission denied errors
- Excel Injection
- Digitally Sign Files (PowerShell Example)
- CSRF Tokens as Cookie Note
- Clear bash
- Burp Intruder Match/Replace
- Apache headers Test
- Windows Trial VMs
- Subdomain Brute Force
- Spawning TTY Shell
- Reserve Shell Cheat Sheet
- Pass-the-Hash
- Common Meterpreter Commands
- gcc & wine
- File Transfers
- Enable RDP - Windows
- DNS Reverse Lookup Brute Force
- Adding Users