This repository contains a Python script to help discover and enumerate devices that are potentially vulnerable to SNMP (Simple Network Management Protocol) misconfigurations or default community strings. By leveraging onesixtyone for scanning and snmpwalk for information gathering, the script attempts to pull various OIDs (object identifiers) from targets to reveal system details, running processes, storage, software, and more.
Disclaimer
This tool is intended for authorized security testing and research purposes only. Always obtain proper permission before scanning or enumerating any systems.
- Community String Discovery: Uses onesixtyone to quickly identify valid SNMP community strings.
- Enumeration of Common OIDs: Enumerates system processes, running programs, processes path, storage units, software names, user accounts, and TCP local ports.
- Automatic Detection of Vulnerable Hosts: The script identifies which IP addresses have open SNMP and attempts to gather data from them.
- Easy to Use: Just feed a file containing your target IP addresses, and the script does the rest.
- Cross-Platform: Works on Linux, macOS, and Windows (with minimal changes and the right dependencies).
-
Python 3
Ensure Python 3 is installed. Runpython3 --versionorpython --version(depending on your OS) to confirm. -
onesixtyone
- Linux:
sudo apt-get update sudo apt-get install -y onesixtyone
- Other platforms: Visit the onesixtyone GitHub or your OS package manager.
- Linux:
-
snmpwalk
- Linux:
# For Red Hat/Fedora/CentOS: sudo yum install net-snmp-utils # For Ubuntu/Debian: sudo apt-get install snmp
- Linux:
-
Python Packages
- None beyond the standard library (the script uses only built-in Python modules).
-
Community File
- You must have a file named
communityin the same directory as the script, containing the SNMP community strings you want to test (e.g.public,private, etc.).
- You must have a file named
- Clone this repository:
git clone https://github.com/sangleshubham/SNMP-Enumeration-and-Exploitation.git
- Enter the directory:
cd SNMP-Enumeration-and-Exploitation/
- Create a file (e.g.,
targets.txt) containing the IP addresses you want to test, one per line:192.168.1.10 192.168.1.20 10.0.0.5 ... - Update
communityfile with the SNMP community strings you want to try (e.g.,public,private, etc.). This file should be in the same folder as the script. - Run the script by providing the file with IPs as an argument:
python3 snmp_enumeration_script.py targets.txt
- Check output:
- The script will call
onesixtyoneto identify valid community strings for each IP. - Then it will run
snmpwalkon each found community/IP pair to gather system info (processes, open ports, software, etc.).
- The script will call
Found IP's:
public 192.168.1.10
private 10.0.0.5
Starting Enumeration:
IP: 192.168.1.10
Community: public
System Processes :
iso.3.6.1.2.1.25.1.6.0 = 120
Running Programs :
iso.3.6.1.2.1.25.4.2.1.2.1001 = "MyProcess"
...
IP: 10.0.0.5
Community: private
...
The script consists of the following main parts:
enum_dict:
A dictionary mapping descriptive names to SNMP OIDs for system processes, running programs, storage, user accounts, etc.gathering_info(com, ip):- Performs
snmpwalkwith the given community (com) and IP address (ip) for each OID inenum_dict. - Prints the raw output lines containing the matched OIDs.
- Performs
looping(ips):- Iterates over discovered community/IP pairs, calling
gathering_infofor each.
- Iterates over discovered community/IP pairs, calling
- Main execution flow:
- Reads the IP file from user-supplied command-line argument.
- Runs
onesixtyoneto detect valid community strings for each IP. - Logs each vulnerable IP, then calls
loopingto enumerate details.
This project is open-source under the MIT License. However, usage of the tool is governed by relevant local laws and regulations. Always operate responsibly and with explicit permission when exploring security testing.
Happy SNMP Enumeration! 😁