SNMP (Simple Network Management Protocol) Pentesting

Last modified: 2022-12-22


SNMP is an internet standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior. It uses UDP. A default port is 161.


nmap -sU --script snmp-info -p 161 <target-ip>
nmap -sU --script snmp-interfaces -p 161 <target-ip>
nmap -sU --script snmp-processes -p 161 <target-ip>
nmap -sU --script snmp-sysdescr -p 161 <target-ip>
nmap -sU --script snmp* -p 161 <target-ip>


Snmp-Check is SNMP enumerator.

# -c: community
# -p: port
snmp-check <target-ip> -p 161 -c public

If we found the community name, brute force it.

Brute Force the Community Names

hydra -P /usr/share/seclists/Discovery/SNMP/common-snmp-community-strings.txt <target-ip> snmp

onesixtyone -c /usr/share/seclists/Discovery/SNMP/snmp.txt <target-ip>