SNMP (Simple Network Management Protocol) Pentesting

Last modified: 2024-01-26


SNMP is an internet standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior. It uses UDP. A default port is 161.


nmap -sU --script snmp-info -p 161 <target-ip>
nmap -sU --script snmp-interfaces -p 161 <target-ip>
nmap -sU --script snmp-processes -p 161 <target-ip>
nmap -sU --script snmp-sysdescr -p 161 <target-ip>
nmap -sU --script snmp* -p 161 <target-ip>

# For SNMP v1
# -c: Community name
snmpwalk -v1 -c public -m ALL <ip>:<port>
# For SNMP v2
snmpwalk -v2c -c public -m ALL <ip>:<port>
# For SNMP v3
# -l: Security level. 'noAuthNoPriv', 'authNoPriv', 'authPriv'.
snmpwalk -v3 -l noAuthNoPriv -c public -m ALL <ip>:<port>

# -c: community
# -p: port
snmp-check <target-ip> -p 161 -c public

Brute Force the Community Names

hydra -P /usr/share/seclists/Discovery/SNMP/common-snmp-community-strings.txt <target-ip> snmp

onesixtyone -c /usr/share/seclists/Discovery/SNMP/snmp.txt <target-ip>

Configuration Files

cat /etc/snmp/snmpd.conf