SNMP Ports 161, 162 default
Commands
Read, write, trap, traversal command
SNMP community strings
Community strings are like a username or password that allows access to the managed device.
There are three different community strings that allow a user to set 1 ready only commands, 2 read write commands and 3 traps.
SNMPv3 community string is replaced with a user and password authentication.
SNMPv1/v2 is factory default read only strings set to public and read write string set to private.
Onesixtyone is a fast tool to brute force SNMP community strings and take advantage of the connectionless protocol.
Onesixtyone requires two arguments: a file that contains the list of community strings to try and the target host ip address.
You can also provide a list of host IP addresses to be scanned by onesixtyone using the -i option.
onesixtyone #access help menu
onesixtyone -c snmp_community_strings_wordlist_onesixtyone.txt -p 161 192.168.43.161
/usr/share/wordlists/seclists/Discovery/SNMP
Snmpwalk queries MIB values to retrieve information about the managed devices, but as a minimum requires a valid SNMP read only community string.
Run snmpwalk with the default community string ‘public’ on and SNMPv1 device use the following command:
snmpwalk -c public -v1 [target host]
You can also request a single object ID value using the following command:
snmpwalk -c public -v1 [target host] [OID]
ls -l /usr/share/nmap/scripts/snmp*