SNMP Brute: Fast SNMP brute force, enumeration, CISCO config downloader & password cracking

SNMP brute force, enumeration, CISCO config downloader and password cracking script. Listens for any responses to the brute force community strings, effectively minimising wait time.

Features

• Brute forces both version 1 and version 2c SNMP community strings
• Enumerates information for CISCO devices or if specified for Linux and Windows operating systems.
• Identifies RW community strings
• Tries to download the router config (Metasploit module).
• If the CISCO config file is downloaded, shows the plaintext passwords (Metasploit module) and tries to crack hashed passwords with John the Ripper

Download

Requirement

• metasploit
• snmpwalk
• snmpstat
• john the ripper

Install

git clone https://github.com/SECFORCE/SNMP-Brute.git

Usage

python snmp-brute.py -t [IP]

Options

–help, -h show this help message and exit

–file=DICTIONARY, -f DICTIONARY Dictionary file

–target=IP, -t IP Host IP

–port=PORT, -p PORT SNMP port

Advanced

–rate=RATE, -r RATE Send rate

–timeout=TIMEOUT Wait time for UDP response (in seconds)

–delay=DELAY Wait time after all packets are sent (in seconds)

–iplist=LFILE IP list file

–verbose, -v Verbose output

Automation

–bruteonly, -b Do not try to enumerate – only bruteforce

–auto, -a Non-Interactive Mode

–no-colours No colour output

Operating Systems

–windows Enumerate Windows OIDs (snmpenum.pl)

–linux Enumerate Linux OIDs (snmpenum.pl)

–cisco Append extra Cisco OIDs (snmpenum.pl)

Alternative Options

–stdin, -s Read communities from stdin

–community=COMMUNITY, -c COMMUNITY Single Community String to use

–sploitego Sploitego’s bruteforce method

Source: https://github.com/SECFORCE/