SNMP

Simple Network Management Protocol

SNMP runs on UDP 161. You can get information about a system from it. But you need to know the community string for it to give you a response.

Brute forcing the community string:

onesixtyone -c /usr/share/metasploit-framework/data/wordlists/snmp-default-pass.txt

Note: You will likely want to find a better wordlist.

Getting the data dump:

snmpwalk -Os -v1 -c > snmpout.txt

Flags:

• -v1 specifies SNMP version 1

This also gives some (but less) info:

Metasploit -> auxiliary/scanner/snmp/snmp_enum

Things to grep from the datadump:

• System uname

• .1.3.6.1.2.1.1.1.0 - System's hardware type, software operating-system, and networking software.

• trap - To find other community strings (under "traphost")

• fail - Finding failed login attempts from logs (telnet or ssh for example, not all devices log these login attempts but some do).

Getting ipv6 addresses (if any) from the data dump:

python enyx.py version communitystring IP

GitHub - trickster0/Enyx: Enyx SNMP IPv6 Enumeration ToolGitHub

Unique local (Link Local/Local Unicast) is probably the output you’re looking for. It will return loopback as well afaik.