NoThink

"verum scire est scire per causas"

• Home
• Malware network activity
  • DNS network traffic
  • IRC network traffic
  • HTTP network traffic
• Honeypot
  • SSH honeypot
  • Malicious binaries collected
  • Last threats (daily)
• Misc
  • Blacklist
  • Viruswatch

SNMPCHECK

Like to snmpwalk, snmpcheck permits to enumerate information via SNMP protocol.
It allows enumeration (hardware, software, network) of any devices with SNMP protocol support.
It could be useful for penetration testing or systems monitoring.

Distributed under GPL license and based on "Athena-2k" script by jshaw.

Features

snmpcheck supports the following enumerations (in alfabetich order):

contact

description

devices

domain

hardware and storage informations

hostname

IIS statistics

IP forwarding

listening UDP ports

location

motd

mountpoints

network interfaces

network services

processes

routing information

software components

system uptime

TCP connections

total memory

uptime

user accounts

detect write access (separate action by enumeration)

Download

Version: 1.8 - Release 2011/01/23

snmpcheck-1.8.pl

md5 a798d31ec841cd78c89548fceb2209d6
sha1 83e60ceaf66096e402295521a3927cc55450b0bd

Moreover you can use snmpcheck using the Metasploit's module snmp_enum.

Notes

To use snmpcheck you need to install Net::SNMP (a object oriented interface to SNMP), Number::Bytes::Human (convert byte count to human readable format) and Time::HiRes (high resolution alarm, sleep, gettimeofday, interval timers) Perl modules. It is also important to note that you must enable threads support.

A Net::SNMP object can be created such that it has either "blocking" or "non-blocking" properties. By default, the methods used to send SNMP messages do not return until the protocol exchange has completed successfully or a timeout period has expired. This behavior gives the object a "blocking" property because the flow of the code is stopped until the method returns. Regarding very slow enumerations will be show a waiting message. You can also disable the TCP enumeration using the -d option.

Report examples

Microsoft Windows XP

Linux Ubuntu

See also

Router Hacking SNMP 1 from Vivek Ramachandran on Vimeo.

Simple Network Management Protocol

Manpage of snmpwalk

Disclaimer

snmpcheck should not be used against machines you do not own or administrator. This tool might create IDS warnings.
The author can't be held responsible for the use and/or misuse of this program.

Contact

Please send your feedback to Matteo Cantoni matteo.cantoni@nothink.org.