Quick Tutorial: SNMP Enumeration

by AAT Team · Updated January 10, 2024

The Simple Network Management Protocol (SNMP) is the protocol to manage network devices such as printers, switches, routers, hubs, etc.

It uses UDP protocol to operate its functionality. If SNMP devices are not configured securely, attackers may read and change the configurations.

This tutorial covers SNMP enumeration methods and tools that can be used while performing penetration testing.

Table of Contents

What is SNMP?
Prevention
For SNMP enumeration, Kali Linux comes with pre-installed tools
snmpwalk
snmp-check
Conclusion

What is SNMP?

SNMP protocol uses two passwords for authentication: a public key (to view configuration settings) and a private key (to configure network devices).

Hackers and Security Professionals try to get the following methods by SNMP enumeration:

Extract default SNMP passwords
Bruteforce passwords

Nmap has a lot of scripts for the enumeration of SNMP. Use snmp-* to search Nmap scripts in the database. Refer to this cheat sheet of Nmap to learn more commands of Nmap.

ls /usr/share/nmap/scripts | grep snmp-*
nmap --script snmp-* <IP>

Prevention

Always change passwords periodically
Always block access of UDP ports 161
The default password should be changed on the first login
Use SNMPv3 (more recent and secure) for decrypting passwords
Delete or disable SNMP agents on hosts

For SNMP enumeration, Kali Linux comes with pre-installed tools

snmpwalk

Simple tool to get complete information related to SNMP

snmpwalk -c public <IP>

snmp-check

The basic tool to identify information on SNMP devices. It supports the enumeration of hostname, devices, hardware and storage information, contact, description, etc. Below is the basic syntax for the usage of the tool.