• About Me
  • Impressum
  • Privacy
  • Status Page

№42

... it's better to have good questions

Scanning for SNMP communities

March 2, 2018 2 min read Ronny Trommer

Adding devices into monitoring system is easy. Getting all the right SNMP communities for them is harder. People don’t give you the right community string or forget to open firewall ports.

If you have to test a lot of IP’s against various IP addresses you can use nmap and a community list file as an input.

Be aware you talk about permission to run this test otherwise somebody can get angry when you try to brute-force community strings against their devices.

Create a file with the communities you want to test, in this example we call it snmpcommunities.lst.

indigo@blinky ~ cat snmpcommunities.lst
wtfgoaway
public

Scan a network with the community strings goes like this:

sudo nmap -sU -p161 --script snmp-brute 172.24.23.0/24 \
  --script-args snmp-brute.communitiesdb=./snmpcommunities.lst

The output is a list with IP addresses and the working SNMP communities:

Starting Nmap 7.60 ( https://nmap.org ) at 2018-03-02 16:57 CET
Nmap scan report for 172.24.23.100
Host is up (0.061s latency).

PORT    STATE SERVICE
161/udp open  snmp
| snmp-brute:
|_  wtfgoaway - Valid credentials
MAC Address: 0E:29:0C:FE:50:89 (Unknown)

Nmap scan report for 172.24.23.101
Host is up (0.060s latency).

PORT    STATE SERVICE
161/udp open  snmp
| snmp-brute:
|_  wtfgoaway - Valid credentials
MAC Address: 0E:29:0C:8A:2B:8A (Unknown)

Nmap scan report for 172.24.23.103
Host is up (0.056s latency).

PORT    STATE         SERVICE
161/udp open|filtered snmp
MAC Address: 0E:29:0C:F0:BD:95 (Unknown)

Nmap scan report for 172.24.23.104
Host is up (0.038s latency).

PORT    STATE SERVICE
161/udp open  snmp
| snmp-brute:
|_  wtfgoaway - Valid credentials
MAC Address: 0E:29:0C:CF:57:16 (Unknown)

Nmap scan report for 172.24.23.106
Host is up (0.073s latency).

PORT    STATE SERVICE
161/udp open  snmp
| snmp-brute:
|_  wtfgoaway - Valid credentials
MAC Address: 0E:29:0C:FB:A7:C4 (Unknown)

Nmap scan report for 172.24.23.3
Host is up (0.087s latency).

PORT    STATE SERVICE
161/udp open  snmp
| snmp-brute:
|_  public - Valid credentials

Nmap done: 256 IP addresses (6 hosts up) scanned in 15.44 seconds

If you want to use this information in other applications or scripts you can create an XML output with adding -oX snmp-result.xml.

Snmp Docker Monitoring
Latest posts
  • Why You Should Care About Your Release Notes
  • How Docker Broke the Internet for Me
  • macOS with Apple Silicon and x86-64-v3 support
  • Streaming telemetry with gNMI
  • Go away or I replace you with a Makefile
  • SNMP Proxy ... wait what?
  • Hackathon on BGP monitoring using BMP in OpenNMS
  • Dealing with secrets in OpenNMS Horizon
  • Building container images for OpenNMS
  • Hello Containerlab with Orbstack
Categories
  • OpenNMS (27)
  • Technology (26)
  • How-To (23)
  • Monitoring (13)
  • Container (8)
  • Tutorial (8)
  • Events (6)
  • Open-Source (6)
  • BGP (2)
  • Networking (2)
Social media
© 2025 made in 🇪🇺 by Ronny Trommer with ❤️ for Open Source
Bilberry Hugo Theme