SNMPBrute is an SNMP brute force, enumeration, CISCO config downloader and password cracking script. It listens for any responses to the brute force community strings, effectively minimising wait time.

• Brute forces both version 1 and version 2c SNMP community strings
• Enumerates information for CISCO devices or if specified for Linux and Windows operating systems.
• Identifies RW community strings
• Tries to download the router config (Metasploit module).
• If the CISCO config file is downloaded, shows the plaintext passwords (Metasploit module) and tries to crack hashed passwords with John the Ripper

python snmp-brute.py -t [IP]

Options:

--help, -h                Show this help message and exit
 
 --file=DICTIONARY,        Dictionary file
 -f DICTIONARY
 
 --target=IP, -t IP        Host IP
 
 --port=PORT, -p PORT      SNMP port

Advanced:

--rate=RATE, -r       RATE Send rate
 
 --timeout=TIMEOUT     Wait time for UDP response (in seconds)
 
 --delay=DELAY         Wait time after all packets are send (in seconds)
 
 --iplist=LFILE        IP list file
 
 --verbose, -v         Verbose output
 

Automation:

--bruteonly, -b  Do not try to enumerate - only bruteforce
 
 --auto, -a       Non Interactive Mode
 
 --no-colours     No colour output
 

Operating Systems:

--windows       Enumerate Windows OIDs (snmpenum.pl)
 
 --linux         Enumerate Linux OIDs (snmpenum.pl)
 
 --cisco         Append extra Cisco OIDs (snmpenum.pl)
 

Alternative Options:

--stdin, -s               Read communities from stdin
 
 --community=COMMUNITY,    Single Community String to use
  -c COMMUNITY 
 
 --sploitego               Sploitego's bruteforce method