Nmap scan for SNMP
sudo nmap -sU --open -p 161 X.X.X.1-254 -oG open-snmp.txt
Bruteforce an IP range using community strings
echo public > community echo private >> community echo manager >> community for ip in $(seq 1 254); do echo X.X.X.$ip; done > ips onesixtyone -c community -i ips
Windows Enumerating the Entire MIB Tree
snmpwalk -c public -v1 -t 10 <TARGET IP>
Enumerating Windows Users
snmpwalk -c public -v1 <TARGET IP> 1.3.6.1.4.1.77.1.2.25
Enumerating Running Windows Processes
snmpwalk -c public -v1 <TARGET IP> 1.3.6.1.2.1.25.4.2.1.2
Enumerating Open TCP Ports
snmpwalk -c public -v1 <TARGET IP> 1.3.6.1.2.1.6.13.1.3
Enumerating Installed Software
snmpwalk -c public -v1 <TARGET IP> 1.3.6.1.2.1.25.6.3.1.2
Enumerate the hole tree
snmp-check <TARGET IP> -c public