Description
The Simple Network Management Protocol is used to remotely manage devices. It can be used to configure or to check the configuration of a host.
By design, this service is a great source of both information gathering and privilege escalation in a network.
Enumeration
sudo nmap -sU -p 161 --script=snmp* -oX ./nmap/snmp.xml $IPNote that one of the scripts that nmap will run is snmp-brute which brute forces for community strings. To change the default wordlist, use:
sudo nmap -sU -p 161 --script=snmp* --script-args snmp-brute.communitiesdb=$WORDLIST -oX ./nmap/snmp.xml $IPAlso note that this nmap command will output a lot of information. Do not underestimate the importance of thoroughly inspecting the output which can contain crucial information on a target.