This post contains various commands and methods for performing enumeration the SNMP service. This article will be expanded upon as time goes on.

---

Using NMAP

Bruteforcing community strings:
sudo nmap -sU -p 161 --script snmp-brute <ipAddr>

Bruteforcing community strings with custom wordlist:
sudo nmap -sU -p 161 --script snmp-brute --script-args snmp-brute.communitiesdb=/usr/share/seclists/Discovery/SNMP/common-snmp-community-strings.txt <ipAddr>

Enumerate users on remote machine:
sudo nmap -sU -p 161 --script snmp-win32-users <ipAddr>

Enumerate services on remote machine:
sudo nmap -sU -p 161 --script snmp-win32-services <ipAddr>

Run all SNMP-related Nmap Scripts:
sudo nmap -sU -p 161 --script snmp-* <ipAddr> -oG nmap/snmp.txt

---

Using SNMPWALK

Enumerate SNMPv2 with a community string of Public:
snmpwalk -v2c -c public <ipAddr>

To search for installed software:
snmpwalk -v2c -c public <ipAddr> hrSWInstalledName

To search amount of RAM on the host:
snmpwalk -v2c -c public <ipAddr> hrMemorySize

Note: There are additional OIDs that you can provide to enumerate specific information.

---

Using ONESIXTYONE

To brute-force communities:
onesixtyone -c /usr/share/doc/onesixtyone/dict.txt <ipAddr>

---

Using SNMPSET

To change an OID to a different value:
snmpwalk -v2c -c public <ipAddr> <OID> <newValue>

To change the sysContact OID:
snmpwalk -v2c -c public <ipAddr> sysContact <newValue>

---