This post contains various commands and methods for performing enumeration the SNMP service. This article will be expanded upon as time goes on.
Using NMAP
Bruteforcing community strings:sudo nmap -sU -p 161 --script snmp-brute <ipAddr>
Bruteforcing community strings with custom wordlist:sudo nmap -sU -p 161 --script snmp-brute --script-args snmp-brute.communitiesdb=/usr/share/seclists/Discovery/SNMP/common-snmp-community-strings.txt <ipAddr>
Enumerate users on remote machine:sudo nmap -sU -p 161 --script snmp-win32-users <ipAddr>
Enumerate services on remote machine:sudo nmap -sU -p 161 --script snmp-win32-services <ipAddr>
Run all SNMP-related Nmap Scripts:sudo nmap -sU -p 161 --script snmp-* <ipAddr> -oG nmap/snmp.txt
Using SNMPWALK
Enumerate SNMPv2 with a community string of Public:snmpwalk -v2c -c public <ipAddr>
To search for installed software:snmpwalk -v2c -c public <ipAddr> hrSWInstalledName
To search amount of RAM on the host:snmpwalk -v2c -c public <ipAddr> hrMemorySize
Note: There are additional OIDs that you can provide to enumerate specific information.
Using ONESIXTYONE
To brute-force communities:onesixtyone -c /usr/share/doc/onesixtyone/dict.txt <ipAddr>
Using SNMPSET
To change an OID to a different value:snmpwalk -v2c -c public <ipAddr> <OID> <newValue>
To change the sysContact OID:snmpwalk -v2c -c public <ipAddr> sysContact <newValue>