Information Gatheringsnmpenumerationnetworkpentestmonitoring

snmpcheck

SNMP service enumeration tool that enumerates SNMP devices and outputs results in a human-readable format, similar to snmpwalk. Useful for penetration testing or systems monitoring.

Description

snmpcheck is an SNMP device enumerator designed to scan and gather detailed information from target hosts via SNMP protocols. It retrieves system details such as hostname, description, contact, location, uptime, and system date, along with network information, interfaces, IP addresses, routing, TCP connections, listening ports, and more. The output is formatted for easy readability, making it accessible for quick analysis.

In penetration testing scenarios, snmpcheck helps identify exposed SNMP services using default or known community strings, potentially revealing sensitive network configurations. For systems monitoring, it provides a structured view of device status and connectivity. The tool supports SNMPv1 and SNMPv2c, with options to customize port, community, version, and other parameters.

It operates by connecting to the target SNMP service and systematically querying various OIDs to compile comprehensive enumeration data.

How It Works

snmpcheck connects to the target host on SNMP port 161 using specified community string and version (v1 or v2c). It performs enumeration by querying SNMP OIDs for system information, network details, interfaces, IP addresses, routing tables, TCP/UDP listening ports, and connections. Output is organized into readable sections; write access detection and TCP enumeration are optional.

Installation

bash

sudo apt install snmpcheck

Flags

-p --portSNMP port. Default port is 161

-c --communitySNMP community. Default is public

-v --versionSNMP version (1,2c). Default is 1

-w --writedetect write access (separate action by enumeration)

-d --disable_tcpdisable TCP connections enumeration

-t --timeouttimeout in seconds. Default is 5

-r --retriesrequest retries. Default is 1

-i --infoshow script version

-h --helpshow help menu

Examples

Scan the target host (192.168.1.2) using the public SNMP community string

snmp-check 192.168.1.2 -c public

Scan target using default community 'public', SNMPv1, and port 161

snmp-check 192.168.1.2

Scan target using custom community string 'private'

snmp-check 192.168.1.2 -c private

Scan target using SNMPv2c and community 'public'

snmp-check 192.168.1.2 -v 2c -c public

Scan target on non-default SNMP port 1161 with community 'public'

snmp-check 192.168.1.2 -p 1161 -c public

Scan target and detect write access with community 'public'

snmp-check 192.168.1.2 -w -c public

Scan target without TCP connections enumeration

snmp-check 192.168.1.2 -d -c public

Updated 2026-04-16kali.org ↗