# 第二十课：基于snmp发现内网存活主机

## SNMP简介：

SNMP是一种简单网络管理协议，它属于TCP/IP五层协议中的应用层协议，用于网络管理的协议。SNMP主要用于网络设备的管理。SNMP协议主要由两大部分构成：SNMP管理站和SNMP代理。SNMP管理站是一个中心节点，负责收集维护各个SNMP元素的信息，并对这些信息进行处理，最后反馈给网络管理员；而SNMP代理是运行在各个被管理的网络节点之上，负责统计该节点的各项信息，并且负责与SNMP管理站交互，接收并执行管理站的命令，上传各种本地的网络信息。

## nmap扫描：

```bash
root@John:~# nmap -sU --script snmp-brute 192.168.1.0/24 -T4
```

![](/files/-LZJwqc1oK-rOHr0CsO-)

## msf扫描：

```bash
msf > use auxiliary/scanner/snmp/snmp_enum
```

![](/files/-LZJwqc34Anqhvap8MY1)

项目地址：\
<https://www.mcafee.com/us/downloads/free-tools/snscan.aspx>\
依然是一块macafee出品的攻击\
![](/files/-LZJwqc54EmUAH-NmHnA)

## NetCrunch：

项目地址：\
<https://www.adremsoft.com/demo/>\
内网安全审计工具，包含了DNS审计，ping扫描，端口，网络服务等。\
![](/files/-LZJwqc7l4kwrCS75aQx)

## snmp for pl扫描：

项目地址：\
<https://github.com/dheiland-r7/snmp>

![](/files/-LZJwqc9Y2AAiwi-KFDs)

![](/files/-LZJwqcBFmL_Ys3oqDG2)

## 其他扫描：

snmpbulkwalk：\
![](/files/-LZJwqcDXEsSKj0-YQe9)

snmp-check：\
![](/files/-LZJwqcFmkuZH0e8uyAV)

snmptest：\
![](/files/-LZJwqcHUCDGXG3lDJXw)

## 附录：

```bash
use auxiliary/scanner/snmp/aix_version use auxiliary/scanner/snmp/snmp_enum
use auxiliary/scanner/snmp/arris_dg950
use auxiliary/scanner/snmp/snmp_enum_hp_laserjet
use auxiliary/scanner/snmp/brocade_enumhash use auxiliary/scanner/snmp/snmp_enumshares 
use auxiliary/scanner/snmp/cambium_snmp_loot use auxiliary/scanner/snmp/snmp_enumusers
use auxiliary/scanner/snmp/cisco_config_tftp use auxiliary/scanner/snmp/snmp_login
use auxiliary/scanner/snmp/cisco_upload_file use auxiliary/scanner/snmp/snmp_set
use auxiliary/scanner/snmp/netopia_enum
use auxiliary/scanner/snmp/ubee_ddw3611 
use auxiliary/scanner/snmp/sbg6580_enum
use auxiliary/scanner/snmp/xerox_workcentre_enumusers
```

其他内网安全审计工具（snmp）：\
项目地址：<https://www.solarwinds.com/topics/snmp-scanner>\
项目地址：<https://www.netscantools.com/nstpro_snmp.html>

## snmp for pl ：

Can't locate NetAddr/IP\
![](/files/-LZJwqcJeiQCAxHpiqJv)

```bash
root@John:~/Desktop/snmp# wget http://www.cpan.org/modules/by-module/NetAddr/NetAddr-IP-4.078.tar.gz
```

![](/files/-LZJwqcLXIRG9gTlA7-J)

```bash
root@John:~/Desktop/snmp# tar xvzf ./NetAddr-IP-4.078.tar.gz
```

![](/files/-LZJwqcNQC24T0FHLERX)

```bash
root@John:~/Desktop/snmp# cd NetAddr-IP-4.078/
root@John:~/Desktop/snmp/NetAddr-IP-4.078# ls
About-NetAddr-IP.txt Artistic Changes 
Copying docs IP.pm Lite Makefile.PL 
MANIFEST MANIFEST.SKIP META.yml t TODO
root@John:~/Desktop/snmp/NetAddr-IP-4.078# perl Makefile.PL
```

![](/files/-LZJwqcPj6tHgtCzkWsN)

```bash
root@John:~/Desktop/snmp/NetAddr-IP-4.078# make
```

![](/files/-LZJwqcRKDQcjnXPehyG)

```bash
root@John:~/Desktop/snmp/NetAddr-IP-4.078# make install
```

![](/files/-LZJwqcT9sFGlYY0cI7H)

\> \_ < !!\
![](/files/-LZJwqcVudv4ixotjV1_)

> Micropoor


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://micro8.gitbook.io/micro8/contents-1/11-20/20-ji-yu-snmp-fa-xian-nei-wang-cun-huo-zhu-ji.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.