def __init__(self,
host,
community="public",
version="1",
port=161,
retries=3,
timeout=1,
reporttype=None):
"""
Makes a new Snmp-object.
host: hostname
community: community (password), defaults to "public"
port: port, defaults to "161"
"""
self.host = host
self.community = community
self.version = str(version)
self.port = int(port)
self.retries = retries
self.timeout = timeout
self.reporttype = reporttype
self.handle = role.manager()
self.handle.timeout = float(timeout)
def __init__(self, iface):
"""Initializes a TrapListener.
iface -- A (srcadr, port) tuple.
"""
self.iface = iface
self._agent = role.manager(iface=iface)
def __init__(self, iface):
"""Initializes a TrapListener.
iface -- A (srcadr, port) tuple.
"""
self.iface = iface
self._agent = role.manager(iface=iface)
def __init__(self, host, community="public", version="2c", port=161, retries=3, timeout=1): self.host = host self.community = community self.version=version self.port=port self.retries=retries self.timeout=timeout self.handle=role.manager((host,port))
def __init__(self,
host,
community="public",
version="2c",
port=161,
retries=3,
timeout=1):
self.host = host
self.community = community
self.version = version
self.port = port
self.retries = retries
self.timeout = timeout
self.handle = role.manager((host, port))
def __init__(self, hosts, community, trapoid, varbinds=()):
"""Constructor that specifies the a list of hosts, a community
string to use for all of the hosts, the OID of the trap, as
well as a sequence of varbinds. Each varbind sequence is a
tuple that contains the OID, type, and value (all of which are
specified as strings). For example::
trap = SnmpTrapEventHandler( \\
("host1", "host2"),
"public",
"1.3.6.1.4.1.8233.111.1",
(("1.3.6.1.4.1.8233.200.1", "OCTETSTRING", "Error"),
("1.3.6.1.4.1.8233.200.2", "INTEGER", 100),
("1.3.6.1.4.1.8233.200.3", "INTEGER", "\\2")))
As an alternative, all of the arguments may be specified as
strings. In which case, the following is the expected
format::
trap = SnmpTrapEventHandler( \\
"host1, host2",
"public",
"1.3.6.1.4.1.8233.111.1",
"1.3.6.1.4.1.8233.200.1: OCTETSTRING: Error
1.3.6.1.4.1.8233.200.2: INTEGER: 100
1.3.6.1.4.1.8233.200.3: INTEGER: \\2")
The string formats are designed for external programmatic
applications (such as an XML rule builder, or GUI front-end.
"""
if isinstance(hosts, StringType):
hosts = [x.strip() for x in hosts.split(',') if x]
self.hosts = [ role.manager((x, 162)) for x in hosts ]
self.community = community
self.trapoid = SnmpTrapEventHandler.OBJECTID.encode(trapoid)
if isinstance(varbinds, StringType):
varbinds = [x.strip().split(':')
for x in varbinds.split('\n') if x]
for oid, type, value in varbinds:
if not hasattr(asn1, type):
raise TypeError, "SNMP type does not exist: " + type
self.varbinds = [(SnmpTrapEventHandler.OBJECTID.encode(o), t, v)
for o, t, v in varbinds]
def __init__(self, host, community="public", version="1", port=161,
retries=3, timeout=1, reporttype=None):
"""
Makes a new Snmp-object.
host: hostname
community: community (password), defaults to "public"
port: port, defaults to "161"
"""
self.host = host
self.community = community
self.version = str(version)
self.port = int(port)
self.retries = retries
self.timeout = timeout
self.reporttype = reporttype
self.handle = role.manager()
self.handle.timeout = float(timeout)
def showOid(self, head_oids):
# Create SNMP manager object
client = role.manager((self.target, self.port))
# Pass it a few options
client.timeout = self.timeout
client.retries = self.retries
# Create a SNMP request&response objects from protocol version
# specific module.
try:
req = v1.GETREQUEST()
nextReq = v1.GETNEXTREQUEST()
rsp = v1.GETRESPONSE()
except (NameError, AttributeError):
print sys.exc_info()[1]
return False
# Store tables headers
#head_oids = ["1.3.6.1."]
try:
# BER encode initial SNMP Object IDs to query
encoded_oids = map(asn1.OBJECTID().encode, head_oids)
except:
print "Error.", sys.exc_info()[1]
return
# Traverse agent MIB
while 1:
# Encode SNMP request message and try to send it to SNMP agent
# and receive a response
(answer, src) = client.send_and_receive(\
req.encode(community=self.community, encoded_oids=encoded_oids))
# Attempt to decode SNMP response
rsp.decode(answer)
# Make sure response matches request (request IDs, communities, etc)
if req != rsp:
raise Exception('Unmatched response: %s vs %s' %
(str(req), str(rsp)))
# Decode BER encoded Object IDs.
oids = map(lambda x: x[0], map(asn1.OBJECTID().decode, \
rsp['encoded_oids']))
# Decode BER encoded values associated with Object IDs.
vals = map(lambda x: x[0](), map(asn1.decode, rsp['encoded_vals']))
# Check for remote SNMP agent failure
if rsp['error_status']:
# SNMP agent reports 'no such name' when walk is over
if rsp['error_status'] == 2:
# Switch over to GETNEXT req on error
# XXX what if one of multiple vars fails?
if not (req is nextReq):
req = nextReq
continue
# One of the tables exceeded
for l in oids, vals, head_oids:
del l[rsp['error_index'] - 1]
else:
raise Exception('SNMP error #' + str(rsp['error_status']) + ' for OID #' \
+ str(rsp['error_index']))
# Exclude completed OIDs
while 1:
for idx in range(len(head_oids)):
if not asn1.OBJECTID(head_oids[idx]).isaprefix(oids[idx]):
# One of the tables exceeded
for l in oids, vals, head_oids:
del l[idx]
break
else:
break
if not head_oids:
return False
# Print out results
for (oid, val) in map(None, oids, vals):
if str(val) != "":
print oidToHuman(oid) + ' = ' + str(val)
# BER encode next SNMP Object IDs to query
encoded_oids = map(asn1.OBJECTID().encode, oids)
# Update request object
req['request_id'] = req['request_id'] + 1
# Switch over GETNEXT PDU for if not done
if not (req is nextReq):
req = nextReq
return True
def snmpenum(self, h_oids, title):
try:
from pysnmp import asn1, v1, v2c
from pysnmp import role
except:
self.log("Error: you need pysnmp to use this exploit")
return 1
client = role.manager((self.host, 161))
client.timeout = 1
client.retries = 5
t = 0
req = eval('v' + self.snmpver).GETREQUEST()
nextReq = eval('v' + self.snmpver).GETNEXTREQUEST()
rsp = eval('v' + self.snmpver).GETRESPONSE()
encoded_oids = map(asn1.OBJECTID().encode, h_oids)
while 1:
try:
(answer, src) = client.send_and_receive(
req.encode(community=self.community,
encoded_oids=encoded_oids))
except:
self.log("%s : bad community ?" % self.community)
return 1
rsp.decode(answer)
if req != rsp:
raise 'Unmatched response: %s vs %s' % (str(req), str(rsp))
oids = map(lambda x: x[0],
map(asn1.OBJECTID().decode, rsp['encoded_oids']))
vals = map(lambda x: x[0](), map(asn1.decode, rsp['encoded_vals']))
if rsp['error_status']:
if rsp['error_status'] == 2:
if not (req is nextReq):
req = nextReq
continue
for l in oids, vals, h_oids:
del l[rsp['error_index'] - 1]
else:
raise 'SNMP error #' + str(
rsp['error_status']) + ' for OID #' + str(
rsp['error_index'])
while 1:
for idx in range(len(h_oids)):
if not asn1.OBJECTID(h_oids[idx]).isaprefix(oids[idx]):
for l in oids, vals, h_oids:
del l[idx]
break
else:
break
if not h_oids:
return 0
if not t:
self.log("[#] %s" % title)
t += 1
for (oid, val) in map(None, oids, vals):
self.log(str(val))
encoded_oids = map(asn1.OBJECTID().encode, oids)
req['request_id'] = req['request_id'] + 1
if not (req is nextReq):
req = nextReq
return 0
def showOid(self, head_oids):
# Create SNMP manager object
client = role.manager((self.target, self.port))
# Pass it a few options
client.timeout = self.timeout
client.retries = self.retries
# Create a SNMP request&response objects from protocol version
# specific module.
try:
req = v1.GETREQUEST()
nextReq = v1.GETNEXTREQUEST()
rsp = v1.GETRESPONSE()
except (NameError, AttributeError):
print sys.exc_info()[1]
return False
# Store tables headers
#head_oids = ["1.3.6.1."]
try:
# BER encode initial SNMP Object IDs to query
encoded_oids = map(asn1.OBJECTID().encode, head_oids)
except:
print "Error.", sys.exc_info()[1]
return
# Traverse agent MIB
while 1:
# Encode SNMP request message and try to send it to SNMP agent
# and receive a response
(answer, src) = client.send_and_receive(\
req.encode(community=self.community, encoded_oids=encoded_oids))
# Attempt to decode SNMP response
rsp.decode(answer)
# Make sure response matches request (request IDs, communities, etc)
if req != rsp:
raise Exception('Unmatched response: %s vs %s' % (str(req), str(rsp)))
# Decode BER encoded Object IDs.
oids = map(lambda x: x[0], map(asn1.OBJECTID().decode, \
rsp['encoded_oids']))
# Decode BER encoded values associated with Object IDs.
vals = map(lambda x: x[0](), map(asn1.decode, rsp['encoded_vals']))
# Check for remote SNMP agent failure
if rsp['error_status']:
# SNMP agent reports 'no such name' when walk is over
if rsp['error_status'] == 2:
# Switch over to GETNEXT req on error
# XXX what if one of multiple vars fails?
if not (req is nextReq):
req = nextReq
continue
# One of the tables exceeded
for l in oids, vals, head_oids:
del l[rsp['error_index']-1]
else:
raise Exception('SNMP error #' + str(rsp['error_status']) + ' for OID #' \
+ str(rsp['error_index']))
# Exclude completed OIDs
while 1:
for idx in range(len(head_oids)):
if not asn1.OBJECTID(head_oids[idx]).isaprefix(oids[idx]):
# One of the tables exceeded
for l in oids, vals, head_oids:
del l[idx]
break
else:
break
if not head_oids:
return False
# Print out results
for (oid, val) in map(None, oids, vals):
if str(val) != "":
print oidToHuman(oid) + ' = ' + str(val)
# BER encode next SNMP Object IDs to query
encoded_oids = map(asn1.OBJECTID().encode, oids)
# Update request object
req['request_id'] = req['request_id'] + 1
# Switch over GETNEXT PDU for if not done
if not (req is nextReq):
req = nextReq
return True
crit = arg[opt.index('-c')]
if '-w' in opt:
warn = arg[opt.index('-w')]
if '-n' in opt:
netip = arg[opt.index('-n')]
else:
err = 1
msgerr.append('Network address is missing! The -n option is mandatory ;)')
if err == 1:
for i in msgerr:
print i
sys.exit(3)
oid = ['1.3.6.1.4.1.311.1.3.2.1.1.3.'+netip]
client = role.manager((addr, port))
req = eval('v' + vers).GETREQUEST()
rsp = eval('v' + vers).GETRESPONSE()
(answer, src) = client.send_and_receive(req.encode(community=comm, encoded_oids=map(asn1.OBJECTID().encode, oid)))
rsp.decode(answer)
oids = map(lambda x: x[0], map(asn1.OBJECTID().decode, rsp['encoded_oids']))
vals = map(lambda x: x[0](), map(asn1.decode, rsp['encoded_vals']))
if vals[0] == '':
print 'DHCP UNKNOWN'
sys.exit(3)
elif vals[0] <= crit:
print 'DHCP CRITICAL:', str(vals[0])
sys.exit(2)