SNMP scripts are enabled on non-standard ports. See #1473

2025-12-06 04:31:29 +00:00 · 2020-07-27 03:32:27 +00:00
parent 99220fe0bc
commit 631d2556c0
12 changed files with 16 additions and 12 deletions
--- a/3
+++ b/3
@@ -1,5 +1,8 @@
 #Nmap Changelog ($Id$); -*-text-*-

+o [NSE][GH#1473] SNMP scripts are now enabled on non-standard ports where SNMP
+  has been detected [usd-markus, nnposter]
+
 o [NSE][GH#2084] MQTT library was using incorrect position when parsing
  received responses [tatulea]

--- a/scripts/snmp-brute.nse
+++ b/scripts/snmp-brute.nse
@@ -56,7 +56,7 @@ license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
 categories = {"intrusive", "brute"}


-portrule = shortport.portnumber(161, "udp", {"open", "open|filtered"})
+portrule = shortport.port_or_service(161, "snmp", "udp", {"open", "open|filtered"})

 local communitiestable = {}

@@ -171,7 +171,8 @@ local sniff_snmp_responses = function(host, port, lport, result)
  local condvar = nmap.condvar(result)
  local pcap = nmap.new_socket()
  pcap:set_timeout(host.times.timeout * 1000 * 3)
-  pcap:pcap_open(host.interface, 300, false, "src host ".. host.ip .." and udp and src port 161 and dst port "..lport)
+  pcap:pcap_open(host.interface, 300, false,
+    ("src host %s and udp and src port %d and dst port %d"):format(host.ip, port.number, lport))

  local communities = creds.Credentials:new(SCRIPT_NAME, host, port)

--- a/scripts/snmp-hh3c-logins.nse
+++ b/scripts/snmp-hh3c-logins.nse
@@ -53,7 +53,7 @@ dependencies = {"snmp-brute"}
 -- Updated 11/08/2012 - v0.3 - added xmloutput


-portrule = shortport.portnumber(161, "udp", {"open", "open|filtered"})
+portrule = shortport.port_or_service(161, "snmp", "udp", {"open", "open|filtered"})

 --- Gets a value for the specified oid
 --
--- a/scripts/snmp-interfaces.nse
+++ b/scripts/snmp-interfaces.nse
@@ -61,7 +61,7 @@ prerule = function()
  return true
 end

-portrule = shortport.portnumber(161, "udp", {"open", "open|filtered"})
+portrule = shortport.port_or_service(161, "snmp", "udp", {"open", "open|filtered"})

 -- List of IANA-assigned network interface types
 -- Taken from IANAifType-MIB
--- a/scripts/snmp-ios-config.nse
+++ b/scripts/snmp-ios-config.nse
@@ -45,7 +45,7 @@ categories = {"intrusive"}
 dependencies = {"snmp-brute"}


-portrule = shortport.portnumber(161, "udp", {"open", "open|filtered"})
+portrule = shortport.port_or_service(161, "snmp", "udp", {"open", "open|filtered"})

 local function fail (err) return stdnse.format_output(false, err) end
 ---
--- a/scripts/snmp-netstat.nse
+++ b/scripts/snmp-netstat.nse
@@ -40,7 +40,7 @@ dependencies = {"snmp-brute"}
 -- Revised 07/26/2012 - v0.3 - added newtargets support


-portrule = shortport.portnumber(161, "udp", {"open", "open|filtered"})
+portrule = shortport.port_or_service(161, "snmp", "udp", {"open", "open|filtered"})

 --- Processes the table and creates the script output
 --
--- a/scripts/snmp-processes.nse
+++ b/scripts/snmp-processes.nse
@@ -72,7 +72,7 @@ dependencies = {"snmp-brute"}
 -- Revised 04/11/2010 - v0.4 - moved snmp_walk to snmp library <patrik@cqure.net>


-portrule = shortport.portnumber(161, "udp", {"open", "open|filtered"})
+portrule = shortport.port_or_service(161, "snmp", "udp", {"open", "open|filtered"})

 --- Gets a value for the specified oid
 --
--- a/scripts/snmp-sysdescr.nse
+++ b/scripts/snmp-sysdescr.nse
@@ -25,7 +25,7 @@ categories = {"default", "discovery", "safe"}
 dependencies = {"snmp-brute"}


-portrule = shortport.portnumber(161, "udp", {"open", "open|filtered"})
+portrule = shortport.port_or_service(161, "snmp", "udp", {"open", "open|filtered"})

 ---
 -- Sends SNMP packets to host and reads responses
--- a/scripts/snmp-win32-services.nse
+++ b/scripts/snmp-win32-services.nse
@@ -51,7 +51,7 @@ dependencies = {"snmp-brute"}
 -- Revised 04/11/2010 - v0.3 - moved snmp_walk to snmp library <patrik@cqure.net>


-portrule = shortport.portnumber(161, "udp", {"open", "open|filtered"})
+portrule = shortport.port_or_service(161, "snmp", "udp", {"open", "open|filtered"})


 --- Processes the table and creates the script output
--- a/scripts/snmp-win32-shares.nse
+++ b/scripts/snmp-win32-shares.nse
@@ -32,7 +32,7 @@ dependencies = {"snmp-brute"}
 -- Revised 04/11/2010 - v0.3 - moved snmp_walk to snmp library <patrik@cqure.net>


-portrule = shortport.portnumber(161, "udp", {"open", "open|filtered"})
+portrule = shortport.port_or_service(161, "snmp", "udp", {"open", "open|filtered"})

 --- Gets a value for the specified oid
 --
--- a/scripts/snmp-win32-software.nse
+++ b/scripts/snmp-win32-software.nse
@@ -64,7 +64,7 @@ dependencies = {"snmp-brute"}
 -- Revised 04/11/2010 - v0.3 - moved snmp_walk to snmp library <patrik@cqure.net>


-portrule = shortport.portnumber(161, "udp", {"open", "open|filtered"})
+portrule = shortport.port_or_service(161, "snmp", "udp", {"open", "open|filtered"})

 --- Gets a value for the specified oid
 --
--- a/scripts/snmp-win32-users.nse
+++ b/scripts/snmp-win32-users.nse
@@ -44,7 +44,7 @@ dependencies = {"snmp-brute"}
 -- Revised 04/11/2010 - v0.3 - moved snmp_walk to snmp library <patrik@cqure.net>


-portrule = shortport.portnumber(161, "udp", {"open", "open|filtered"})
+portrule = shortport.port_or_service(161, "snmp", "udp", {"open", "open|filtered"})

 --- Processes the table and creates the script output
 --