# 2. SNMP Enumeration (Port 161,162)
## 1. SNMP Enumeration using snmp-check
first scan the target to check open port
```
sudo nmap -sU -sV -p 161 192.168.18.110
```
Now enumerate it
```
snmp-check 192.168.18.110
```
## 2. SNMP Enumeration with softperfect Network scanner
Windows.
{% embed url="" %}
## 3. Perform SNMP Enumeration using SnmpWalk
```
snmpwalk -v1 -c public 192.168.18.110
```
{% hint style="info" %}
-v1 is the version
-c is the string
{% endhint %}
For snmp version 2,use the following command
```
snmpwalk -v2c -c public 192.168.18.110
```
## 4. SNMP Enumeration using NMAP
```
sudo nmap -sU -P 161 --script snmp-sysdesc 192.168.18.110
sudo nmap -sU -P 161 --script snmp-processes 192.168.18.110
```
```
sudo nmap -sU -P 161 --script snmp-win32-software 192.168.18.110// List processes running on windows servers
```
```
sudo nmap -sU -P 161 --script snmp-interfaces 192.168.18.110
```
## 5. Other SNMP enumeration Tools
```
nmap -sU -p 161 10.10.1.2
nmap -sU -p 161 --script=snmp-brute 10.10.1.2
# Expoilt SNMP with Metasploit
msfdb init && msfconsole ↵
use auxilary/scanner/snmp/snmp_login ↵
set RHOSTS 10.10.1.2 ↵
exploit ↵
use auxilary/scanner/snmp/snmp_enum ↵
set RHOSTS 10.10.1.2 ↵
exploit ↵
```
{% embed url="" %}