Scanning for SNMP

With nmap:

sudo nmap -sU --open -p 161 -oG open-snmp.txt

With onesixtyone:

echo public > community
echo private >> community
echo manager >> community

for ip in $(seq 1 254); do echo <subnet>.$ip; done > ips

onesixtyone -c community -i ips

Windows Enumeration

Use snmpwalk.

Enumerate entire MIB:

snmpwalk -c public -v1 -t 10 <ip>

Enumerate Windows users:

snmpwalk -c public -v1 <ip>

Enumerate Windows processes:

snmpwalk -c public -v1 <ip>

Enumerate open TCP ports:

snmpwalk -c public -v1 <ip>

Enumerate installed software:

snmpwalk -c public -v1 <ip>