ViewMTN: File plugins/snmp.py in revision [51afdf76..]

ViewMTN — Everything : Branches | Tags | Help | About | Change DB
Revision [51afdf76..]: Info | Browse Files | Download (tar)
File plugins/snmp.py: Changes | View | Download | RSS

Below is the file 'plugins/snmp.py' from this revision. You can also download the file.

#!/usr/bin/python

import socket
import httplib
import scan
from goatpy import snmpwrapper

export = {
	"name" : "snmp",
	"version" : "0.1",
	"description" : "Checks for insecure SNMP configurations.",
	"type" : "scanner",
	"tcp_ports" : None,
	"udp_ports" : [161]
}

communities = {
	'public' : scan.urgency_alert,
	'private' : scan.urgency_critical
}

def host_callback(library, host, tcp_ports, udp_ports):
	rv = []
	ip_addresses = filter(lambda x: x[1] == "ipv4", host.addresses)
	if len(ip_addresses) == 0: return rv
	address, protocol = ip_addresses[0]
	for community in communities:
		try:
			result = [t for t in snmpwrapper.snmpwalk(address, community, '1', 'sysDescr', timeout=library.config.socket_timeout)]
		except Exception:
			# ignore this, it's just a timeout
			continue
		except:
			raise
		if len(result) > 0:
			response = scan.ScannerResponse()
			response.address = address, protocol
			response.urgency = communities[community]
			response.plugin_name = export['name']
			sysDescrs = []
			for oid, resp, value in result:
				sysDescrs.append(value)
			response.short_mesg = "SNMP access allowed via community '%s' (sysDescr=%s)" % (community, ','.join(sysDescrs))
			response.udp_ports = udp_ports
			rv.append(response)
	return rv