Nmap snmp-ios-config NSE Script
This page contains detailed information about how to use the snmp-ios-config NSE script. For list of all NSE scripts, visit the Nmap NSE Library.
| Select: |
|---|
Script Overview
Script source code: https://github.com/nmap/nmap/tree/master/scripts/snmp-ios-config.nse
Script categories: intrusive
Target service / protocol: snmp, udp
Target network port(s): 161
List of CVEs: -
Script Description
The snmp-ios-config.nse script attempts to downloads Cisco router IOS configuration files using SNMP RW (v1) and display or save them.
Snmp-ios-config NSE Script Arguments
This is a full list of arguments supported by the snmp-ios-config.nse script:
snmp-ios-config.tftprootIf set, specifies to what directory the downloaded config should be saved
creds.globalCredentials to be returned by Credentials.getCredentials regardless of the service.
creds.[service]Credentials to be returned by Credentials.getCredentials for [service]. E.g. creds.http=admin:password
snmp.version
The SNMP protocol version. Use "v1" or 0 for SNMPv1 (default) and "v2c" or 1 for SNMPv2c.
- - -
To use these script arguments, add them to the Nmap command line using the --script-args arg1=value,[arg2=value,..] syntax. For example:
nmap --script=snmp-ios-config --script-args snmp-ios-config.tftproot=value,creds.global=value <target>Snmp-ios-config NSE Script Example Usage
Here's an example of how to use the snmp-ios-config.nse script:
nmap -sU -p 161 --script snmp-ios-config --script-args creds.snmp=:<community> <target>
Snmp-ios-config NSE Script Example Output
Here's a sample output from the snmp-ios-config.nse script:
| snmp-ios-config:
| !
| version 12.3
| service timestamps debug datetime msec
| service timestamps log datetime msec
| no service password-encryption
| !
| hostname Router
| !
| boot-start-marker
| boot-end-marker
<snip>
Snmp-ios-config NSE Script Example XML Output
There is no sample XML output for this module. However, by providing the -oX <file> option, Nmap will produce a XML output and save it in the file.xml file.
Authors
- Vikas Singhal
- Patrik Karlsson
References
- https://nmap.org/nsedoc/scripts/snmp-ios-config.html
- https://github.com/nmap/nmap/tree/master/scripts/snmp-ios-config.nse
See Also
Related NSE scripts to the snmp-ios-config.nse script:
- snmp-brute.nse
- snmp-hh3c-logins.nse
- snmp-info.nse
- snmp-interfaces.nse
- snmp-netstat.nse
- snmp-processes.nse
- snmp-sysdescr.nse
- snmp-win32-services.nse
- snmp-win32-shares.nse
- snmp-win32-software.nse
- snmp-win32-users.nse
Visit Nmap NSE Library for more scripts.
The snmp-ios-config.nse script may fail with the following error messages. Check for the possible causes by using the code snippets highlighted below found in the script source code. This can often times help in identifying the root cause of the problem.
tftproot needs to end with slash
Here is a relevant code snippet related to the "tftproot needs to end with slash" error message:
53: action = function(host, port)
54:
55: local tftproot = stdnse.get_script_args("snmp-ios-config.tftproot")
56:
57: if ( tftproot and not( tftproot:match("[\\/]+$") ) ) then
58: return fail("tftproot needs to end with slash")
59: end
60:
61: local snmpHelper = snmp.Helper:new(host, port)
62: snmpHelper:connect()
63:
Failed to determine local ip
Here is a relevant code snippet related to the "Failed to determine local ip" error message:
61: local snmpHelper = snmp.Helper:new(host, port)
62: snmpHelper:connect()
63:
64: local status, tftpserver, _, _, _ = snmpHelper.socket:get_info()
65: if( not(status) ) then
66: return fail("Failed to determine local ip")
67: end
68:
69: -- build a SNMP v1 packet
70: -- set value: .1.3.6.1.4.1.9.9.96.1.1.1.1.2.9999 (ConfigCopyProtocol is set to TFTP [1] )
71:
Failed to receive cisco configuration file
Here is a relevant code snippet related to the "Failed to receive cisco configuration file" error message:
138:
139: local response
140: status, response = snmpHelper:get({reqId=28428}, ".1.3.6.1.4.1.9.9.96.1.1.1.1.10.9999")
141:
142: if (not status) or (response == "TIMEOUT") then
143: return fail("Failed to receive cisco configuration file")
144: end
145:
146: local result = response and response[1] and response[1][1]
147: if not result then
148: return
(1:waiting, 2:running, 3:successful, 4:failed)
Here is a relevant code snippet related to the " (1:waiting, 2:running, 3:successful, 4:failed)" error message:
161: return fail(file)
162: end
163: result = ("\n Configuration saved to (%s)"):format(fname)
164: end
165: else
166: result = "Not successful! error code: " .. result .. " (1:waiting, 2:running, 3:successful, 4:failed)"
167: end
168:
169: -------------------------------------------------
170: -- build a SNMP v1 packet
171: -- set value: .1.3.6.1.4.1.9.9.96.1.1.1.1.14 (Destroy settings by setting CopyStatus to destroy [6])
Version
This page has been created based on Nmap version 7.92.
Go back to menu.
