#!/usr/bin/env python

#
# A rudimentary snmpwalk-like with scapy. Useful to choose a good
# OID to use during a SNMP reflected amplification DDos attack
#
# Usage: ./snmpsize.py 1.2.3.4 public 1.3.6.1.2.1 v1
#
# http://www.nothink.org
#

import signal,sys

# Change log level to suppress annoying IPv6 error
import logging
logging.getLogger("scapy.runtime").setLevel(logging.ERROR)

# Import scapy
try:
	from scapy.all import *
except:
	print "install scapy"
	print "http://www.secdev.org/projects/scapy/"

# Turn down the verbosity of scapy
conf.verb = 0

def signal_handler(signum,frame):
	global interrupted
	interrupted = True

def sendRequest(target,community,oid_prefix,version):

	nextoid = oid_prefix

	# best choices!
	best_oid = ''
	best_size = 0

	while True:
	
		p = IP(dst=target)/UDP(sport=161,dport=161)/SNMP(version=version,community=community,PDU=SNMPnext(varbindlist=[SNMPvarbind(oid=ASN1_OID(nextoid))]))
		
		#p.show()
		r = sr1(p)
	
		if r:
			# size
			rle = r.len

			# next oid 
			oid = r[SNMPvarbind].oid.val

			if oid.startswith(oid_prefix):
				print oid + "\t" + str(rle) + " bytes"

				if int(rle) > best_size:
					best_size = int(rle)
					best_oid = oid

			else:
				print "\n\nbest choices: %s %s bytes\n" % (best_oid,str(best_size))
				break
			
			nextoid = oid

if __name__ == "__main__":

	if len(sys.argv) <= 4:
		print "Usage %s 1.2.3.4 public 1.3.6.1.2.1 v1" % sys.argv[0]
		sys.exit(1)

	try:
		sendRequest(sys.argv[1],sys.argv[2],sys.argv[3],sys.argv[4])

	except KeyboardInterrupt:
		print "Exit..."
Facebook Social Plugins
Google Analytics