1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
|
#
# GET Command Generator
#
# Send a SNMP GET request
# with SNMPv2c, community 'public'
# over IPv4/UDP
# to an Agent at 195.218.195.228:161
# from a non-local, spoofed IP 1.2.3.4 (root and Python 3.3+ required)
# for an OID in tuple form
#
# This script performs similar to the following Net-SNMP command:
#
# $ snmpget -v2c -c public -ObentU 195.218.195.228 1.3.6.1.2.1.1.1.0
#
# But unlike the above command, this script issues SNMP request from
# a non-default, non-local IP address.
#
# It is indeed possible to originate SNMP traffic from any valid local
# IP addresses. It could be a secondary IP interface, for instance.
# Superuser privileges are only required to send spoofed packets.
# Alternatively, sending from local interface could also be achieved by
# binding to it (via openClientMode() parameter).
#
#
from pysnmp.entity import engine, config
from pysnmp.carrier.asynsock.dgram import udp
from pysnmp.entity.rfc3413 import cmdgen
# Create SNMP engine instance
snmpEngine = engine.SnmpEngine()
#
# SNMPv1 setup
#
# SecurityName <-> CommunityName mapping
config.addV1System(snmpEngine, 'my-area', 'public')
# Specify security settings per SecurityName (SNMPv1 - 0, SNMPv2c - 1)
config.addTargetParams(snmpEngine, 'my-creds', 'my-area', 'noAuthNoPriv', 0)
#
# Setup transport endpoint and bind it with security settings yielding
# a target name
#
# Initialize asyncore-based UDP/IPv4 transport
udpSocketTransport = udp.UdpSocketTransport().openClientMode()
# Use sendmsg()/recvmsg() for socket communication (required for
# IP source spoofing functionality)
udpSocketTransport.enablePktInfo()
# Enable IP source spoofing (requires root privileges)
udpSocketTransport.enableTransparent()
# Register this transport at SNMP Engine
config.addTransport(
snmpEngine,
udp.domainName,
udpSocketTransport
)
# Configure destination IPv4 address as well as source IPv4 address
config.addTargetAddr(
snmpEngine, 'my-router',
udp.domainName, ('195.218.195.228', 161),
'my-creds',
sourceAddress=('1.2.3.4', 0)
)
# Error/response receiver
def cbFun(snmpEngine, sendRequestHandle, errorIndication,
errorStatus, errorIndex, varBinds, cbCtx):
if errorIndication:
print(errorIndication)
# SNMPv1 response may contain noSuchName error *and* SNMPv2c exception,
# so we ignore noSuchName error here
elif errorStatus and errorStatus != 2:
print('%s at %s' % (
errorStatus.prettyPrint(),
errorIndex and varBinds[int(errorIndex)-1][0] or '?'
)
)
else:
for oid, val in varBinds:
print('%s = %s' % (oid.prettyPrint(), val.prettyPrint()))
# Prepare and send a request message
cmdgen.GetCommandGenerator().sendVarBinds(
snmpEngine,
'my-router',
None, '', # contextEngineId, contextName
[ ((1,3,6,1,2,1,1,1,0), None) ],
cbFun
)
# Run I/O dispatcher which would send pending queries and process responses
snmpEngine.transportDispatcher.runDispatcher()
|