SNMP brute force, enumeration, CISCO config downloader and password cracking script. Listens for any responses to the brute force community strings, effectively minimising wait time.


  • metasploit
  • snmpwalk
  • snmpstat
  • john the ripper



–help, -h show this help message and exit
–file=DICTIONARY, -f DICTIONARY Dictionary file
–target=IP, -t IP Host IP
–port=PORT, -p PORT SNMP port


–rate=RATE, -r RATE Send rate
–timeout=TIMEOUT Wait time for UDP response (in seconds)
–delay=DELAY Wait time after all packets are send (in seconds)
–iplist=LFILE IP list file
–verbose, -v Verbose output


–bruteonly, -b Do not try to enumerate – only bruteforce
–auto, -a Non Interactive Mode
–no-colours No colour output

Operating Systems

–windows Enumerate Windows OIDs (
–linux Enumerate Linux OIDs (
–cisco Append extra Cisco OIDs (

Alternative Options

–stdin, -s Read communities from stdin
–community=COMMUNITY, -c COMMUNITY Single Community String to use
–sploitego Sploitego’s bruteforce method


  • Brute forces both version 1 and version 2c SNMP community strings
  • Enumerates information for CISCO devices or if specified for Linux and Windows operating systems.
  • Identifies RW community strings
  • Tries to download the router config (metasploit module).
  • If the CISCO config file is downloaded, shows the plaintext passwords (metasploit module) and tries to crack hashed passords with John the Ripper


  • cisc0wn –
  • sploitego project –
  • script – by Filip Waeytens
  • metasploit –

Download SNMP-Brute