nmap scan for snmp showing wrong info - nmap

Hello i am using nmap with snmp-info script and its coming back with wrong results. I have a cisco device that i am using to test with.
I only enabled snmpv3 on it, and ran the nmap scan like this against it
nmap -Pn -sU -sV -p161 --script=snmp-info 10.10.10.10
and it comes back with the results as so
Cisco SNMP Service; ciscoSystems SNMPv3 Server
I then configured the device to only use snmpv2 and i get the same results. I also tried enabling both snmpv2 and snmpv3 and i also get the same results. Is there something wrong with the script or the way i am scanning it?

Related

Nmap not showing MAC address & does not seem to be doing ARP ping scans

I am following a course online, in the course an Nmap scan is undertaken with the following results:
. As you can see, the second from bottom line is MAC Address: DE:AD:00:00:BE:EF and the SENT and RCVD lines show an ARP request and an ARP reply.
However, when I do this I do not see the MAC Address, nor do I see the ARP lines. I see instead am ICMP response, here is a screenshot from my result:
I am doing the nmap with sudo privileges so I'm not sure why I am not seeing the MAC address.
Thanks for any help
sudo nmap 192.168.43.109 -sn -oA host -PE --reason This command will only show the MAC address if your machine and the target machine are on the same network.

Obtain ssh version externally using nmap

I would like to know if I can obtain ssh version using nmap of my external vps.
nmap -p 22 sV <domainname>
result:
22/tcp filtered ssh
Is there another nmap syntax so I can obtain ssh service version?
Just want to obtain the ssh service version of my external vps.
I tried alot of nmap commands but probably there's a struggle in-between like a firewall, which causes a filtered state. My own network is behind a DrayTek Device. Maybe a possible cause?
Thanks in advance!
The nmap option --badsum is able to provide insight about the existence of a firewall. A non firewall device that runs a full network stack will silently drop a bad checksum. In the case that your scan reaches an end device, you would expect to see the same result as your -sV scan. A firewall may offer a different reply to the --badsum.
The answer to your question regarding version, is that -sV is ideal, however -A may run some scripts that return useful information. You can also run --script=sshv1 or another specific script that is ssh related. More script options are here nmap scripts.

Nmap enum-shares not working

I am trying to list a shared folder I have on the desktop of a virtual machine. with these commands:
nmap -sU -sS --script smb-enum-shares.nse -p U:137,T:139 10.10.10.115
nmap --script smb-enum-shares.nse -p445 10.10.10.115
The combined output is :
Nmap scan report for 10.10.10.115
Host is up (0.00s latency).
PORT STATE SERVICE
445/tcp open microsoft-ds
139/tcp open netbios-ssn
137/udp open netbios-ns
MAC Address: 08:00:27:31:DB:FC (Oracle VirtualBox virtual NIC)
This is not the output I am supposed to get referring to this : https://nmap.org/nsedoc/scripts/smb-enum-shares.html
Why is it not listing the shared folder on the desktop ? I have set maximum permission to everyone for the folder.
Thank you !
Guillaume
Seems like a bug in nmap https://github.com/nmap/nmap/issues/704
You can try -d flag to run nmap in debug mode. I see the "SMB: Login as \guest failed (NT_STATUS_ACCOUNT_DISABLED)" error. But other utilites (e.g. softperfect network scanner) works fine without specific permisions on remote machine.
See documentation: smb-enum-shares. Use function add_account in smbauth module

check distribution version linux with ip

For a quiz I must fill in the following question:
Which distribution of Linux is on the server. They give me only a ip adress "37.59.41.190". How can I check this external?
Use nmap command to find Operating System details, it's not 100% accurate, though,
nmap -O <ip address>
nmap runs different OS fingerprint check techniques.

Nmap script not executed

I'm sure it's something simple but I can't figure it it. I have an nmap command like the following, because I want to test the tool with my website
nmap -p80 --system-dns --script http-wordpress-plugins.nse legault.cc
The output is the following
Starting Nmap 7.11 ( https://nmap.org ) at 2016-03-24 20:42 Eastern Daylight Time
Nmap scan report for legault.cc (192.254.232.221)
Host is up (0.092s latency).
PORT STATE SERVICE
80/tcp open http
Nmap done: 1 IP address (1 host up) scanned in 6.71 seconds
It seems to me that the script should run, because the port is open, Wordpress is installed correclt and the login page is at /wp-login.php
Advice would be greatly appreciated!
The http-wordpress-plugins script was renamed to http-wordpress-enum in version 6.49. If you still have the old script, it may not work the same with the current version of Nmap. The new version works for me with that target. You can use the -d option to see debugging output from the script that may be helpful.