Merge pull request #222 from lowSoA/enhancement-snmpv3-support

Implement SNMPv3 support
2025-07-06 04:51:23 -07:00 · 2023-08-13 11:21:10 -03:00 · 2023-08-13 11:21:10 -03:00 · 83c817d9c2
commit 83c817d9c2
parent 56e5fa0d29 edb85332ab
1 changed files with 29 additions and 17 deletions
--- a/servers/SNMP.py
+++ b/servers/SNMP.py
@ -15,15 +15,14 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 from utils import *
 from binascii import hexlify
 from pyasn1.codec.ber.decoder import decode
 if settings.Config.PY2OR3 == "PY3":
    from socketserver import BaseRequestHandler
 else:
    from SocketServer import BaseRequestHandler
 from pyasn1.codec.der.decoder import decode
 class SNMP(BaseRequestHandler):
    def handle(self):
        data = self.request[0]
@ -31,20 +30,33 @@ class SNMP(BaseRequestHandler):
        snmp_version = int(received_record['field-0'])
-        if snmp_version > 1:
+        if snmp_version == 3:
-            # TODO: Add support for SNMPv3 (which will have a field-0 value of 2)
+            full_snmp_msg = hexlify(data).decode('utf-8')
-            print(text("[SNMP] Unsupported SNMPv3 request received from %s" % self.client_address[0].replace("::ffff:","")))
+            received_record_inner, _ = decode(received_record['field-2'])
-            return
+            snmp_user = str(received_record_inner['field-3'])
            engine_id = hexlify(received_record_inner['field-0']._value).decode('utf-8')
            auth_params = hexlify(received_record_inner['field-4']._value).decode('utf-8')
        community_string = str(received_record['field-1'])
-        SaveToDb(
+            SaveToDb({
            {
                "module": "SNMP",
-                "type": "Cleartext",
+                "type": "SNMPv3",
-                "client": self.client_address[0],
+                "client" : self.client_address[0],
-                "user": community_string,
+                "user": snmp_user,
-                "cleartext": community_string,
+                "hash": auth_params,
-                "fullhash": community_string,
+                "fullhash": "{}:{}:{}:{}".format(snmp_user, full_snmp_msg, engine_id, auth_params)
-            }
+            })
-        )
+        else:
            community_string = str(received_record['field-1'])
            snmp_version = '1' if snmp_version == 0 else '2c'
            SaveToDb(
                {
                    "module": "SNMP",
                    "type": "Cleartext SNMPv{}".format(snmp_version),
                    "client": self.client_address[0],
                    "user": community_string,
                    "cleartext": community_string,
                    "fullhash": community_string,
                }
            )