Merge pull request #222 from lowSoA/enhancement-snmpv3-support

Implement SNMPv3 support
2025-07-06 04:51:23 -07:00 · 2023-08-13 11:21:10 -03:00 · 2023-08-13 11:21:10 -03:00 · 83c817d9c2
commit 83c817d9c2
parent 56e5fa0d29 edb85332ab
1 changed files with 29 additions and 17 deletions
--- a/servers/SNMP.py
+++ b/servers/SNMP.py
@ -15,15 +15,14 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 from utils import *
+from binascii import hexlify
+from pyasn1.codec.ber.decoder import decode

 if settings.Config.PY2OR3 == "PY3":
    from socketserver import BaseRequestHandler
 else:
    from SocketServer import BaseRequestHandler

-from pyasn1.codec.der.decoder import decode
-
-
 class SNMP(BaseRequestHandler):
    def handle(self):
        data = self.request[0]
@ -31,20 +30,33 @@ class SNMP(BaseRequestHandler):

        snmp_version = int(received_record['field-0'])

-        if snmp_version > 1:
-            # TODO: Add support for SNMPv3 (which will have a field-0 value of 2)
-            print(text("[SNMP] Unsupported SNMPv3 request received from %s" % self.client_address[0].replace("::ffff:","")))
-            return
+        if snmp_version == 3:
+            full_snmp_msg = hexlify(data).decode('utf-8')
+            received_record_inner, _ = decode(received_record['field-2'])
+            snmp_user = str(received_record_inner['field-3'])
+            engine_id = hexlify(received_record_inner['field-0']._value).decode('utf-8')
+            auth_params = hexlify(received_record_inner['field-4']._value).decode('utf-8')

-        community_string = str(received_record['field-1'])

-        SaveToDb(
-            {
+            SaveToDb({
                "module": "SNMP",
-                "type": "Cleartext",
-                "client": self.client_address[0],
-                "user": community_string,
-                "cleartext": community_string,
-                "fullhash": community_string,
-            }
-        )
+                "type": "SNMPv3",
+                "client" : self.client_address[0],
+                "user": snmp_user,
+                "hash": auth_params,
+                "fullhash": "{}:{}:{}:{}".format(snmp_user, full_snmp_msg, engine_id, auth_params)
+            })
+        else:
+            community_string = str(received_record['field-1'])
+            snmp_version = '1' if snmp_version == 0 else '2c'
+
+            SaveToDb(
+                {
+                    "module": "SNMP",
+                    "type": "Cleartext SNMPv{}".format(snmp_version),
+                    "client": self.client_address[0],
+                    "user": community_string,
+                    "cleartext": community_string,
+                    "fullhash": community_string,
+                }
+            )