diff --git a/servers/SNMP.py b/servers/SNMP.py index 5ba69cf..718b5e3 100755 --- a/servers/SNMP.py +++ b/servers/SNMP.py @@ -15,15 +15,14 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . from utils import * +from binascii import hexlify +from pyasn1.codec.ber.decoder import decode if settings.Config.PY2OR3 == "PY3": from socketserver import BaseRequestHandler else: from SocketServer import BaseRequestHandler -from pyasn1.codec.der.decoder import decode - - class SNMP(BaseRequestHandler): def handle(self): data = self.request[0] @@ -31,20 +30,33 @@ class SNMP(BaseRequestHandler): snmp_version = int(received_record['field-0']) - if snmp_version > 1: - # TODO: Add support for SNMPv3 (which will have a field-0 value of 2) - print(text("[SNMP] Unsupported SNMPv3 request received from %s" % self.client_address[0].replace("::ffff:",""))) - return + if snmp_version == 3: + full_snmp_msg = hexlify(data).decode('utf-8') + received_record_inner, _ = decode(received_record['field-2']) + snmp_user = str(received_record_inner['field-3']) + engine_id = hexlify(received_record_inner['field-0']._value).decode('utf-8') + auth_params = hexlify(received_record_inner['field-4']._value).decode('utf-8') - community_string = str(received_record['field-1']) - SaveToDb( - { + SaveToDb({ "module": "SNMP", - "type": "Cleartext", - "client": self.client_address[0], - "user": community_string, - "cleartext": community_string, - "fullhash": community_string, - } - ) + "type": "SNMPv3", + "client" : self.client_address[0], + "user": snmp_user, + "hash": auth_params, + "fullhash": "{}:{}:{}:{}".format(snmp_user, full_snmp_msg, engine_id, auth_params) + }) + else: + community_string = str(received_record['field-1']) + snmp_version = '1' if snmp_version == 0 else '2c' + + SaveToDb( + { + "module": "SNMP", + "type": "Cleartext SNMPv{}".format(snmp_version), + "client": self.client_address[0], + "user": community_string, + "cleartext": community_string, + "fullhash": community_string, + } + )