braa

Walk the SNMP tree of host with public string querying all OIDs under .1.3.6

$ braa public@[ip]:[.1.3.6.*]

$ braa public@[ip_range]:[.1.3.6.1.2.1.1.6.0]

$ braa private@[ip]:[.1.3.6.1.2.1.1.6.0]=s'[workgroup]'

braa [options] <target/net> [target/net] ...
Example: braa -c public -c private 192.168.1.0/24
Example: braa -f targets.txt -o results.log -e .1.3.6.1.2.1.1.5.0

-v
    Enable verbose output.

-d
    Enable debug output for troubleshooting.

-L
    List all OIDs found, even if empty values are returned.

-c <string>
    Specify an SNMP community string to use (e.g., 'public', 'private'). Can be specified multiple times.

-co <file>
    Read SNMP community strings from the specified file.

-t <milliseconds>
    Set the receive timeout for SNMP responses in milliseconds (default: 200).

-p <port>
    Specify the UDP port for SNMP (default: 161).

-i <milliseconds>
    Set the interval between sending SNMP packets.

-x <count>
    Number of retries for each SNMP request.

-e <OID>
    Enumerate a specific OID (Object Identifier) on discovered devices. Can be specified multiple times.

-f <file>
    Read target IP addresses or networks from the specified file.

-o <file>
    Write results to the specified output file.

-a <address>
    Bind to a specific local IP address for sending packets.

-u
    Display usage information (help message).

`braa` is a specialized network utility for fast SNMP scanning and brute-forcing SNMP community strings. It is often included as part of security tool suites like thc-ipv6 or available standalone. Its primary function is to efficiently discover SNMP-enabled devices across large IP ranges, attempt to guess common or provided community strings (e.g., "public", "private"), and enumerate Object Identifiers (OIDs) to gather system information, such as uptime, device description, or network interfaces.

This tool is widely used by network administrators for auditing network security, identifying misconfigured devices, and by penetration testers to gain insights into network infrastructure. It leverages raw sockets for speed and can handle a high volume of requests.

Using braa can generate a significant amount of network traffic, potentially impacting network performance. It should only be used on networks you have explicit permission to scan, as unauthorized scanning can be considered a cybercrime. Depending on the system and configuration, running braa might require root privileges for raw socket access. It is not a standard pre-installed Linux command and typically needs to be installed from specific security tool repositories or compiled from source.

Always ensure you have proper authorization before using braa against any network. Unauthorized use can lead to legal consequences.

braa is not part of standard Linux distributions. It typically needs to be installed from security-focused repositories (e.g., Kali Linux, Parrot OS) or compiled from its source code, often found within the thc-ipv6 project.

braa was developed by The Hacker's Choice (THC), a well-known group in the cybersecurity community, as part of their comprehensive suite of network security tools, specifically within the thc-ipv6 project (despite braa being an IPv4 tool). Its inception aimed to provide a fast and efficient method for enumerating SNMP-enabled devices and cracking weak community strings, addressing a common vulnerability in network infrastructure. It has been maintained as a specialized tool for security auditing and penetration testing since its release.

snmpwalk(1), snmpget(1), nmap(1), netcat(1), masscan(1)