Kioptrix

From our linux machine’s shell, we’d would type the following command to scan a single machine.
linux~#snmpwalk -c public -v1 -target IP-

This can return information such as running services, and/or installed applications. Also somewhere in the output, we could find the operating system’s version. It can be a very long output, so using grep is a good idea.
linux~#snmpwalk -c public -v1 -target IP- | grep sysDescr.0

One can also enumerate users with snmpwalk:
linux~#snmpwalk -c public -v1 -target IP- 1 | grep 77.1.2.25 | cut -d” ” -f4

Enumerating services with snmpwalk:
linux~#snmpwalk -c public -v1 -target IP- 1 | grep hrSWRunName | cut -d” ” -f4

Enumerating TCP ports:
linux~#snmpwalk -c public -v1 -target IP- 1 | grep tcpConnState | cut -d” ” -f4

And enumerating installed applications:
linux~#snmpwalk -c public -v1 -target IP- 1 | grep hrSWInstalledName | cut -d” ” -f4

The above syntax, the switches -c & -v are used. The first -c is to indicate which community string: public or private. The second, -v tells the script which version of snmp to use. In this case version 1. We also inform the script to add the root of the mib tree with “1″ after the target’s IP address. See top of the this post for a wiki link on the mib tree.

Of course, one can use the following script “snmpcheck” to gather most or all information availible in a more human readable format.