Merged gsoc-ssh branch. Closes #910

2025-12-15 04:09:01 +00:00 · 2017-06-29 21:27:35 +00:00
parent db975219f1
commit 0c142333bb
381 changed files with 169420 additions and 22 deletions
--- a/scripts/ssh-run.nse
+++ b/scripts/ssh-run.nse
@@ -0,0 +1,83 @@
+local stdnse = require "stdnse"
+local shortport = require "shortport"
+local table = require "table"
+local libssh2_util = require "libssh2-utility"
+
+description = [[
+Runs remote command on ssh server and returns command output.
+]]
+
+---
+-- @usage nmap -p 22 -v -d --script=ssh-run --datadir=./ \
+-- --script-args="ssh-run.cmd=ls -l /, ssh-run.username=myusername, ssh-run.password=mypassword" <target>
+--
+-- @output
+-- 22/tcp open  ssh     syn-ack 0
+-- | run-remote:
+-- |   output:
+-- |     total 124
+-- | drwxr-xr-x   2 root       root        4096 Jun 23 09:34 bin
+-- | drwxr-xr-x   3 root       root        4096 Jun 19 12:42 boot
+-- | drwxr-xr-x   2 root       root        4096 Feb  6  2013 cdrom
+-- | drwxr-xr-x  16 root       root        4340 Jul 17 13:37 dev
+-- | drwxr-xr-x 162 root       root       12288 Jul 20 12:10 etc
+-- | drwxr-xr-x  15 root       root        4096 Jun 23 15:20 home
+-- | ...
+-- |_drwxr-xr-x  14 root       root        4096 Jun  6 14:58 var
+--
+-- @args ssh-run.username    Username to authenticate as
+-- @args ssh-run.password    Password to use if using password authentication
+-- @args ssh-run.privatekey    Privatekeyfile to use if using publickey authentication
+-- @args ssh-run.passphrase    Passphrase for privatekey if using publickey authentication
+-- @args ssh-run.cmd   Command to run on remote server
+
+
+author = "Devin Bjelland"
+license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
+
+categories = {
+  'intrusive',
+}
+
+portrule = shortport.port_or_service(22, 'ssh')
+
+local username = stdnse.get_script_args 'ssh-run.username'
+local cmd = stdnse.get_script_args 'ssh-run.cmd'
+local password = stdnse.get_script_args 'ssh-run.password'
+local privatekey = stdnse.get_script_args 'ssh-run.privatekey'
+local passphrase = stdnse.get_script_args 'ssh-run.passphrase'
+
+function action (host, port)
+  local conn = libssh2_util.SSHConnection:new()
+  if not conn:connect(host, port) then
+    return "Failed to connect to ssh server"
+  end
+  if username and password and cmd then
+    if not conn:password_auth(username, password) then
+      conn:disconnect()
+      stdnse.verbose "Failed to authenticate"
+      return "Authentication Failed"
+    else
+      stdnse.verbose "Authenticated"
+    end
+  elseif username and privatekey and cmd then
+    if not conn:publickey_auth(username, privatekey, passphrase) then
+      conn:disconnect()
+      stdnse.verbose "Failed to authenticate"
+      return "Authentication Failed"
+    else
+      stdnse.verbose "Authenticated"
+    end
+
+  else
+    stdnse.verbose "Failed to specify credentials and command to run."
+    return "Failed to specify credentials and command to run."
+  end
+  stdnse.verbose("Running command: " .. cmd)
+  local output, err_output = conn:run_remote(cmd)
+  stdnse.verbose("Output of command: " .. output)
+  local result = stdnse.output_table()
+  result.output = {}
+  table.insert(result.output, output)
+  return result
+end