diff --git a/scripts/script.db b/scripts/script.db index 20267e2a9..3617dbec6 100644 --- a/scripts/script.db +++ b/scripts/script.db @@ -502,7 +502,11 @@ Entry { filename = "snmp-win32-users.nse", categories = { "auth", "default", "sa Entry { filename = "socks-auth-info.nse", categories = { "default", "discovery", "safe", } } Entry { filename = "socks-brute.nse", categories = { "brute", "intrusive", } } Entry { filename = "socks-open-proxy.nse", categories = { "default", "discovery", "external", "safe", } } +Entry { filename = "ssh-auth-methods.nse", categories = { "auth", "intrusive", } } +Entry { filename = "ssh-brute.nse", categories = { "brute", "intrusive", } } Entry { filename = "ssh-hostkey.nse", categories = { "default", "discovery", "safe", } } +Entry { filename = "ssh-publickey-acceptance.nse", categories = { "auth", "intrusive", } } +Entry { filename = "ssh-run.nse", categories = { "intrusive", } } Entry { filename = "ssh2-enum-algos.nse", categories = { "discovery", "safe", } } Entry { filename = "sshv1.nse", categories = { "default", "safe", } } Entry { filename = "ssl-ccs-injection.nse", categories = { "safe", "vuln", } } diff --git a/scripts/ssh-auth-methods.nse b/scripts/ssh-auth-methods.nse index 9113a8025..47b817fd4 100644 --- a/scripts/ssh-auth-methods.nse +++ b/scripts/ssh-auth-methods.nse @@ -3,7 +3,10 @@ local stdnse = require "stdnse" local libssh2_util = require "libssh2-utility" description = [[ -Returns authenication methods a ssh server supports. +Returns authentication methods that a SSH server supports. + +This is in the "intrusive" category because it starts an authentication with a +username which may be invalid. The abandoned connection will likely be logged. ]] --- @@ -18,9 +21,10 @@ Returns authenication methods a ssh server supports. -- |_ password author = "Devin Bjelland" -license = "Same as Nmap--See http://nmap.org/book/man-legal.html" +license = "Same as Nmap--See https://nmap.org/book/man-legal.html" +categories = {"auth", "intrusive"} -local username = stdnse.get_script_args "ssh.user" or stdnse.generate_random_string(5) +local username = stdnse.get_script_args("ssh.user") or stdnse.generate_random_string(5) portrule = shortport.port_or_service(22, 'ssh') function action (host, port) diff --git a/scripts/ssh-brute.nse b/scripts/ssh-brute.nse index 249cdd208..f7aae415c 100644 --- a/scripts/ssh-brute.nse +++ b/scripts/ssh-brute.nse @@ -25,7 +25,7 @@ Performs brute-force password guessing against ssh servers. -- @args ssh-brute.timeout Connection timeout (default: "5s") author = "Devin Bjelland" -license = "Same as Nmap--See http://nmap.org/book/man-legal.html" +license = "Same as Nmap--See https://nmap.org/book/man-legal.html" categories = { 'brute', 'intrusive', diff --git a/scripts/ssh-publickey-acceptance.nse b/scripts/ssh-publickey-acceptance.nse index 75271597a..f971cbfd2 100644 --- a/scripts/ssh-publickey-acceptance.nse +++ b/scripts/ssh-publickey-acceptance.nse @@ -33,6 +33,7 @@ see if the target ssh server accepts them for publickey authentication. If no ke author = "Devin Bjelland" license = "Same as Nmap--See http://nmap.org/book/man-legal.html" +categories = {"auth", "intrusive"} local privatekeys = stdnse.get_script_args "ssh.privatekeys" local usernames = stdnse.get_script_args "ssh.usernames"