o Removed showSSHVersion.nse. Its only real claim to fame was the

ability to trick some SSH servers (including at least OpenSSH 4.3p2-9etch3) into not logging the connection. This trick doesn't seem to work with newer versions of OpenSSH, as my openssh-server-4.7p1-4.fc8 does log the connection. Without the stealth advantage, the script has no real benefit over version detection or the upcoming banner grabbing script. [Fyodor]
2025-12-08 21:51:28 +00:00 · 2008-11-04 05:04:12 +00:00
parent e0a3c5c64f
commit c22c9ca885
3 changed files with 102 additions and 138 deletions
--- a/8
+++ b/8
@@ -1,5 +1,13 @@
 # Nmap Changelog ($Id$); -*-text-*-

+o Removed showSSHVersion.nse. Its only real claim to fame was the
+  ability to trick some SSH servers (including at least OpenSSH
+  4.3p2-9etch3) into not logging the connection.  This trick doesn't
+  seem to work with newer versions of OpenSSH, as my
+  openssh-server-4.7p1-4.fc8 does log the connection. Without the
+  stealth advantage, the script has no real benefit over version
+  detection or the upcoming banner grabbing script. [Fyodor]
+
 o NSE scripts that require a list of DNS servers (currently only
  ASN.nse) now work when IPv6 scanning. Previously it gave an error
  message: "Failed to send dns query.  Response from dns.query(): 9".
--- a/scripts/script.db
+++ b/scripts/script.db
@@ -1,107 +1,106 @@
-Entry{ category = "default", filename = "showOwner.nse" }
-Entry{ category = "safe", filename = "showOwner.nse" }
-Entry{ category = "discovery", filename = "daytimeTest.nse" }
-Entry{ category = "default", filename = "RealVNC_auth_bypass.nse" }
-Entry{ category = "vuln", filename = "RealVNC_auth_bypass.nse" }
-Entry{ category = "intrusive", filename = "SQLInject.nse" }
-Entry{ category = "vuln", filename = "SQLInject.nse" }
-Entry{ category = "auth", filename = "bruteTelnet.nse" }
-Entry{ category = "intrusive", filename = "bruteTelnet.nse" }
-Entry{ category = "discovery", filename = "HTTPtrace.nse" }
-Entry{ category = "demo", filename = "SMTP_openrelay_test.nse" }
-Entry{ category = "default", filename = "HTTPAuth.nse" }
-Entry{ category = "auth", filename = "HTTPAuth.nse" }
-Entry{ category = "intrusive", filename = "HTTPAuth.nse" }
 Entry{ category = "default", filename = "dns-test-open-recursion.nse" }
 Entry{ category = "intrusive", filename = "dns-test-open-recursion.nse" }
-Entry{ category = "default", filename = "showHTMLTitle.nse" }
-Entry{ category = "safe", filename = "showHTMLTitle.nse" }
-Entry{ category = "default", filename = "SMTPcommands.nse" }
-Entry{ category = "discovery", filename = "SMTPcommands.nse" }
-Entry{ category = "safe", filename = "SMTPcommands.nse" }
-Entry{ category = "default", filename = "MSSQLm.nse" }
-Entry{ category = "discovery", filename = "MSSQLm.nse" }
-Entry{ category = "intrusive", filename = "MSSQLm.nse" }
-Entry{ category = "default", filename = "SSHv1-support.nse" }
-Entry{ category = "safe", filename = "SSHv1-support.nse" }
-Entry{ category = "default", filename = "MySQLinfo.nse" }
-Entry{ category = "discovery", filename = "MySQLinfo.nse" }
-Entry{ category = "safe", filename = "MySQLinfo.nse" }
-Entry{ category = "auth", filename = "xamppDefaultPass.nse" }
-Entry{ category = "vuln", filename = "xamppDefaultPass.nse" }
+Entry{ category = "default", filename = "RealVNC_auth_bypass.nse" }
+Entry{ category = "vuln", filename = "RealVNC_auth_bypass.nse" }
+Entry{ category = "external", filename = "dns-safe-recursion-port.nse" }
+Entry{ category = "intrusive", filename = "dns-safe-recursion-port.nse" }
+Entry{ category = "discovery", filename = "smb-enumusers.nse" }
+Entry{ category = "intrusive", filename = "smb-enumusers.nse" }
+Entry{ category = "intrusive", filename = "SNMPcommunitybrute.nse" }
+Entry{ category = "auth", filename = "SNMPcommunitybrute.nse" }
+Entry{ category = "default", filename = "showOwner.nse" }
+Entry{ category = "safe", filename = "showOwner.nse" }
 Entry{ category = "default", filename = "SSLv2-support.nse" }
 Entry{ category = "safe", filename = "SSLv2-support.nse" }
-Entry{ category = "default", filename = "zoneTrans.nse" }
-Entry{ category = "intrusive", filename = "zoneTrans.nse" }
-Entry{ category = "discovery", filename = "zoneTrans.nse" }
-Entry{ category = "default", filename = "ftpbounce.nse" }
-Entry{ category = "intrusive", filename = "ftpbounce.nse" }
+Entry{ category = "malware", filename = "ircZombieTest.nse" }
+Entry{ category = "discovery", filename = "smb-systeminfo.nse" }
+Entry{ category = "intrusive", filename = "smb-systeminfo.nse" }
 Entry{ category = "version", filename = "skype_v2-version.nse" }
-Entry{ category = "discovery", filename = "promiscuous.nse" }
-Entry{ category = "default", filename = "SNMPsysdescr.nse" }
-Entry{ category = "discovery", filename = "SNMPsysdescr.nse" }
-Entry{ category = "safe", filename = "SNMPsysdescr.nse" }
-Entry{ category = "discovery", filename = "ASN.nse" }
-Entry{ category = "external", filename = "ASN.nse" }
-Entry{ category = "default", filename = "nbstat.nse" }
-Entry{ category = "discovery", filename = "nbstat.nse" }
-Entry{ category = "safe", filename = "nbstat.nse" }
-Entry{ category = "version", filename = "iax2Detect.nse" }
+Entry{ category = "discovery", filename = "HTTPtrace.nse" }
+Entry{ category = "default", filename = "UPnP-info.nse" }
+Entry{ category = "safe", filename = "UPnP-info.nse" }
 Entry{ category = "default", filename = "rpcinfo.nse" }
 Entry{ category = "safe", filename = "rpcinfo.nse" }
 Entry{ category = "discovery", filename = "rpcinfo.nse" }
+Entry{ category = "auth", filename = "bruteTelnet.nse" }
+Entry{ category = "intrusive", filename = "bruteTelnet.nse" }
+Entry{ category = "external", filename = "dns-safe-recursion-txid.nse" }
+Entry{ category = "intrusive", filename = "dns-safe-recursion-txid.nse" }
+Entry{ category = "default", filename = "SMTPcommands.nse" }
+Entry{ category = "discovery", filename = "SMTPcommands.nse" }
+Entry{ category = "safe", filename = "SMTPcommands.nse" }
+Entry{ category = "default", filename = "robots.nse" }
+Entry{ category = "safe", filename = "robots.nse" }
+Entry{ category = "default", filename = "zoneTrans.nse" }
+Entry{ category = "intrusive", filename = "zoneTrans.nse" }
+Entry{ category = "discovery", filename = "zoneTrans.nse" }
+Entry{ category = "discovery", filename = "whois.nse" }
+Entry{ category = "external", filename = "whois.nse" }
+Entry{ category = "safe", filename = "whois.nse" }
+Entry{ category = "default", filename = "smb-os-discovery.nse" }
+Entry{ category = "discovery", filename = "smb-os-discovery.nse" }
+Entry{ category = "safe", filename = "smb-os-discovery.nse" }
+Entry{ category = "discovery", filename = "ripeQuery.nse" }
+Entry{ category = "external", filename = "ripeQuery.nse" }
+Entry{ category = "malware", filename = "strangeSMTPport.nse" }
+Entry{ category = "version", filename = "iax2Detect.nse" }
+Entry{ category = "discovery", filename = "smb-security-mode.nse" }
+Entry{ category = "safe", filename = "smb-security-mode.nse" }
+Entry{ category = "discovery", filename = "smb-enumsessions.nse" }
+Entry{ category = "intrusive", filename = "smb-enumsessions.nse" }
+Entry{ category = "discovery", filename = "ASN.nse" }
+Entry{ category = "external", filename = "ASN.nse" }
+Entry{ category = "default", filename = "showHTMLTitle.nse" }
+Entry{ category = "safe", filename = "showHTMLTitle.nse" }
+Entry{ category = "discovery", filename = "promiscuous.nse" }
+Entry{ category = "discovery", filename = "smb-enumshares.nse" }
+Entry{ category = "intrusive", filename = "smb-enumshares.nse" }
+Entry{ category = "default", filename = "anonFTP.nse" }
+Entry{ category = "auth", filename = "anonFTP.nse" }
+Entry{ category = "intrusive", filename = "anonFTP.nse" }
+Entry{ category = "intrusive", filename = "SQLInject.nse" }
+Entry{ category = "vuln", filename = "SQLInject.nse" }
+Entry{ category = "demo", filename = "SMTP_openrelay_test.nse" }
+Entry{ category = "default", filename = "nbstat.nse" }
+Entry{ category = "discovery", filename = "nbstat.nse" }
+Entry{ category = "safe", filename = "nbstat.nse" }
+Entry{ category = "default", filename = "HTTPAuth.nse" }
+Entry{ category = "auth", filename = "HTTPAuth.nse" }
+Entry{ category = "intrusive", filename = "HTTPAuth.nse" }
+Entry{ category = "default", filename = "finger.nse" }
+Entry{ category = "discovery", filename = "finger.nse" }
+Entry{ category = "default", filename = "SSHv1-support.nse" }
+Entry{ category = "safe", filename = "SSHv1-support.nse" }
+Entry{ category = "default", filename = "popcapa.nse" }
+Entry{ category = "default", filename = "SNMPsysdescr.nse" }
+Entry{ category = "discovery", filename = "SNMPsysdescr.nse" }
+Entry{ category = "safe", filename = "SNMPsysdescr.nse" }
+Entry{ category = "safe", filename = "SSH-hostkey.nse" }
+Entry{ category = "default", filename = "SSH-hostkey.nse" }
+Entry{ category = "intrusive", filename = "SSH-hostkey.nse" }
+Entry{ category = "intrusive", filename = "brutePOP3.nse" }
+Entry{ category = "auth", filename = "brutePOP3.nse" }
+Entry{ category = "default", filename = "MySQLinfo.nse" }
+Entry{ category = "discovery", filename = "MySQLinfo.nse" }
+Entry{ category = "safe", filename = "MySQLinfo.nse" }
+Entry{ category = "default", filename = "ftpbounce.nse" }
+Entry{ category = "intrusive", filename = "ftpbounce.nse" }
+Entry{ category = "auth", filename = "xamppDefaultPass.nse" }
+Entry{ category = "vuln", filename = "xamppDefaultPass.nse" }
+Entry{ category = "discovery", filename = "smb-enumdomains.nse" }
+Entry{ category = "intrusive", filename = "smb-enumdomains.nse" }
+Entry{ category = "intrusive", filename = "HTTPpasswd.nse" }
+Entry{ category = "vuln", filename = "HTTPpasswd.nse" }
+Entry{ category = "discovery", filename = "smb-serverstats.nse" }
+Entry{ category = "intrusive", filename = "smb-serverstats.nse" }
+Entry{ category = "version", filename = "PPTPversion.nse" }
+Entry{ category = "default", filename = "ircServerInfo.nse" }
+Entry{ category = "discovery", filename = "ircServerInfo.nse" }
+Entry{ category = "default", filename = "MSSQLm.nse" }
+Entry{ category = "discovery", filename = "MSSQLm.nse" }
+Entry{ category = "intrusive", filename = "MSSQLm.nse" }
 Entry{ category = "default", filename = "HTTP_open_proxy.nse" }
 Entry{ category = "discovery", filename = "HTTP_open_proxy.nse" }
 Entry{ category = "external", filename = "HTTP_open_proxy.nse" }
 Entry{ category = "intrusive", filename = "HTTP_open_proxy.nse" }
-Entry{ category = "intrusive", filename = "HTTPpasswd.nse" }
-Entry{ category = "vuln", filename = "HTTPpasswd.nse" }
-Entry{ category = "demo", filename = "showSSHVersion.nse" }
-Entry{ category = "default", filename = "anonFTP.nse" }
-Entry{ category = "auth", filename = "anonFTP.nse" }
-Entry{ category = "intrusive", filename = "anonFTP.nse" }
-Entry{ category = "discovery", filename = "whois.nse" }
-Entry{ category = "external", filename = "whois.nse" }
-Entry{ category = "safe", filename = "whois.nse" }
-Entry{ category = "default", filename = "robots.nse" }
-Entry{ category = "safe", filename = "robots.nse" }
-Entry{ category = "default", filename = "finger.nse" }
-Entry{ category = "discovery", filename = "finger.nse" }
-Entry{ category = "default", filename = "UPnP-info.nse" }
-Entry{ category = "safe", filename = "UPnP-info.nse" }
-Entry{ category = "malware", filename = "strangeSMTPport.nse" }
-Entry{ category = "default", filename = "ircServerInfo.nse" }
-Entry{ category = "discovery", filename = "ircServerInfo.nse" }
-Entry{ category = "malware", filename = "ircZombieTest.nse" }
-Entry{ category = "discovery", filename = "ripeQuery.nse" }
-Entry{ category = "external", filename = "ripeQuery.nse" }
-Entry{ category = "default", filename = "smb-os-discovery.nse" }
-Entry{ category = "discovery", filename = "smb-os-discovery.nse" }
-Entry{ category = "safe", filename = "smb-os-discovery.nse" }
-Entry{ category = "version", filename = "PPTPversion.nse" }
-Entry{ category = "intrusive", filename = "brutePOP3.nse" }
-Entry{ category = "auth", filename = "brutePOP3.nse" }
-Entry{ category = "default", filename = "popcapa.nse" }
-Entry{ category = "intrusive", filename = "SNMPcommunitybrute.nse" }
-Entry{ category = "auth", filename = "SNMPcommunitybrute.nse" }
-Entry{ category = "safe", filename = "SSH-hostkey.nse" }
-Entry{ category = "default", filename = "SSH-hostkey.nse" }
-Entry{ category = "intrusive", filename = "SSH-hostkey.nse" }
-Entry{ category = "external", filename = "dns-safe-recursion-txid.nse" }
-Entry{ category = "intrusive", filename = "dns-safe-recursion-txid.nse" }
-Entry{ category = "external", filename = "dns-safe-recursion-port.nse" }
-Entry{ category = "intrusive", filename = "dns-safe-recursion-port.nse" }
-Entry{ category = "discovery", filename = "smb-security-mode.nse" }
-Entry{ category = "safe", filename = "smb-security-mode.nse" }
-Entry{ category = "discovery", filename = "smb-serverstats.nse" }
-Entry{ category = "intrusive", filename = "smb-serverstats.nse" }
-Entry{ category = "discovery", filename = "smb-enumusers.nse" }
-Entry{ category = "intrusive", filename = "smb-enumusers.nse" }
-Entry{ category = "discovery", filename = "smb-enumshares.nse" }
-Entry{ category = "intrusive", filename = "smb-enumshares.nse" }
-Entry{ category = "discovery", filename = "smb-enumdomains.nse" }
-Entry{ category = "intrusive", filename = "smb-enumdomains.nse" }
-Entry{ category = "discovery", filename = "smb-enumsessions.nse" }
-Entry{ category = "intrusive", filename = "smb-enumsessions.nse" }
-Entry{ category = "discovery", filename = "smb-systeminfo.nse" }
-Entry{ category = "intrusive", filename = "smb-systeminfo.nse" }
+Entry{ category = "discovery", filename = "daytimeTest.nse" }
--- a/scripts/showSSHVersion.nse
+++ b/scripts/showSSHVersion.nse
@@ -1,43 +0,0 @@
-id = "Stealth SSH version"
-description = [[
-Connects to an SSH server and retrieves the version banner.
-
-This typically does not result in any logs of the connection being made.
-]]
-
---
-- @output
-- 22/tcp  open   ssh
-- |_ Stealth SSH version: SSH-2.0-OpenSSH_3.9p1
-
-author = "Diman Todorov <diman.todorov@gmail.com>"
-
-license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-
-categories = {"demo"}
-
-require "shortport"
-
-portrule = shortport.service("ssh")
-
-action = function(host, port)
-	local result, socket
-
-	local catch = function()
-		socket:close()
-	end
-
-	local try = nmap.new_try(catch)
-
-	result = ""
-	socket = nmap.new_socket()
-
-	try(socket:connect(host.ip, port.number))
-
-	result = try(socket:receive_lines(1));
-	try(socket:send(result))
-	try(socket:close())
-
-	return (string.gsub(result, "\n", ""))
-end
-