New, broader portrule for SSH scripts. Closes #1825

2026-01-05 22:19:03 +00:00 · 2020-01-10 05:32:08 +00:00
parent 922199296c
commit f974b625d2
9 changed files with 40 additions and 7 deletions
--- a/nselib/shortport.lua
+++ b/nselib/shortport.lua
@@ -292,6 +292,35 @@ function ssl(host, port)
  return false
 end

+local LIKELY_SSH_PORTS = {
+  -- Top ssh ports on shodanhq.com
+  22,
+  2222,
+  55554,
+  --666, -- 86% SSH, but we'd like to be more certain.
+  22222,
+  2382,
+  -- And others reported by users
+  830, -- netconf-ssh
+}
+
+-- This part isn't really necessary, since -sV will reliably detect SSH
+local LIKELY_SSH_SERVICES = {
+  'ssh', 'netconf-ssh'
+}
+
+-- A portrule that matches likely SSH services.
+--
+-- @name ssh
+-- @class function
+-- @param host The host table to match against.
+-- @param port The port table to match against.
+-- @return <code>true</code> if the port is likely to be SSH,
+-- <code>false</code> otherwise.
+-- @usage
+-- portrule = shortport.ssh
+
+ssh = port_or_service(LIKELY_SSH_PORTS, LIKELY_SSH_SERVICES)

 --- Return a portrule that returns true when given an open port matching a port range
 --