mirror of
https://github.com/nmap/nmap.git
synced 2025-12-06 20:51:30 +00:00
3c89e089fc
socket:connect(host.ip, port.number) socket:connect(host.ip, port.number, port.protocol) to this: socket:connect(host, port) connect can take host and port tables now, and the default protocol is taken from the port table if possible.
69 lines
1.3 KiB
Lua
69 lines
1.3 KiB
Lua
description = [[
|
|
Checks if an SSH server supports the obsolete and less secure SSH Protocol Version 1.
|
|
]]
|
|
author = "Brandon Enright"
|
|
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
|
|
categories = {"default", "safe"}
|
|
|
|
---
|
|
-- @output
|
|
-- PORT STATE SERVICE
|
|
-- 22/tcp open ssh
|
|
-- |_sshv1: Server supports SSHv1
|
|
|
|
require "shortport"
|
|
|
|
portrule = shortport.port_or_service(22, "ssh")
|
|
|
|
action = function(host, port)
|
|
local socket = nmap.new_socket()
|
|
local result;
|
|
local status = true;
|
|
|
|
socket:connect(host, port)
|
|
status, result = socket:receive_lines(1);
|
|
|
|
if (not status) then
|
|
socket:close()
|
|
return
|
|
end
|
|
|
|
if (result == "TIMEOUT") then
|
|
socket:close()
|
|
return
|
|
end
|
|
|
|
if not string.match(result, "^SSH%-.+\n$") then
|
|
socket:close()
|
|
return
|
|
end
|
|
|
|
socket:send("SSH-1.5-NmapNSE_1.0\n")
|
|
|
|
-- should be able to consume at least 13 bytes
|
|
-- key length is a 4 byte integer
|
|
-- padding is between 1 and 8 bytes
|
|
-- type is one byte
|
|
-- key is at least several bytes
|
|
status, result = socket:receive_bytes(13);
|
|
|
|
if (not status) then
|
|
socket:close()
|
|
return
|
|
end
|
|
|
|
if (result == "TIMEOUT") then
|
|
socket:close()
|
|
return
|
|
end
|
|
|
|
if not string.match(result, "^....[%z]+\002") then
|
|
socket:close()
|
|
return
|
|
end
|
|
|
|
socket:close();
|
|
|
|
return "Server supports SSHv1"
|
|
end
|