PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-09 06:01:28 +00:00
Code Issues Projects Releases Wiki Activity
Files
7cf7259f9d273d393c2033cdd4619c5557c51bee
nmap/scripts/SSHv1-support.nse
kris c7eb8011d9 NSE now has a "default" category for scripts. This category holds the set 
of scripts chosen from when using -sC (but it's still just another category
and so can be chosen with --script like any other).

On top of updating the docs with information about this new category, I've
also updated sections to emphasize that the "default" category, -sC and -A
are considered intrusive and should not be run against target networks
without permission.

The new list is very similar to the previous "safe,intrusive" list:

Added: finger, ircServerInfo, RealVNC_auth_bypass
Removed: HTTPpasswd

Here are the 21 scripts in this new category:

anonFTP
dns-test-open-recursion
finger
ftpbounce
HTTPAuth
HTTP_open_proxy
ircServerInfo
MSSQLm
MySQLinfo
nbstat
RealVNC_auth_bypass
robots
rpcinfo
showHTMLTitle
showOwner
SMTPcommands
SNMPsysdesr
SSHv1-support
SSLv2-support
UPnP-info
zoneTrans
2008-05-28 07:16:32 +00:00

62 lines
1.2 KiB
Lua
Raw Blame History

id="SSH Protocol Version 1"
description="Checks to see if SSH server supports SSH Protocol Version 1."
author = "Brandon Enright <bmenrigh@ucsd.edu>"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"default", "intrusive"}
require "shortport"
portrule = shortport.port_or_service(22, "ssh")
action = function(host, port)
local socket = nmap.new_socket()
local result;
local status = true;
socket:connect(host.ip, port.number, port.protocol)
status, result = socket:receive_lines(1);
if (not status) then
socket:close()
return
end
if (result == "TIMEOUT") then
socket:close()
return
end
if not string.match(result, "^SSH%-.+\n$") then
socket:close()
return
end
socket:send("SSH-1.5-NmapNSE_1.0\n")
-- should be able to consume at least 13 bytes
-- key length is a 4 byte integer
-- padding is between 1 and 8 bytes
-- type is one byte
-- key is at least several bytes
status, result = socket:receive_bytes(13);
if (not status) then
socket:close()
return
end
if (result == "TIMEOUT") then
socket:close()
return
end
if not string.match(result, "^....[%z]+\002") then
socket:close()
return
end
socket:close();
return "Server supports SSHv1"
end
Reference in New Issue View Git Blame Copy Permalink