diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-17 07:42:04 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-17 07:42:04 +0000 |
commit | 0d47952611198ef6b1163f366dc03922d20b1475 (patch) | |
tree | 3d840a3b8c0daef0754707bfb9f5e873b6b1ac13 /scripts/sshv1.nse | |
parent | Initial commit. (diff) | |
download | nmap-upstream.tar.xz nmap-upstream.zip |
Adding upstream version 7.94+git20230807.3be01efb1+dfsg.upstream/7.94+git20230807.3be01efb1+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | scripts/sshv1.nse | 74 |
1 files changed, 74 insertions, 0 deletions
diff --git a/scripts/sshv1.nse b/scripts/sshv1.nse new file mode 100644 index 0000000..260b2c7 --- /dev/null +++ b/scripts/sshv1.nse @@ -0,0 +1,74 @@ +local nmap = require "nmap" +local shortport = require "shortport" +local string = require "string" + +description = [[ +Checks if an SSH server supports the obsolete and less secure SSH Protocol Version 1. +]] +author = "Brandon Enright" +license = "Same as Nmap--See https://nmap.org/book/man-legal.html" +categories = {"default", "safe"} + +--- +-- @output +-- PORT STATE SERVICE +-- 22/tcp open ssh +-- |_sshv1: Server supports SSHv1 +-- +-- @xmloutput +-- true + + +portrule = shortport.ssh + +action = function(host, port) + local socket = nmap.new_socket() + local result; + local status = true; + + socket:connect(host, port) + status, result = socket:receive_lines(1); + + if (not status) then + socket:close() + return + end + + if (result == "TIMEOUT") then + socket:close() + return + end + + if not string.match(result, "^SSH%-.+\n$") then + socket:close() + return + end + + socket:send("SSH-1.5-NmapNSE_1.0\n") + + -- should be able to consume at least 13 bytes + -- key length is a 4 byte integer + -- padding is between 1 and 8 bytes + -- type is one byte + -- key is at least several bytes + status, result = socket:receive_bytes(13); + + if (not status) then + socket:close() + return + end + + if (result == "TIMEOUT") then + socket:close() + return + end + + if not string.match(result, "^....[\0]+\002") then + socket:close() + return + end + + socket:close(); + + return true, "Server supports SSHv1" +end |