diff options
Diffstat (limited to 'scripts/ssh-auth-methods.nse')
-rw-r--r-- | scripts/ssh-auth-methods.nse | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/scripts/ssh-auth-methods.nse b/scripts/ssh-auth-methods.nse new file mode 100644 index 0000000..dd66213 --- /dev/null +++ b/scripts/ssh-auth-methods.nse @@ -0,0 +1,43 @@ +local shortport = require "shortport" +local stdnse = require "stdnse" +local libssh2_util = require "libssh2-utility" +local rand = require "rand" + +description = [[ +Returns authentication methods that a SSH server supports. + +This is in the "intrusive" category because it starts an authentication with a +username which may be invalid. The abandoned connection will likely be logged. +]] + +--- +-- @usage +-- nmap -p 22 --script ssh-auth-methods --script-args="ssh.user=<username>" <target> +-- +-- @output +-- 22/tcp open ssh syn-ack +-- | ssh-auth-methods: +-- | Supported authentication methods: +-- | publickey +-- |_ password + +author = "Devin Bjelland" +license = "Same as Nmap--See https://nmap.org/book/man-legal.html" +categories = {"auth", "intrusive"} + +local username = stdnse.get_script_args("ssh.user") or rand.random_alpha(5) +portrule = shortport.ssh + +function action (host, port) + local result = stdnse.output_table() + local helper = libssh2_util.SSHConnection:new() + if not helper:connect(host, port) then + return "Failed to connect to ssh server" + end + + local authmethods = helper:list(username) + + result["Supported authentication methods"] = authmethods + + return result +end |