summaryrefslogtreecommitdiffstats
path: root/scripts/ssh-auth-methods.nse
diff options
context:
space:
mode:
Diffstat (limited to 'scripts/ssh-auth-methods.nse')
-rw-r--r--scripts/ssh-auth-methods.nse43
1 files changed, 43 insertions, 0 deletions
diff --git a/scripts/ssh-auth-methods.nse b/scripts/ssh-auth-methods.nse
new file mode 100644
index 0000000..dd66213
--- /dev/null
+++ b/scripts/ssh-auth-methods.nse
@@ -0,0 +1,43 @@
+local shortport = require "shortport"
+local stdnse = require "stdnse"
+local libssh2_util = require "libssh2-utility"
+local rand = require "rand"
+
+description = [[
+Returns authentication methods that a SSH server supports.
+
+This is in the "intrusive" category because it starts an authentication with a
+username which may be invalid. The abandoned connection will likely be logged.
+]]
+
+---
+-- @usage
+-- nmap -p 22 --script ssh-auth-methods --script-args="ssh.user=<username>" <target>
+--
+-- @output
+-- 22/tcp open ssh syn-ack
+-- | ssh-auth-methods:
+-- | Supported authentication methods:
+-- | publickey
+-- |_ password
+
+author = "Devin Bjelland"
+license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
+categories = {"auth", "intrusive"}
+
+local username = stdnse.get_script_args("ssh.user") or rand.random_alpha(5)
+portrule = shortport.ssh
+
+function action (host, port)
+ local result = stdnse.output_table()
+ local helper = libssh2_util.SSHConnection:new()
+ if not helper:connect(host, port) then
+ return "Failed to connect to ssh server"
+ end
+
+ local authmethods = helper:list(username)
+
+ result["Supported authentication methods"] = authmethods
+
+ return result
+end