blob: dd66213349c44452291e1731b484bd9a86917f4f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
local shortport = require "shortport"
local stdnse = require "stdnse"
local libssh2_util = require "libssh2-utility"
local rand = require "rand"
description = [[
Returns authentication methods that a SSH server supports.
This is in the "intrusive" category because it starts an authentication with a
username which may be invalid. The abandoned connection will likely be logged.
]]
---
-- @usage
-- nmap -p 22 --script ssh-auth-methods --script-args="ssh.user=<username>" <target>
--
-- @output
-- 22/tcp open ssh syn-ack
-- | ssh-auth-methods:
-- | Supported authentication methods:
-- | publickey
-- |_ password
author = "Devin Bjelland"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"auth", "intrusive"}
local username = stdnse.get_script_args("ssh.user") or rand.random_alpha(5)
portrule = shortport.ssh
function action (host, port)
local result = stdnse.output_table()
local helper = libssh2_util.SSHConnection:new()
if not helper:connect(host, port) then
return "Failed to connect to ssh server"
end
local authmethods = helper:list(username)
result["Supported authentication methods"] = authmethods
return result
end
|
