Nmap Development mailing list archives
Re: Libssh2 Binding
From: George Chatzisofroniou <sophron () latthi com>
Date: Wed, 30 Jul 2014 17:02:40 +0300
Hi Devin, On Fri, Jul 25, 2014 at 02:20:05PM -0500, devin bjelland wrote:
Hi everyone, If you have been following my status reports, you will know that the last few weeks I have been working on a binding for libssh2. The motivation for the binding is that ssh2 is a relatively complex protocol and there are several high priority scripts ideas that interact with ssh2 [1]. You can check out my branch at /nmap-exp/devin/libssh2-integration. This is *nix only due to the way we employ nsock. For performance reasons, we reuse the NSE Nsock socket pool. In order to do this, we give libssh2 a unix socket pair [2] instead of a network socket. We read the data out of the other end of the socket pair and pass it to Nsock. Currently, the plan is to not include libssh2 with nmap. To configure support for libssh2: ./configure --with-libssh2=<path to library> or ./configure --with-libssh2 if you have libssh2 installed in your path. Compile as usual. My branch contains bindings for the basic functions needed to interact with libssh2. The branch also has two new scripts to interact with the binding. This first script simply lists the available authentication methods on the server and can be used with ./nmap -p 22 --script=ssh-userauth-list <target> The other script attempts to brute force the ssh server. You can try it with the default wordlist with: ./nmap -vv -p 22 --script=ssh-brute --datadir=./ <target> More scripts will follow. I'm interested to see what the community would like done in terms of ssh support.
Is it possible to have the needed functionality written in Lua instead of pointing to the existing C library? There is currently ssh2.lua that contains some functions for the protocol. Would it be hard to extend it? -- George Chatzisofroniou _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Libssh2 Binding devin bjelland (Jul 25)
- Re: Libssh2 Binding George Chatzisofroniou (Jul 30)
- Re: Libssh2 Binding devin bjelland (Jul 30)
- Re: Libssh2 Binding George Chatzisofroniou (Jul 30)