Devin's Status Report #7 of 13

[devin bjelland <devinbjelland () gmail com>]

Hi list,

This is my status report for week 7 of my Google Summer of Code project. I
continued to work on the libssh2 integration branch this week. I worked on
the the bindings for some additional functions, researched the libssh2 API
and used the binding to write a brute forcer for the ssh2 protocol. You can
check out the branch (/nmap-exp/devin/libssh2-integration) and test the
brute forcer with:
./nmap -vv -p 22 --script ssh-brute --datadir=./ <target>

Accomplishments:
- Finished first version of ssh brute forcer
- Changed the way the filter buffers writes to the socket pair
- Researched debian host key vulnerability (this has been discussed as a
script idea before).

Priorities:
- Write script to check for weak debian host keys
- Write binding for userauth_list
- Write script that uses this and other functions to display information
about the ssh server

Cheers,
Devin
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/