Nmap Development mailing list archives
Re: [NSE] find-ssh-hostkey script
From: Toni Ruottu <toni.ruottu () iki fi>
Date: Wed, 9 Mar 2011 16:41:14 +0200
Seems useful, yet I am not sure I fully understand the use case behind this, and if it would be better to have one script for this, or to have multiple scripts that can be combined to do the job. The most obvious use case I can come up for this type of script is one where I would want to perform a port scan on a host that has a certain ssh key. I could be the admin of a company that has lots of laptops, and a dhcp server that assigns IP addresses to those laptops dynamically. All laptops have an ssh daemon in place for remote administration. Now the CEO calls me and says there is something wrong with his laptop. Instead of asking him to figure out the IP address of his computer, I simply look up a database of ssh keys, and define the scan target by the ssh key. nmap -sC --script-args newtargets,sshtarget=AB:CD:EF:AB:CD:EF:AB:CD:EF:AB:CD:EF:AB:CD:AB:CD (The script could be in default category, and just do nothing unless there is an sshtarget specification in the argument list.) Running the command would use the pre script to locate the machine, and add it to scan targets. Nmap would then scan the host, and tell me the ip address of the host and services running on it. Maybe some script could identify a virus on that machine. If one does not want to perform full port scan on the host one could set the scan type to ping scan. Is this the type of usage you had in mind. This is just the picture I got. Maybe I misunderstood something. On Tue, Mar 8, 2011 at 6:45 PM, Nick Nikolaou <nikolasnikolaou1 () gmail com> wrote:
Hey everyone, Attached is a script I wrote that attempts to identify a host given its SSH hostkey as an argument. I got the idea from Fyodor's presentation --@usage -- nmap --script=find-ssh-hostkey --script-args fingerprint=AB:CD:EF:AB:CD:EF:AB:CD:EF:AB:CD:EF:AB:CD:AB:CD -- --@output -- 22/tcp open ssh -- |_find-ssh-hostkey: Key found. After (limited) testing it seems to work. I don't have access to many machines running SSH so I can't test it thoroughly. The script name can be confusing seems it's very similar to other scripts that show the host's SSH key so feel free to change it to something more meaningful. I hope you find it useful. Any comments are more than welcome. Nick _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] find-ssh-hostkey script Nick Nikolaou (Mar 08)
- Re: [NSE] find-ssh-hostkey script Toni Ruottu (Mar 09)
- Re: [NSE] find-ssh-hostkey script Nick Nikolaou (Mar 09)
- Re: [NSE] find-ssh-hostkey script Toni Ruottu (Mar 09)
- Re: [NSE] find-ssh-hostkey script Dion Stempfley (Mar 09)
- Re: [NSE] find-ssh-hostkey script Nick Nikolaou (Mar 10)
- Re: [NSE] find-ssh-hostkey script Toni Ruottu (Mar 10)
- Re: [NSE] find-ssh-hostkey script Nick Nikolaou (Mar 10)
- Re: [NSE] find-ssh-hostkey script Toni Ruottu (Mar 10)
- Re: [NSE] find-ssh-hostkey script Nick Nikolaou (Mar 11)
- Re: [NSE] find-ssh-hostkey script Toni Ruottu (Mar 12)
- Re: [NSE] find-ssh-hostkey script Patrik Karlsson (Mar 12)
- Re: [NSE] find-ssh-hostkey script Nick Nikolaou (Mar 09)
- Re: [NSE] find-ssh-hostkey script Toni Ruottu (Mar 09)