Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] find-ssh-hostkey script

From: Patrik Karlsson <patrik () cqure net>
Date: Sat, 12 Mar 2011 17:24:34 +0100


Den 2011-03-12 12.14 skrev Toni Ruottu <toni.ruottu () iki fi>:


A question that comes to mind though is which hosts will nmap go
through during
the prescan phase to look for the sshtarget key? I hope I'm not missing
something
really obvious here.


That is something I tried to ask in one of the earlier emails. I am
not sure I have a good answer for this. I thought you were using some
sort of discovery service on a LAN. If it is a LAN of 256 nodes it
might be possible to iterate over their port 22, but with anything
larger you'd probably want some better method.


You could use DNS Service Discovery. Have a look at the
broadcast-dns-service-discovery.nse script.
If your only interested in SSH services you could specify
"_ssh._tcp.local" as parameter to the queryServices function.

Keep in mind that this method wouldn't find all SSH services on the LAN
but only those that are registered on systems supporting DNS service
discovery. Avahi-daemon provides this support on some Linux distributions
and the Mac support this through bonjour service.

//Patrik


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: