Nmap Development mailing list archives
Openssh version detect may be inaccurate
From: kid dragon <idragonkid () gmail com>
Date: Mon, 22 Jun 2015 11:16:42 +0800
dear all, I found a match string of Openssh may be inaccurate. The origin banner is ```SSH-2.0-OpenSSH=5F6.6.1p1=20Ubuntu-2ubuntu2=0D=0A``` Nmap dectect the version of this banner as `6.6.1p1 Ubuntu 2ubuntu2`. But I think this version may be `6.6.1p1-2ubuntu2`, because I get the version like this (although not definitely is) from [1] rather than `6.6.1p1 Ubuntu 2ubuntu2` The nmap-service-probes match string is ```match ssh m|^SSH-([\d.]+)-OpenSSH_([\w._-]+)[ -]{1,2}Ubuntu[ -_]([^\r\n]+)\r\n| p/OpenSSH/ v/$2 Ubuntu $3/ i/Ubuntu Linux; protocol $1/ o/Linux/ cpe:/a:openbsd:openssh:$2/ cpe:/o:canonical:ubuntu_linux/ cpe:/o:linux:linux_kernel/``` But I think the match string above may be ```match ssh m|^SSH-([\d.]+)-OpenSSH_([\w._-]+)[ -]{1,2}Ubuntu[ -_]([^\r\n]+)\r\n| p/OpenSSH/ v/$2-$3/ i/Ubuntu Linux; protocol $1/ o/Linux/ cpe:/a:openbsd:openssh:$2/ cpe:/o:canonical:ubuntu_linux/ cpe:/o:linux:linux_kernel/``` Is it right? [1]https://launchpad.net/ubuntu/+source/openssh/1:6.6p1-2ubuntu2
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Openssh version detect may be inaccurate kid dragon (Jun 09)
- <Possible follow-ups>
- Openssh version detect may be inaccurate kid dragon (Jun 21)
- Re: Openssh version detect may be inaccurate Daniel Miller (Jun 22)