oneliners/almost_oneliners/ssh-fingerprinting-through-...

32 lines
855 B
Bash
Raw Permalink Normal View History

2021-09-30 15:56:27 +02:00
#!/bin/bash
# bash snippet to use e.G. an nmap-script for ssh-os-fingerprinting againsts hosts behind a jumphost.
# dependencies: git, openssh-client, nmap
folder="foobar123"
jumphost="jumphost"
target="1.2.3.4"
ssh_port="9022"
mkdir -p $folder && cd $folder
git clone https://github.com/richlamdev/ssh-default-banners.git
ssh -f -L $ssh_port:$target:22 $jumphost sleep 10
nmap -p$ssh_port -sV --script ssh-default-banners/ssh-os.nse localhost
cd ./.. && rm -rf $folder
# example output:
#
# [...]
# Starting Nmap 7.60 ( https://nmap.org ) at 2021-09-30 15:50 CEST
# Nmap scan report for localhost (127.0.0.1)
# Host is up (0.000044s latency).
# Other addresses for localhost (not scanned): ::1
#
# PORT STATE SERVICE VERSION
# 9024/tcp open ssh OpenSSH 5.8 (protocol 2.0)
# | ssh-os:
# |_ SSH Banner: SSH-2.0-OpenSSH_5.8\x0D
# [...]