oneliners/almost_oneliners/ssh-fingerprinting-through-...

#!/bin/bash

# bash snippet to use e.G. an nmap-script for ssh-os-fingerprinting againsts hosts behind a jumphost. 
# dependencies: git, openssh-client, nmap

folder="foobar123"
jumphost="jumphost"
target="1.2.3.4"
ssh_port="9022"

mkdir -p $folder && cd $folder
git clone https://github.com/richlamdev/ssh-default-banners.git 
ssh -f -L $ssh_port:$target:22 $jumphost sleep 10
nmap -p$ssh_port -sV --script ssh-default-banners/ssh-os.nse localhost 

cd ./.. && rm -rf $folder

# example output: 
#
# [...]
# Starting Nmap 7.60 ( https://nmap.org ) at 2021-09-30 15:50 CEST
# Nmap scan report for localhost (127.0.0.1)
# Host is up (0.000044s latency).
# Other addresses for localhost (not scanned): ::1
# 
# PORT     STATE SERVICE VERSION
# 9024/tcp open  ssh     OpenSSH 5.8 (protocol 2.0)
# | ssh-os:
# |_  SSH Banner: SSH-2.0-OpenSSH_5.8\x0D
# [...]
nmap ssh through jumphost 2021-09-30 15:56:27 +02:00			`#!/bin/bash`

			`# bash snippet to use e.G. an nmap-script for ssh-os-fingerprinting againsts hosts behind a jumphost.`
			`# dependencies: git, openssh-client, nmap`

			`folder="foobar123"`
			`jumphost="jumphost"`
			`target="1.2.3.4"`
			`ssh_port="9022"`

			`mkdir -p $folder && cd $folder`
			`git clone https://github.com/richlamdev/ssh-default-banners.git`
			`ssh -f -L $ssh_port:$target:22 $jumphost sleep 10`
			`nmap -p$ssh_port -sV --script ssh-default-banners/ssh-os.nse localhost`

			`cd ./.. && rm -rf $folder`

			`# example output:`
			`#`
			`# [...]`
			`# Starting Nmap 7.60 ( https://nmap.org ) at 2021-09-30 15:50 CEST`
			`# Nmap scan report for localhost (127.0.0.1)`
			`# Host is up (0.000044s latency).`
			`# Other addresses for localhost (not scanned): ::1`
			`#`
			`# PORT STATE SERVICE VERSION`
			`# 9024/tcp open ssh OpenSSH 5.8 (protocol 2.0)`
			`# \| ssh-os:`
			`# \|_ SSH Banner: SSH-2.0-OpenSSH_5.8\x0D`
			`# [...]`