From 818562a24f1b76ddcc96675d5fde62a9defbaaba Mon Sep 17 00:00:00 2001
From: zeus <kai@kostianix.de>
Date: Thu, 30 Sep 2021 15:56:27 +0200
Subject: [PATCH] nmap ssh through jumphost

---
 .../ssh-fingerprinting-through-jumphost.sh    | 31 +++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 almost_oneliners/ssh-fingerprinting-through-jumphost.sh

diff --git a/almost_oneliners/ssh-fingerprinting-through-jumphost.sh b/almost_oneliners/ssh-fingerprinting-through-jumphost.sh
new file mode 100644
index 0000000..c2fa475
--- /dev/null
+++ b/almost_oneliners/ssh-fingerprinting-through-jumphost.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+
+# bash snippet to use e.G. an nmap-script for ssh-os-fingerprinting againsts hosts behind a jumphost. 
+# dependencies: git, openssh-client, nmap
+
+folder="foobar123"
+jumphost="jumphost"
+target="1.2.3.4"
+ssh_port="9022"
+
+mkdir -p $folder && cd $folder
+git clone https://github.com/richlamdev/ssh-default-banners.git 
+ssh -f -L $ssh_port:$target:22 $jumphost sleep 10
+nmap -p$ssh_port -sV --script ssh-default-banners/ssh-os.nse localhost 
+
+cd ./.. && rm -rf $folder
+
+# example output: 
+#
+# [...]
+# Starting Nmap 7.60 ( https://nmap.org ) at 2021-09-30 15:50 CEST
+# Nmap scan report for localhost (127.0.0.1)
+# Host is up (0.000044s latency).
+# Other addresses for localhost (not scanned): ::1
+# 
+# PORT     STATE SERVICE VERSION
+# 9024/tcp open  ssh     OpenSSH 5.8 (protocol 2.0)
+# | ssh-os:
+# |_  SSH Banner: SSH-2.0-OpenSSH_5.8\x0D
+# [...]
+