nmap ssh through jumphost

2021-09-30 15:56:27 +02:00 · 2021-09-30 15:56:27 +02:00 · 818562a24f
parent 7518569652
commit 818562a24f
1 changed files with 31 additions and 0 deletions
--- a/almost_oneliners/ssh-fingerprinting-through-jumphost.sh
+++ b/almost_oneliners/ssh-fingerprinting-through-jumphost.sh
@ -0,0 +1,31 @@
+#!/bin/bash
+
+# bash snippet to use e.G. an nmap-script for ssh-os-fingerprinting againsts hosts behind a jumphost. 
+# dependencies: git, openssh-client, nmap
+
+folder="foobar123"
+jumphost="jumphost"
+target="1.2.3.4"
+ssh_port="9022"
+
+mkdir -p $folder && cd $folder
+git clone https://github.com/richlamdev/ssh-default-banners.git 
+ssh -f -L $ssh_port:$target:22 $jumphost sleep 10
+nmap -p$ssh_port -sV --script ssh-default-banners/ssh-os.nse localhost 
+
+cd ./.. && rm -rf $folder
+
+# example output: 
+#
+# [...]
+# Starting Nmap 7.60 ( https://nmap.org ) at 2021-09-30 15:50 CEST
+# Nmap scan report for localhost (127.0.0.1)
+# Host is up (0.000044s latency).
+# Other addresses for localhost (not scanned): ::1
+# 
+# PORT     STATE SERVICE VERSION
+# 9024/tcp open  ssh     OpenSSH 5.8 (protocol 2.0)
+# | ssh-os:
+# |_  SSH Banner: SSH-2.0-OpenSSH_5.8\x0D
+# [...]
+