32 lines
855 B
Bash
32 lines
855 B
Bash
#!/bin/bash
|
|
|
|
# bash snippet to use e.G. an nmap-script for ssh-os-fingerprinting againsts hosts behind a jumphost.
|
|
# dependencies: git, openssh-client, nmap
|
|
|
|
folder="foobar123"
|
|
jumphost="jumphost"
|
|
target="1.2.3.4"
|
|
ssh_port="9022"
|
|
|
|
mkdir -p $folder && cd $folder
|
|
git clone https://github.com/richlamdev/ssh-default-banners.git
|
|
ssh -f -L $ssh_port:$target:22 $jumphost sleep 10
|
|
nmap -p$ssh_port -sV --script ssh-default-banners/ssh-os.nse localhost
|
|
|
|
cd ./.. && rm -rf $folder
|
|
|
|
# example output:
|
|
#
|
|
# [...]
|
|
# Starting Nmap 7.60 ( https://nmap.org ) at 2021-09-30 15:50 CEST
|
|
# Nmap scan report for localhost (127.0.0.1)
|
|
# Host is up (0.000044s latency).
|
|
# Other addresses for localhost (not scanned): ::1
|
|
#
|
|
# PORT STATE SERVICE VERSION
|
|
# 9024/tcp open ssh OpenSSH 5.8 (protocol 2.0)
|
|
# | ssh-os:
|
|
# |_ SSH Banner: SSH-2.0-OpenSSH_5.8\x0D
|
|
# [...]
|
|
|