ssh_detect.nasl

漏洞扫描源码,可以扫描linux,windows,交换机路由器

#
# This script was written by Noam Rathaus <noamr@securiteam.com>
#
# See the Nessus Scripts License for details
#

if(description)
{
 script_id(10267);
#script_cve_id("CVE-MAP-NOMATCH");
 script_version ("$Revision: 38 $");
 
 name["english"] = "SSH Server type and version";
 script_name(english:name["english"]);
 
 desc["english"] = "This detects the SSH Server's type and version by connecting to the server
and processing the buffer received.
This information gives potential attackers additional information about the
system they are attacking. Versions and Types should be omitted
where possible.

Solution: Apply filtering to disallow access to this port from untrusted hosts

Risk factor : Low";

 script_description(english:desc["english"]);
 
 summary["english"] = "SSH Server type and version";
 script_summary(english:summary["english"]);
 
 script_category(ACT_GATHER_INFO);
 
 script_copyright(english:"This script is Copyright (C) 1999 SecuriTeam");
 family["english"] = "General";
 script_family(english:family["english"]);
 script_require_ports("Services/ssh", 22);
 script_dependencies("find_service.nes", "find_service2.nasl", "external_svc_ident.nasl");
 exit(0);
}


#
# The script code starts here
#
include("misc_func.inc");
include("ssh_func.inc");

port = get_kb_item("Services/ssh");

if (!port) port = 22;
if (get_port_state(port))
{
 soc = open_sock_tcp(22);
 if ( ! soc ) exit(0);
 if ( defined_func("bn_random") ) 
 {
 ssh_login (socket:soc, login:"n3ssus", password:"n3ssus", pub:NULL, priv:NULL, passphrase:NULL);

 version = get_ssh_server_version ();
 banner = get_ssh_banner ();
 supported = get_ssh_supported_authentication ();
 }
 else 
 {
 version = recv_line(socket:soc, length:4096);
 if ( !ereg(pattern:"^SSH-", string:version ) ) exit(0);
 }

 if (version)
 {
   set_kb_item(name:"SSH/banner/" + port, value:version);
   text = "Remote SSH version : " + version + '\n\n';

   if (supported)
   {
     set_kb_item(name:"SSH/supportedauth/" + port, value:supported);
     text += 'Remote SSH supported authentication : ' + supported + '\n\n';
   }
   
   if (banner)
   {
     set_kb_item(name:"SSH/textbanner/" + port, value:banner);
     text += 'Remote SSH banner : \n' + banner + '\n\n';
   }

   security_note(port:port, data:text);
   register_service(port: 22, proto: "ssh");   
 }
}