Shows SSH hostkeys.
Shows the target SSH server's key fingerprint and (with high enough verbosity level) the public key itself. It records the discovered host keys in
nmap.registry for use by other scripts. Output can be controlled with the
ssh_hostkey script argument.
You may also compare the retrieved key with the keys in your known-hosts file using the
The script also includes a postrule that check for duplicate hosts using the gathered keys.
If this is set, the script will check if the known hosts file contains a key for the host being scanned and will compare it with the keys that have been found by the script. The script will try to detect your known-hosts file but you can, optionally, pass the path of the file to this option.
Path to a known_hosts file.
Controls the output format of keys. Multiple values may be given, separated by spaces. Possible values are
"full": The entire key, not just the fingerprint.
"bubble": Bubble Babble output,
"visual": Visual ASCII art representation.
"all": All of the above.
nmap host --script ssh-hostkey --script-args ssh_hostkey=full nmap host --script ssh-hostkey --script-args ssh_hostkey=all nmap host --script ssh-hostkey --script-args ssh_hostkey='visual bubble'
22/tcp open ssh | ssh-hostkey: 2048 f0:58:ce:f4:aa:a4:59:1c:8e:dd:4d:07:44:c8:25:11 (RSA) 22/tcp open ssh | ssh-hostkey: 2048 f0:58:ce:f4:aa:a4:59:1c:8e:dd:4d:07:44:c8:25:11 (RSA) | +--[ RSA 2048]----+ | | .E*+ | | | oo | | | . o . | | | O . . | | | o S o . | | | = o + . | | | . * o . | | | = . | | | o . | |_ +-----------------+ 22/tcp open ssh syn-ack | ssh-hostkey: Key comparison with known_hosts file: | GOOD Matches in known_hosts file: | L7: 220.127.116.11 | L11: foo | L15: bar | L19: <unknown> | WRONG Matches in known_hosts file: | L3: 18.104.22.168 | ssh-hostkey: 2048 xuvah-degyp-nabus-zegah-hebur-nopig-bubig-difeg-hisym-rumef-cuxex (RSA) |_ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwVuv2gcr0maaKQ69VVIEv2ob4OxnuI64fkeOnCXD1lUx5tTA+vefXUWEMxgMuA7iX4irJHy2zer0NQ3Z3yJvr5scPgTYIaEOp5Uo/eGFG9Agpk5wE8CoF0e47iCAPHqzlmP2V7aNURLMODb3jVZuI07A2ZRrMGrD8d888E2ORVORv1rYeTYCqcMMoVFmX9l3gWEdk4yx3w5sD8v501Iuyd1v19mPfyhrI5E1E1nl/Xjp5N0/xP2GUBrdkDMxKaxqTPMie/f0dXBUPQQN697a5q+5lBRPhKYOtn6yQKCd9s1Q22nxn72Jmi1RzbMyYJ52FosDT755Qmb46GLrDMaZMQ==
Author: Sven Klemm
License: Same as Nmap--See http://nmap.org/book/man-legal.html