Home page logo
/
Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News

Sponsors


File ssh-hostkey

Script types:
Categories: safe, default, discovery
Download: http://nmap.org/svn/scripts/ssh-hostkey.nse

User Summary

Shows SSH hostkeys.

Shows the target SSH server's key fingerprint and (with high enough verbosity level) the public key itself. It records the discovered host keys in nmap.registry for use by other scripts. Output can be controlled with the ssh_hostkey script argument.

You may also compare the retrieved key with the keys in your known-hosts file using the known-hosts argument.

The script also includes a postrule that check for duplicate hosts using the gathered keys.

Script Arguments

ssh-hostkey.known-hosts

If this is set, the script will check if the known hosts file contains a key for the host being scanned and will compare it with the keys that have been found by the script. The script will try to detect your known-hosts file but you can, optionally, pass the path of the file to this option.

ssh-hostkey.known-hosts-path.

Path to a known_hosts file.

ssh_hostkey

Controls the output format of keys. Multiple values may be given, separated by spaces. Possible values are

  • "full": The entire key, not just the fingerprint.
  • "bubble": Bubble Babble output,
  • "visual": Visual ASCII art representation.
  • "all": All of the above.

unittest.run

See the documentation for the unittest library.

Example Usage

nmap host --script ssh-hostkey --script-args ssh_hostkey=full
nmap host --script ssh-hostkey --script-args ssh_hostkey=all
nmap host --script ssh-hostkey --script-args ssh_hostkey='visual bubble'

Script Output

22/tcp open  ssh
|  ssh-hostkey: 2048 f0:58:ce:f4:aa:a4:59:1c:8e:dd:4d:07:44:c8:25:11 (RSA)
22/tcp open  ssh
|  ssh-hostkey: 2048 f0:58:ce:f4:aa:a4:59:1c:8e:dd:4d:07:44:c8:25:11 (RSA)
|  +--[ RSA 2048]----+
|  |       .E*+      |
|  |        oo       |
|  |      . o .      |
|  |       O . .     |
|  |      o S o .    |
|  |     = o + .     |
|  |    . * o .      |
|  |     = .         |
|  |    o .          |
|_ +-----------------+
22/tcp open  ssh     syn-ack
| ssh-hostkey: Key comparison with known_hosts file:
|   GOOD Matches in known_hosts file:
|       L7: 199.19.117.60
|       L11: foo
|       L15: bar
|       L19: <unknown>
|   WRONG Matches in known_hosts file:
|       L3: 199.19.117.60
| ssh-hostkey: 2048 xuvah-degyp-nabus-zegah-hebur-nopig-bubig-difeg-hisym-rumef-cuxex (RSA)
|_ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwVuv2gcr0maaKQ69VVIEv2ob4OxnuI64fkeOnCXD1lUx5tTA+vefXUWEMxgMuA7iX4irJHy2zer0NQ3Z3yJvr5scPgTYIaEOp5Uo/eGFG9Agpk5wE8CoF0e47iCAPHqzlmP2V7aNURLMODb3jVZuI07A2ZRrMGrD8d888E2ORVORv1rYeTYCqcMMoVFmX9l3gWEdk4yx3w5sD8v501Iuyd1v19mPfyhrI5E1E1nl/Xjp5N0/xP2GUBrdkDMxKaxqTPMie/f0dXBUPQQN697a5q+5lBRPhKYOtn6yQKCd9s1Q22nxn72Jmi1RzbMyYJ52FosDT755Qmb46GLrDMaZMQ==

Requires


Author: Sven Klemm

License: Same as Nmap--See http://nmap.org/book/man-legal.html

Nmap Site Navigation

Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]