feature-request : support options in any order
Opened this issue · 0 comments
warning : read the update section
related to #37
ssh-audit display the wrong banner instead of displaying the real one or saying he doesn't know this one:
ssh-audit x.x.x.x -p 2222
# general
(gen) banner: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.6
(gen) software: OpenSSH 7.2p2
(gen) compatibility: OpenSSH 7.2+, Dropbear SSH 2013.62+
(gen) compression: enabled (zlib@openssh.com)
But when doing ssh -v
or sftp -v
(because it is a sftp server) I can see: debug1: Remote protocol version 2.0, remote software version mod_sftp/0.9.9
.
To be sure I used nmap:
nmap -Pn -p 2222 x.x.x.x -sVC
Starting Nmap 7.70 ( https://nmap.org ) at 2018-12-28 11:06 CET
Nmap scan report for x.com (x.x.x.x)
Host is up (0.023s latency).
PORT STATE SERVICE VERSION
2222/tcp open ssh ProFTPD mod_sftp 0.9.9 (protocol 2.0)
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 62.67 seconds
So:
- You need to display the real banner, the one grabbed not making an internal match or something and displying a wrong banner when the ssh provider is not known from ssh-audit because it can lead to severe mistakes.
- As #37 said, adding mod_sftp support (module sftp support in ProFTPD).
Update Also a real SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.6
is running on port 22 so I suspect that ssh-audit is ignoring the option for port 2222.
Lines 155 to 185 in 22b671e
==> this is it, if I put ssh-audit -p 2222 x.x.x.x
instead of ssh-audit x.x.x.x -p 2222
i have the good banner:
(gen) banner: SSH-2.0-mod_sftp/0.9.9
(gen) compatibility: OpenSSH 5.9-6.6, Dropbear SSH 2013.62+ (some functionality from 0.52)
(gen) compression: enabled (zlib@openssh.com, zlib)
So I suggest to support options in any order even after the host like nmap and many other tools are doing.