Skip to content

SSH Enumeration Tools

Jump to bottom
TheGetch edited this page Jan 5, 2021 · 1 revision

SSH Enumeration Tools

SSH Enumeration Tools

Nmap Enumeration

$ ls -lh /usr/share/nmap/scripts/ | grep ssh
-rw-r--r-- 1 root root 5.3K Oct 12 09:29 ssh2-enum-algos.nse
-rw-r--r-- 1 root root 1.2K Oct 12 09:29 ssh-auth-methods.nse
-rw-r--r-- 1 root root 3.0K Oct 12 09:29 ssh-brute.nse
-rw-r--r-- 1 root root  16K Oct 12 09:29 ssh-hostkey.nse
-rw-r--r-- 1 root root 5.9K Oct 12 09:29 ssh-publickey-acceptance.nse
-rw-r--r-- 1 root root 3.7K Oct 12 09:29 ssh-run.nse
-rw-r--r-- 1 root root 1.4K Oct 12 09:29 sshv1.nse
$ nmap x.x.x.x -p 22 -sV --script=exampleScript1.nse,exampleScript2.nse

Manual Connection

$ nc -nv x.x.x.X 22 # Might give header

$ ssh x.x.x.x -p22

_Sidebar

Home

1. Recon

Ping Sweep

CIDR to IP

2. Enumeration

Enumeration General Notes

Host/Port Scanning

Services

01. FTP (21)

02. SSH (22)

03. SMTP (25)

04. DNS (53)

05. HTTP (80,443,8080,8443,etc.)

06. POP3 (110)

07. SMB (139,445)

08. SNMP (161,162)

09. LDAP (389)

10. MS-SQL or MySQL (1433,3306)

11. RDP (3389)

12. Winrm (5985)

13. Memcache (11221)

3. Exploitation

Exploitation General Notes

4. Post Exploiation

Post Exploitation General Notes

Editable Service

Privilege Escalation

Scheduled Jobs/Tasks

5. High Value Information

Hashes

6. Reporting

7. Random Notes/Useful Tidbits

Clone this wiki locally