SSH-key checking #3

0x27 · 2016-04-10T01:12:37Z

A lot of hidden services (close to 3% in my last big scan) are configured so that the .onion address serves all ports.

If SSH is being served, you can grab the key fingerprint and sometimes uncloak the HS by checking it against Shodan or your own database of scans.

Example code (in Python) to do this is here: https://github.com/0x27/ssh_keyscanner

s-rah · 2016-04-10T22:33:46Z

Looks like there are two new rulesets here:

Onion configured to serve more than 1 port - not a terrible idea, but certainly leaves open the possibility of a misconfiguration.
SSH Key checking

s-rah · 2016-04-20T06:39:54Z

Have a working prototype for this, will be up soon

s-rah · 2016-04-25T02:50:20Z

Fingerprinting added in 44e6d5c - still would be cool to lookup the fingerprint in a DB.

0x27 · 2016-04-25T09:13:38Z

@s-rah - Its possible to search ssh keys on Shodan, with the Shodan API. There is even a Go library: https://github.com/ns3777k/go-shodan

Still getting to grips with Go, slowly, coming up to exams here though so its slow going.

Hypothetically, an imaginary friend was able to deanonymize a good number of services by doing that (Shodanning the fingerprints)...

PeterTonoli · 2016-04-25T11:47:13Z

Might help to look at #26 too, when implementing..

s-rah · 2016-10-04T05:16:41Z

Closing this in favor of #73

s-rah added the enhancement label Apr 10, 2016

s-rah added the new protocol label Apr 10, 2016

This was referenced Apr 10, 2016

Add detecting and scanning of Ricochet Services #7

Open

Add Port Scanning & Eventing Base #8

Closed

s-rah self-assigned this Apr 20, 2016

PeterTonoli mentioned this issue Apr 25, 2016

Design 3rd Party Database Lookups #26

Open

0x27 mentioned this issue Apr 25, 2016

Database Support #27

Closed

s-rah modified the milestone: Version 0.1 May 5, 2016

s-rah closed this as completed Oct 4, 2016

Provide feedback