Find SSH servers (without NMAP)

Platform-independently find SSH servers (or other services with open ports) on an IPv4 subnet in pure Python WITHOUT NMAP. Scan entire IPv4 subnet in less than 1 second using Python standard library asyncio coroutines and a single thread.

The default asyncio coroutine uses a single thread and is more than 10x faster than concurrent.futures.ThreadPoolExecutor.

Although speed advantages weren't seen in our testing, findssh works with PyPy as well.

pip install findssh

or from this repo:

git clone https://github.com/scivision/findssh

pip install -e findssh

Usage

A canonical way to use FindSSH from other Python scripts is asyncio.

---

from command line:

python -m findssh

• -s check the string from the server to attempt to verify the correct service has been found
• -t timeout per server (seconds) useful for high latency connection
• -b baseip (check other subnet besides your own)
• -p network port to scan (default 22)

Benchmark

These tests used 500 ms timeout on WiFi.

Coroutine (single thread, fast, lean, recommended):

%timeit findssh.main()

522 ms ± 1.26 ms per loop (mean ± std. dev. of 7 runs, 1 loop each)

Thread pool (100 thread max, slow, heavy):

%timeit findssh.threadpool.main()

1.39 s ± 213 ms per loop (mean ± std. dev. of 7 runs, 1 loop each)

Trying to open too many threads via ThreadPoolExecutor can cause a system error like

OSError: [Errno 24] Too many open files

Thus in practical terms, using coroutines can be significantly faster than threads while using less system resources.