metasploit-framework/modules/auxiliary/scanner/ssh/ssh_version.rb

##
# $Id$
##

##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##

require 'msf/core'


class Metasploit3 < Msf::Auxiliary

	include Msf::Exploit::Remote::Tcp
	include Msf::Auxiliary::Scanner
	include Msf::Auxiliary::Report

	def initialize
		super(
			'Name'        => 'SSH Version Scanner',
			'Version'     => '$Revision$',
			'Description' => 'Detect SSH Version.',
			'References'  =>
				[
					[ 'URL', 'http://en.wikipedia.org/wiki/SecureShell' ],
				],
			'Author'      => [ 'Daniel van Eeden <metasploit[at]myname.nl>' ],
			'License'     => MSF_LICENSE
		)

		register_options(
		[
			Opt::RPORT(22),
			OptInt.new('TIMEOUT', [true, 'Timeout for the SSH probe', 30])
		], self.class)
	end

	def to
		return 30 if datastore['TIMEOUT'].to_i.zero?
		datastore['TIMEOUT'].to_i
	end

	def run_host(target_host)
		begin
			::Timeout.timeout(to) do

				connect

				resp = sock.get_once(-1, 5)

				if (resp and resp =~ /SSH/)
					ver,msg = (resp.split(/[\r\n]+/))
					# Check to see if this is Kippo, which sends a premature
					# key init exchange right on top of the SSH version without
					# waiting for the required client identification string.
					if msg and msg.size >= 5
						extra = msg.unpack("NCCA*") # sz, pad_sz, code, data
						if (extra.last.size+2 == extra[0]) and extra[2] == 20
							ver << " (Kippo Honeypot)"
						end
					end
					print_status("#{target_host}:#{rport}, SSH server version: #{ver}")
					report_service(:host => rhost, :port => rport, :name => "ssh", :proto => "tcp", :info => ver)
				else
					print_error("#{target_host}:#{rport}, SSH server version detection failed!")
				end

				disconnect
			end

		rescue Timeout::Error
			print_error("#{target_host}:#{rport}, Server timed out after #{to} seconds. Skipping.")
		end
	end
end
Added ssh_version.rb from Daniel van Eeden. git-svn-id: file:///home/svn/framework3/trunk@6541 4d416f70-5f16-0410-b530-b9f4589650da 2009-05-11 02:46:59 +00:00			`##`
			`# $Id$`
			`##`

			`##`
Add and improve database reporting to existing scanner modules git-svn-id: file:///home/svn/framework3/trunk@8131 4d416f70-5f16-0410-b530-b9f4589650da 2010-01-15 03:25:34 +00:00			`# This file is part of the Metasploit Framework and may be subject to`
Added ssh_version.rb from Daniel van Eeden. git-svn-id: file:///home/svn/framework3/trunk@6541 4d416f70-5f16-0410-b530-b9f4589650da 2009-05-11 02:46:59 +00:00			`# redistribution and commercial restrictions. Please see the Metasploit`
			`# Framework web site for more information on licensing and terms of use.`
			`# http://metasploit.com/framework/`
			`##`

			`require 'msf/core'`


			`class Metasploit3 < Msf::Auxiliary`

			`include Msf::Exploit::Remote::Tcp`
			`include Msf::Auxiliary::Scanner`
			`include Msf::Auxiliary::Report`
Add and improve database reporting to existing scanner modules git-svn-id: file:///home/svn/framework3/trunk@8131 4d416f70-5f16-0410-b530-b9f4589650da 2010-01-15 03:25:34 +00:00
Added ssh_version.rb from Daniel van Eeden. git-svn-id: file:///home/svn/framework3/trunk@6541 4d416f70-5f16-0410-b530-b9f4589650da 2009-05-11 02:46:59 +00:00			`def initialize`
			`super(`
typo! git-svn-id: file:///home/svn/framework3/trunk@11103 4d416f70-5f16-0410-b530-b9f4589650da 2010-11-22 22:43:34 +00:00			`'Name' => 'SSH Version Scanner',`
Added ssh_version.rb from Daniel van Eeden. git-svn-id: file:///home/svn/framework3/trunk@6541 4d416f70-5f16-0410-b530-b9f4589650da 2009-05-11 02:46:59 +00:00			`'Version' => '$Revision$',`
			`'Description' => 'Detect SSH Version.',`
			`'References' =>`
			`[`
			`[ 'URL', 'http://en.wikipedia.org/wiki/SecureShell' ],`
			`],`
More SSH versions git-svn-id: file:///home/svn/framework3/trunk@8532 4d416f70-5f16-0410-b530-b9f4589650da 2010-02-17 14:42:11 +00:00			`'Author' => [ 'Daniel van Eeden <metasploit[at]myname.nl>' ],`
Added ssh_version.rb from Daniel van Eeden. git-svn-id: file:///home/svn/framework3/trunk@6541 4d416f70-5f16-0410-b530-b9f4589650da 2009-05-11 02:46:59 +00:00			`'License' => MSF_LICENSE`
			`)`

			`register_options(`
			`[`
			`Opt::RPORT(22),`
Wrap SSH and Telnet version checkers in a timeout, or else they sometimes hang forever. git-svn-id: file:///home/svn/framework3/trunk@10365 4d416f70-5f16-0410-b530-b9f4589650da 2010-09-18 03:00:19 +00:00			`OptInt.new('TIMEOUT', [true, 'Timeout for the SSH probe', 30])`
Added ssh_version.rb from Daniel van Eeden. git-svn-id: file:///home/svn/framework3/trunk@6541 4d416f70-5f16-0410-b530-b9f4589650da 2009-05-11 02:46:59 +00:00			`], self.class)`
			`end`

Wrap SSH and Telnet version checkers in a timeout, or else they sometimes hang forever. git-svn-id: file:///home/svn/framework3/trunk@10365 4d416f70-5f16-0410-b530-b9f4589650da 2010-09-18 03:00:19 +00:00			`def to`
			`return 30 if datastore['TIMEOUT'].to_i.zero?`
			`datastore['TIMEOUT'].to_i`
			`end`

Added ssh_version.rb from Daniel van Eeden. git-svn-id: file:///home/svn/framework3/trunk@6541 4d416f70-5f16-0410-b530-b9f4589650da 2009-05-11 02:46:59 +00:00			`def run_host(target_host)`
Wrap SSH and Telnet version checkers in a timeout, or else they sometimes hang forever. git-svn-id: file:///home/svn/framework3/trunk@10365 4d416f70-5f16-0410-b530-b9f4589650da 2010-09-18 03:00:19 +00:00			`begin`
Fix missing end, use explicit Timeout class git-svn-id: file:///home/svn/framework3/trunk@10366 4d416f70-5f16-0410-b530-b9f4589650da 2010-09-18 04:15:32 +00:00			`::Timeout.timeout(to) do`
Added ssh_version.rb from Daniel van Eeden. git-svn-id: file:///home/svn/framework3/trunk@6541 4d416f70-5f16-0410-b530-b9f4589650da 2009-05-11 02:46:59 +00:00
Wrap SSH and Telnet version checkers in a timeout, or else they sometimes hang forever. git-svn-id: file:///home/svn/framework3/trunk@10365 4d416f70-5f16-0410-b530-b9f4589650da 2010-09-18 03:00:19 +00:00			`connect`
Added ssh_version.rb from Daniel van Eeden. git-svn-id: file:///home/svn/framework3/trunk@6541 4d416f70-5f16-0410-b530-b9f4589650da 2009-05-11 02:46:59 +00:00
Committing the Kippo ssh honeypot detection as seen at AHA!. git-svn-id: file:///home/svn/framework3/trunk@11817 4d416f70-5f16-0410-b530-b9f4589650da 2011-02-24 13:57:26 +00:00			`resp = sock.get_once(-1, 5)`
Added ssh_version.rb from Daniel van Eeden. git-svn-id: file:///home/svn/framework3/trunk@6541 4d416f70-5f16-0410-b530-b9f4589650da 2009-05-11 02:46:59 +00:00
Committing the Kippo ssh honeypot detection as seen at AHA!. git-svn-id: file:///home/svn/framework3/trunk@11817 4d416f70-5f16-0410-b530-b9f4589650da 2011-02-24 13:57:26 +00:00			`if (resp and resp =~ /SSH/)`
			`ver,msg = (resp.split(/[\r\n]+/))`
			`# Check to see if this is Kippo, which sends a premature`
			`# key init exchange right on top of the SSH version without`
			`# waiting for the required client identification string.`
			`if msg and msg.size >= 5`
			`extra = msg.unpack("NCCA*") # sz, pad_sz, code, data`
			`if (extra.last.size+2 == extra[0]) and extra[2] == 20`
			`ver << " (Kippo Honeypot)"`
			`end`
			`end`
Wrap SSH and Telnet version checkers in a timeout, or else they sometimes hang forever. git-svn-id: file:///home/svn/framework3/trunk@10365 4d416f70-5f16-0410-b530-b9f4589650da 2010-09-18 03:00:19 +00:00			`print_status("#{target_host}:#{rport}, SSH server version: #{ver}")`
Committing the Kippo ssh honeypot detection as seen at AHA!. git-svn-id: file:///home/svn/framework3/trunk@11817 4d416f70-5f16-0410-b530-b9f4589650da 2011-02-24 13:57:26 +00:00			`report_service(:host => rhost, :port => rport, :name => "ssh", :proto => "tcp", :info => ver)`
Wrap SSH and Telnet version checkers in a timeout, or else they sometimes hang forever. git-svn-id: file:///home/svn/framework3/trunk@10365 4d416f70-5f16-0410-b530-b9f4589650da 2010-09-18 03:00:19 +00:00			`else`
			`print_error("#{target_host}:#{rport}, SSH server version detection failed!")`
			`end`

			`disconnect`
			`end`

			`rescue Timeout::Error`
			`print_error("#{target_host}:#{rport}, Server timed out after #{to} seconds. Skipping.")`
			`end`
Added ssh_version.rb from Daniel van Eeden. git-svn-id: file:///home/svn/framework3/trunk@6541 4d416f70-5f16-0410-b530-b9f4589650da 2009-05-11 02:46:59 +00:00			`end`
			`end`
Add and improve database reporting to existing scanner modules git-svn-id: file:///home/svn/framework3/trunk@8131 4d416f70-5f16-0410-b530-b9f4589650da 2010-01-15 03:25:34 +00:00