NSE LIB

Back to library
Official intrusive Auth

ssh-auth-methods

Returns authentication methods that a SSH server supports.

Ports

Any

Protocols

n/a

Attribution

Nmap Project

Usage

Copy the command and adjust the target or script arguments as needed. 

nmap -p 22 --script ssh-auth-methods --script-args="ssh.user=<username>" <target>
Script Source Toggle

The full script source is stored with this entry and is hidden by default to keep the page easier to scan. 

local shortport = require "shortport"
local stdnse = require "stdnse"
local libssh2_util = require "libssh2-utility"
local rand = require "rand"

description = [[
Returns authentication methods that a SSH server supports.

This is in the "intrusive" category because it starts an authentication with a
username which may be invalid. The abandoned connection will likely be logged.
]]

---
-- @usage
--  nmap -p 22 --script ssh-auth-methods --script-args="ssh.user=<username>" <target>
--
-- @output
-- 22/tcp open  ssh     syn-ack
-- 22/tcp open  ssh     syn-ack
-- | ssh-auth-methods:
-- |   Supported authentication methods:
-- |     publickey
-- |     password
-- |   Banner: This is a private system. Use of this system constitutes
-- |_consent to monitoring.
--
-- @xmloutput
-- <table key="Supported authentication methods">
--   <elem>publickey</elem>
--   <elem>password</elem>
-- </table>
-- <elem key="Banner">This is a private system. Use of this system constitutes&#xa;consent to monitoring.&#xa;</elem>

author = "Devin Bjelland"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"auth", "intrusive"}

local username = stdnse.get_script_args("ssh.user") or rand.random_alpha(5)
portrule = shortport.ssh

function action (host, port)
  local result = stdnse.output_table()
  local helper = libssh2_util.SSHConnection:new()
  local status, err = helper:connect_pcall(host, port)
  if not status then
    return "Failed to connect to ssh server: " .. err
  end

  local authmethods = helper:list(username)

  result["Supported authentication methods"] = authmethods
  result["Banner"] = helper:banner()

  return result
end

Overview

Returns authentication methods that a SSH server supports. This is in the “intrusive” category because it starts an authentication with a username which may be invalid. The abandoned connection will likely be logged.