Network recon framework, published by @cea-sec & @ANSSI-FR. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligence from your sensors, and much more!

Stars: ✭ 2,331 (+5585.37%)

Mutual labels: nmap, nmap-scripts

nmap-log4shell

Nmap Log4Shell NSE script for discovery Apache Log4j RCE (CVE-2021-44228)

Stars: ✭ 54 (+31.71%)

Mutual labels: nmap, nmap-scripts

ObsidianSailboat

Nmap and NSE command line wrapper in the style of Metasploit

Stars: ✭ 36 (-12.2%)

Mutual labels: nmap, nmap-scripts

Htrace.sh

My simple Swiss Army knife for http/https troubleshooting and profiling.

Stars: ✭ 3,465 (+8351.22%)

Mutual labels: nmap, nmap-scripts

Vulscan

Advanced vulnerability scanning with Nmap NSE

Stars: ✭ 2,305 (+5521.95%)

Mutual labels: nmap, nmap-scripts

default-http-login-hunter

Stars: ✭ 285 (+595.12%)

Mutual labels: nmap, nmap-scripts

ivre

Network recon framework. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligence from your sensors, and much more!

Stars: ✭ 2,712 (+6514.63%)

Mutual labels: nmap, nmap-scripts

RC-exploiter

NOT SUPORTED ANYMORE -- try resource_files repository (mosquito)

Stars: ✭ 50 (+21.95%)

Mutual labels: nmap-scripts

SysmonConfigPusher

Pushes Sysmon Configs

Stars: ✭ 59 (+43.9%)

Mutual labels: threat-hunting

PowerGRR

PowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.

Stars: ✭ 52 (+26.83%)

Mutual labels: threat-hunting

blog-nojs-fingerprint-demo

A demo for the no-JavaScript fingerprinting article

Stars: ✭ 443 (+980.49%)

Mutual labels: fingerprinting

massnmap

Scans an internal network using massscan and nmap

Stars: ✭ 18 (-56.1%)

Mutual labels: nmap

MindMaps

#ThreatHunting #DFIR #Malware #Detection Mind Maps

Stars: ✭ 224 (+446.34%)

Mutual labels: threat-hunting

Azure-Sentinel-4-SecOps

Microsoft Sentinel SOC Operations

Stars: ✭ 140 (+241.46%)

Mutual labels: threat-hunting

censys-recon-ng

recon-ng modules for Censys

Stars: ✭ 29 (-29.27%)

Mutual labels: threat-hunting

checkweb

Identificador de Seguridad Web para Pentester

Stars: ✭ 19 (-53.66%)

Mutual labels: fingerprinting

View All Similar Projects ➔

hassh-utils

Docker

You can get the dockerized version of hassh.py from my Docker repository: https://hub.docker.com/r/0x4d31/hassh/

docker pull 0x4d31/hassh

Nmap NSE Script

ssh-hassh NSE script reports hasshServer (i.e. SSH Server Fingerprint) and hasshServerAlgorithms for the target SSH server. The resulting hassh is compared to a list of known hasshServer values to attempt to fingerprint it.

Basic usage:

 % nmap --script ssh-hassh.nse -p 22  192.168.10.136

Starting Nmap 7.60 ( https://nmap.org ) at 2019-09-30 20:45 PDT
Nmap scan report for mikrotik.planethacker.net (192.168.10.136)
Host is up (0.0063s latency).

PORT   STATE SERVICE
22/tcp open  ssh
| ssh-hassh:
|   Server Identification String: SSH-2.0-ROSSSH
|   hasshServer: 592ac2fb1645c3dc26ede0a59cd46957
|_  hasshServer Guess: SSH-2.0-ROSSSH (100%)

Nmap done: 1 IP address (1 host up) scanned in 0.30 seconds

A database file can be specified. See Nmap Documentation for more info on how Nmap handles custom data files. Generally, placing databases in /usr/share/nmap/nselib/data/ will work:

 % nmap --script ssh-hassh.nse --script-args database=hasshd 192.168.10.136

The client's identification string can also be specified if you want to use something besides the default value of SSH-2.0-Nmap-SSH-HASSH. Note: this must be formatted correctly; SSH-VERSION-STRING:

% nmap --script ssh-hassh.nse --script-args client_string=SSH-2.0-asdf -p 22 192.168.10.136

Increasing the verbosity with -v by will display the algorithms:

 % nmap --script ssh-hassh.nse -p 22 --open -Pn 192.168.10.136 -oX test.xml -v

...snip...

PORT   STATE SERVICE
22/tcp open  ssh
| ssh-hassh:
|   Server Identification String: SSH-2.0-ROSSSH
|   hasshServer: 592ac2fb1645c3dc26ede0a59cd46957
|   hasshServer Guess: SSH-2.0-ROSSSH (100%)
|_  hasshServer Algorithms: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,3des-cbc;hmac-sha1,hmac-md5;none

...snip...

Increasing the verbosity higher with -vv will list the algorithms:

 % nmap --script ssh-hassh.nse -p 22 --open -Pn 192.168.10.136 -oX test.xml -vv

...snip...

PORT   STATE SERVICE REASON
22/tcp open  ssh     syn-ack
| ssh-hassh:
|   Server Identification String: SSH-2.0-ROSSSH
|   hasshServer: 592ac2fb1645c3dc26ede0a59cd46957
|   hasshServer Guess: SSH-2.0-ROSSSH (100%)
|   kex_algorithms: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
|   encryption_algorithms: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,3des-cbc
|   mac_algorithms: hmac-sha1,hmac-md5
|   compression_algorithms: none
|_  server_host_key_algorithms: ssh-dss,ssh-rsa

...snip...

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

0x4D31 / hassh-utils

Programming Languages

Labels

Projects that are alternatives of or similar to hassh-utils

hassh-utils

Docker

Nmap NSE Script