SSH
Secure Shell protocol (port 22)
nmap
to scan all the algo that are supported by the SSH server
nmap -p22 $IP --script ssh2-enum-aglos
to get host key
nmap -p22 $IP --script ssh-hostkey --script-args ssh_hostkey=full
#again.... -sC does this for us.
to check what auth methods is there for a user
ssh -p22 $IP --script ssh-auth-methods --script-args="ssh.user=username"
bruteforce a user
nmap $IP -p22 --scrip ssh-brute --script-args userdb=/path/to/username(s).txt
hydra
bruteforce a user
hydra -l $username -P /path/to/wordlist $IP ssh
msfconsole
bruteforce a user
use auxiliary/scanner/ssh/ssh_login
#options
set RHOSTS $IP
set userpass_file /path/to/wordlist
set STOP_ON_SUCESS true
Last updated