Nmap ssh-run NSE Script
This page contains detailed information about how to use the ssh-run NSE script. For list of all NSE scripts, visit the Nmap NSE Library.
Select: |
---|
Script Overview
Script source code: https://github.com/nmap/nmap/tree/master/scripts/ssh-run.nse
Script categories: intrusive
Target service / protocol: ssh
Target network port(s): 22
List of CVEs: -
Script Description
The ssh-run.nse script runs remote command on ssh server and returns command output.
Ssh-run NSE Script Arguments
This is a full list of arguments supported by the ssh-run.nse script:
ssh-run.cmdCommand to run on remote server
ssh-run.passphrasePassphrase for privatekey if using publickey authentication
ssh-run.passwordPassword to use if using password authentication
ssh-run.privatekeyPrivatekeyfile to use if using publickey authentication
ssh-run.usernameUsername to authenticate as
- - -
To use these script arguments, add them to the Nmap command line using the --script-args arg1=value,[arg2=value,..]
syntax. For example:
nmap --script=ssh-run --script-args ssh-run.cmd=value,ssh-run.passphrase=value <target>
Ssh-run NSE Script Example Usage
Here's an example of how to use the ssh-run.nse script:
nmap -p 22 --script=ssh-run \
--script-args="ssh-run.cmd=ls -l /, ssh-run.username=myusername, ssh-run.password=mypassword" <target>
Ssh-run NSE Script Example Output
Here's a sample output from the ssh-run.nse script:
22/tcp open ssh
| ssh-run:
| output:
| total 91
| drwxr-xr-x 2 root root 4096 Jun 5 11:56 bin
| drwxr-xr-x 4 root root 3072 Jun 5 12:42 boot
| drwxrwxr-x 2 root root 4096 Jun 22 2017 cdrom
| drwxr-xr-x 20 root root 4060 Jun 23 10:26 dev
| drwxr-xr-x 127 root root 12288 Jun 5 11:56 etc
| drwxr-xr-x 3 root root 4096 Jun 22 2017 home
....
|_ drwxr-xr-x 13 root root 4096 Jul 20 2016 var
Ssh-run NSE Script Example XML Output
Here's a sample XML output from the ssh-run.nse script produced by providing the -oX <file>
Nmap option:
<elem key="output">total 91\x0D
drwxr-xr-x 2 root root 4096 Jun 5 11:56 bin\x0D
drwxr-xr-x 4 root root 3072 Jun 5 12:42 boot\x0D
drwxrwxr-x 2 root root 4096 Jun 22 2017 cdrom\x0D
drwxr-xr-x 20 root root 4060 Jun 23 10:26 dev\x0D
drwxr-xr-x 127 root root 12288 Jun 5 11:56 etc\x0D
drwxr-xr-x 3 root root 4096 Jun 22 2017 home\x0D
....\x0D
drwxr-xr-x 13 root root 4096 Jul 20 2016 var\x0D
</elem>
Author
- Devin Bjelland
References
- https://nmap.org/nsedoc/scripts/ssh-run.html
- https://github.com/nmap/nmap/tree/master/scripts/ssh-run.nse
See Also
Related NSE scripts to the ssh-run.nse script:
- ssh2-enum-algos.nse
- ssh-auth-methods.nse
- ssh-brute.nse
- ssh-hostkey.nse
- ssh-publickey-acceptance.nse
- sshv1.nse
Visit Nmap NSE Library for more scripts.
The ssh-run.nse script may fail with the following error messages. Check for the possible causes by using the code snippets highlighted below found in the script source code. This can often times help in identifying the root cause of the problem.
Failed to connect to ssh server
Here is a relevant code snippet related to the "Failed to connect to ssh server" error message:
60: end
61:
62: function action (host, port)
63: local conn = libssh2_util.SSHConnection:new()
64: if not conn:connect(host, port) then
65: return "Failed to connect to ssh server"
66: end
67: if username and password and cmd then
68: if not conn:password_auth(username, password) then
69: conn:disconnect()
70: stdnse.verbose "Failed to authenticate"
Failed to authenticate
Here is a relevant code snippet related to the "Failed to authenticate" error message:
65: return "Failed to connect to ssh server"
66: end
67: if username and password and cmd then
68: if not conn:password_auth(username, password) then
69: conn:disconnect()
70: stdnse.verbose "Failed to authenticate"
71: return "Authentication Failed"
72: else
73: stdnse.verbose "Authenticated"
74: end
75: elseif username and privatekey and cmd then
Authentication Failed
Here is a relevant code snippet related to the "Authentication Failed" error message:
66: end
67: if username and password and cmd then
68: if not conn:password_auth(username, password) then
69: conn:disconnect()
70: stdnse.verbose "Failed to authenticate"
71: return "Authentication Failed"
72: else
73: stdnse.verbose "Authenticated"
74: end
75: elseif username and privatekey and cmd then
76: if not conn:publickey_auth(username, privatekey, passphrase) then
Failed to authenticate
Here is a relevant code snippet related to the "Failed to authenticate" error message:
73: stdnse.verbose "Authenticated"
74: end
75: elseif username and privatekey and cmd then
76: if not conn:publickey_auth(username, privatekey, passphrase) then
77: conn:disconnect()
78: stdnse.verbose "Failed to authenticate"
79: return "Authentication Failed"
80: else
81: stdnse.verbose "Authenticated"
82: end
83:
Authentication Failed
Here is a relevant code snippet related to the "Authentication Failed" error message:
74: end
75: elseif username and privatekey and cmd then
76: if not conn:publickey_auth(username, privatekey, passphrase) then
77: conn:disconnect()
78: stdnse.verbose "Failed to authenticate"
79: return "Authentication Failed"
80: else
81: stdnse.verbose "Authenticated"
82: end
83:
84: else
Failed to specify credentials and command to run.
Here is a relevant code snippet related to the "Failed to specify credentials and command to run." error message:
80: else
81: stdnse.verbose "Authenticated"
82: end
83:
84: else
85: stdnse.verbose "Failed to specify credentials and command to run."
86: return "Failed to specify credentials and command to run."
87: end
88: stdnse.verbose("Running command: " .. cmd)
89: local output, err_output = conn:run_remote(cmd)
90: stdnse.verbose("Output of command: " .. output)
Failed to specify credentials and command to run.
Here is a relevant code snippet related to the "Failed to specify credentials and command to run." error message:
81: stdnse.verbose "Authenticated"
82: end
83:
84: else
85: stdnse.verbose "Failed to specify credentials and command to run."
86: return "Failed to specify credentials and command to run."
87: end
88: stdnse.verbose("Running command: " .. cmd)
89: local output, err_output = conn:run_remote(cmd)
90: stdnse.verbose("Output of command: " .. output)
91:
Version
This page has been created based on Nmap version 7.92.
Go back to menu.