description	This guide covers best-practices for SSH scanning, understanding the different types of SSH scanning techniques, and how to securely use them in a penetration testing environment.
cover	../.gitbook/assets/SSH Penetration Testing.png
coverY	0

Scanning

Check authentication methods

nmap -p22 <ip> --script ssh-auth-methods --script-args="ssh.user=root

Send default nmap scripts for SSH

nmap -p22 <ip> -sC

Retrieve version

nmap -p22 <ip> -sV

Retrieve SSH version using Metaploit

auxiliary/scanner/ssh/ssh_version
msf auxiliary(ssh_version) > set rhosts 192.168.1.17
msf auxiliary(ssh_version) > set rport 22
msf auxiliary(ssh_version) > exploit

Retrieve supported algorithms

nmap -p22 <ip> --script ssh2-enum-algos

Retrieve weak keys

nmap -p22 <ip> --script ssh-hostkey --script-args ssh_hostkey=full

{% embed url="https://cli-ck.me/haiku" %}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Scanning

Check authentication methods

Send default nmap scripts for SSH

Retrieve version

Retrieve SSH version using Metaploit

Retrieve supported algorithms

Retrieve weak keys

FilesExpand file tree

scanning.md

Latest commit

History

scanning.md

File metadata and controls

Scanning

Check authentication methods

Send default nmap scripts for SSH

Retrieve version

Retrieve SSH version using Metaploit

Retrieve supported algorithms

Retrieve weak keys