ssh-default-banners

Default SSH banner responses

List of default banner responses for Ubuntu, FreeBSD, and Debian.

ssh-os.nse:

Identifies Ubuntu, FreeBSD, or Debian version based on response of SSH banner.

Refer to ssh-os.nse for specific versions detected.

Note: The accuracy of the response is based on the default banner response. A number of scenarios may provide an inaccurate result from the target host:

• different OpenSSH version or alternative SSH server installed
• edited/omitted banner via sshd_config
• hexedit of OpenSSH binary; modified banner
• recompiled OpenSSH

Usage:

nmap -p22 -sV --script ssh-os.nse <target>
  OR
nmap -p <port number> -sV --script ssh-os.nse <target>

Medium Post:

https://medium.com/@richlam.dev/nmap-ubuntu-debian-freebsd-version-discovery-ssh-oh-ece7e46af26e

Nmap Pull Request:

nmap/nmap#1728

Some banners from:

https://github.com/rapid7/recog/blob/master/xml/ssh_banners.xml

TODO:

1. Update FreeBSD SSH banner recognition to regex entire banner response; this will better distinguish between FreeBSD versions.

2. Update Raspbian versions. (probably will never happen)