SSH mixin: New functions to help populate workspaces#21479
Open
g0tmi1k wants to merge 8 commits into
Open
Conversation
g0tmi1k
force-pushed
the
ssh_mixin
branch
3 times, most recently
from
30284d1 to
6672698
Compare
Contributor
Author
|
Before: Before$ git checkout master
Switched to branch 'master'
Your branch is up to date with 'origin/master'.
$ ./msfconsole -q -x 'workspace -D;
use auxiliary/scanner/ssh/ssh_version;
set RHOSTS 10.0.0.10;
run;'
[...]
[*] Auxiliary module execution completed
msf auxiliary(scanner/ssh/ssh_version) > workspace -v
Workspaces
==========
current name hosts services vulns creds loots notes
------- ---- ----- -------- ----- ----- ----- -----
* default 1 1 1 0 0 0
msf auxiliary(scanner/ssh/ssh_version) > hosts
Hosts
=====
address mac name os_name os_flavor os_sp purpose info comments
------- --- ---- ------- --------- ----- ------- ---- --------
10.0.0.10 Linux 8.04 server
msf auxiliary(scanner/ssh/ssh_version) > services
Services
========
host port proto name state info resource parents
---- ---- ----- ---- ----- ---- -------- -------
10.0.0.10 22 tcp ssh open SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu1 {}
msf auxiliary(scanner/ssh/ssh_version) >After$ git checkout ssh_mixin
Switched to branch 'ssh_mixin'
Your branch is up to date with 'origin/ssh_mixin'.
$ ./msfconsole -q -x 'workspace -D;
use auxiliary/scanner/ssh/ssh_version;
set RHOSTS 10.0.0.10;
run;'
[...]
[*] Auxiliary module execution completed
msf auxiliary(scanner/ssh/ssh_version) > workspace -v
Workspaces
==========
current name hosts services vulns creds loots notes
------- ---- ----- -------- ----- ----- ----- -----
* default 1 2 1 0 0 2
msf auxiliary(scanner/ssh/ssh_version) > hosts
Hosts
=====
address mac name os_name os_flavor os_sp purpose info comments
------- --- ---- ------- --------- ----- ------- ---- --------
10.0.0.10 Linux Ubuntu 8.04 server
msf auxiliary(scanner/ssh/ssh_version) > services
Services
========
host port proto name state info resource parents
---- ---- ----- ---- ----- ---- -------- -------
10.0.0.10 22 tcp ssh open SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu1 {} tcp (22/tcp)
10.0.0.10 22 tcp tcp open {}
msf auxiliary(scanner/ssh/ssh_version) > notes
Notes
=====
Time Host Service Port Protocol Type Data
---- ---- ------- ---- -------- ---- ----
2026-05-19 16:02:46 UTC 10.0.0.10 ssh 22 tcp ssh.cpe {:cpe=>"cpe:/o:canonical:ubuntu_linux:8.04"}
2026-05-19 16:02:46 UTC 10.0.0.10 ssh 22 tcp ssh.hostkey {:type=>"ssh-rsa", :fingerprint=>"SHA256:BQHm5EoHX9GCiOLuVscegPXLQOsuPs+E9d/rrJB84rk"}
msf auxiliary(scanner/ssh/ssh_version) > |
Contributor
Author
|
Also have it reporting_host:
Before
msf auxiliary(scanner/ssh/ssh_version) > workspace -D
[*] Deleted workspace: default
[*] Recreated the default workspace
msf auxiliary(scanner/ssh/ssh_version) > set RPORT 21
RPORT => 21
msf auxiliary(scanner/ssh/ssh_version) > run
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(scanner/ssh/ssh_version) > workspace -v
Workspaces
==========
current name hosts services vulns creds loots notes
------- ---- ----- -------- ----- ----- ----- -----
* default 0 0 0 0 0 0
msf auxiliary(scanner/ssh/ssh_version) >
msf auxiliary(scanner/ssh/ssh_version) >
msf auxiliary(scanner/ssh/ssh_version) >
msf auxiliary(scanner/ssh/ssh_version) > set RPORT 999
RPORT => 999
msf auxiliary(scanner/ssh/ssh_version) > run
[*] Error: 10.0.0.10: Errno::ECONNREFUSED Connection refused - connect(2) for 10.0.0.10:999
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(scanner/ssh/ssh_version) > workspace -v
Workspaces
==========
current name hosts services vulns creds loots notes
------- ---- ----- -------- ----- ----- ----- -----
* default 0 0 0 0 0 0
msf auxiliary(scanner/ssh/ssh_version) >After
msf auxiliary(scanner/ssh/ssh_version) > workspace -D
[*] Deleted workspace: default
[*] Recreated the default workspace
msf auxiliary(scanner/ssh/ssh_version) > set RPORT 21
RPORT => 21
msf auxiliary(scanner/ssh/ssh_version) > run
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(scanner/ssh/ssh_version) > workspace -v
Workspaces
==========
current name hosts services vulns creds loots notes
------- ---- ----- -------- ----- ----- ----- -----
* default 1 1 0 0 0 0
msf auxiliary(scanner/ssh/ssh_version) > hosts
Hosts
=====
address mac name os_name os_flavor os_sp purpose info comments
------- --- ---- ------- --------- ----- ------- ---- --------
10.0.0.10 Unknown device
msf auxiliary(scanner/ssh/ssh_version) > services
Services
========
host port proto name state info resource parents
---- ---- ----- ---- ----- ---- -------- -------
10.0.0.10 21 tcp open {}
msf auxiliary(scanner/ssh/ssh_version) >
msf auxiliary(scanner/ssh/ssh_version) >
msf auxiliary(scanner/ssh/ssh_version) >
msf auxiliary(scanner/ssh/ssh_version) > workspace -D
[*] Deleted workspace: default
[*] Recreated the default workspace
msf auxiliary(scanner/ssh/ssh_version) > set RPORT 999
RPORT => 999
msf auxiliary(scanner/ssh/ssh_version) > run
[*] Error: 10.0.0.10: Errno::ECONNREFUSED Connection refused - connect(2) for 10.0.0.10:999
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(scanner/ssh/ssh_version) > workspace -v
Workspaces
==========
current name hosts services vulns creds loots notes
------- ---- ----- -------- ----- ----- ----- -----
* default 1 0 0 0 0 0
msf auxiliary(scanner/ssh/ssh_version) > hosts
Hosts
=====
address mac name os_name os_flavor os_sp purpose info comments
------- --- ---- ------- --------- ----- ------- ---- --------
10.0.0.10
msf auxiliary(scanner/ssh/ssh_version) > |
g0tmi1k
force-pushed
the
ssh_mixin
branch
3 times, most recently
from
80cfdae to
5ee027a
Compare
And stop phantom service creation from `parents:` on port/proto lookup: ./lib/msf/core/db_manager/service.rb
g0tmi1k
force-pushed
the
ssh_mixin
branch
3 times, most recently
from
21dcd37 to
dea61ff
Compare
…en host up, service down
For Msf::Auxiliary::ReportSummary and otherwise there is a ghost/phantom unnamed service entry due to infer_vuln_from_session() -> find_by_port()
This was referenced May 26, 2026
This was referenced May 26, 2026
g0tmi1k
changed the title
Contributor
Author
|
Think I've finished tweaking with this PR! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR adds various new functions, with the goal to help auto update/populate the workspace:
connect_ssh()connect_ssh_transport()grab_ssh_banner()report_ssh_host()-report_host()&report_note(ssh.cpe)via Recog (same as FTP mixin)report_ssh_hostkeys()-report_note(ssh.hostkey)report_ssh_service()-report_service()All modules to use
connect_ssh()&connect_ssh_transport()were applicable.Examples of this being used:
This is a little older demo
Before
10.0.0.10(Metasploitable 2)After