Default SSH banner responses
List of default banner responses for Debian, Ubuntu, and FreeBSD
Identifies Ubuntu, FreeBSD, or Debian version based on response of SSH banner.
Identifies the following versions:
Ubuntu 4.10 to 24.10
FreeBSD 4.3 to 14.1-RELEASE
Debian 3.x to 12.x
Raspbian 7.x to 11.x (tentative 11.x version recognition)
Note: The accuracy of the response is based on the default banner response. A number of scenarios may provide an inaccurate result from the target host:
- different OpenSSH version or alternative SSH server installed
- edited/omitted banner via sshd_config
- hexedit of OpenSSH binary; modified banner
- recompiled OpenSSH
nmap -p22 -sV --script ssh-os.nse <target>
OR
nmap -p <port number> -sV --script ssh-os.nse <target>
https://medium.com/@richlam.dev/nmap-ubuntu-debian-freebsd-version-discovery-ssh-oh-ece7e46af26e
https://github.com/rapid7/recog/blob/master/xml/ssh_banners.xml
-
Update FreeBSD SSH banner recognition to regex entire banner response; this will better distinguish between FreeBSD versions.
-
Migrate banner lookup references from within the script to external files. Eventually, the number of lookup tables within the script will be too unwieldly.