But when doing ssh -v or sftp -v (because it is a sftp server) I can see: debug1: Remote protocol version 2.0, remote software version mod_sftp/0.9.9.
To be sure I used nmap:
nmap -Pn -p 2222 x.x.x.x -sVC
Starting Nmap 7.70 ( https://nmap.org ) at 2018-12-28 11:06 CET
Nmap scan report for x.com (x.x.x.x)
Host is up (0.023s latency).
PORT STATE SERVICE VERSION
2222/tcp open ssh ProFTPD mod_sftp 0.9.9 (protocol 2.0)
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 62.67 seconds
So:
You need to display the real banner, the one grabbed not making an internal match or something and displying a wrong banner when the ssh provider is not known from ssh-audit because it can lead to severe mistakes.
As #37 said, adding mod_sftp support (module sftp support in ProFTPD).
Update Also a real SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.6 is running on port 22 so I suspect that ssh-audit is ignoring the option for port 2222.
warning : read the update section
related to https://github.com/arthepsy/ssh-audit/issues/37
ssh-audit display the wrong banner instead of displaying the real one or saying he doesn't know this one:
But when doing
ssh -vorsftp -v(because it is a sftp server) I can see:debug1: Remote protocol version 2.0, remote software version mod_sftp/0.9.9.To be sure I used nmap:
So:
Update Also a real
SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.6is running on port 22 so I suspect that ssh-audit is ignoring the option for port 2222.https://github.com/arthepsy/ssh-audit/blob/22b671e15f0c8acdaed8594d0a8ae9f7c3303452/ssh-audit.py#L155-L185
==> this is it, if I put
ssh-audit -p 2222 x.x.x.xinstead ofssh-audit x.x.x.x -p 2222i have the good banner:So I suggest to support options in any order even after the host like nmap and many other tools are doing.