Skip to content
This repository has been archived by the owner on Jan 24, 2022. It is now read-only.

ssh_scan result parsing cheat sheet

Jump to bottom
Jonathan Claudius edited this page Mar 24, 2017 · 1 revision

At times, you're going to want to explore some of the ssh_scan results you get and maybe produce results for other tools that don't understand JSON or just for human consumption.

This page describes some of the more common things people want to pull out of scan results...

Give me a list of IPs that allow password authentication?

jq -r '.[] | select(.auth_methods[]? | contains("password")) | .ip' < ssh_scan.json
192.168.1.1
192.168.1.2
192.168.1.3
...

Give me a list of all IPs and their SSH Banners?

jq -r '.[] | "\(.ip),\(.server_banner)"' < ssh_scan.json
192.168.1.1,SSH-2.0-OpenSSH_6.6.1
192.168.1.2,SSH-2.0-cryptlib
192.168.1.3,SSH-1.99-OpenSSH_5.3
...
Clone this wiki locally