Description of problem: nmap seems to be build without SSH2 support. However, the NSE & LUA scripts are included in the RPM. This may lead to confusion. How reproducible: 100% Steps to Reproduce: 1. check nmap status [root@rhel8-1 nmap]# nmap -V | grep without Compiled without: libssh2 libz 2. check ssh2 related files included in the RPM [root@rhel8-1 nmap]# rpm -ql nmap | grep ssh /usr/share/nmap/nselib/libssh2-utility.lua /usr/share/nmap/nselib/libssh2.luadoc /usr/share/nmap/nselib/ssh1.lua /usr/share/nmap/nselib/ssh2.lua /usr/share/nmap/scripts/ssh-auth-methods.nse /usr/share/nmap/scripts/ssh-brute.nse /usr/share/nmap/scripts/ssh-hostkey.nse /usr/share/nmap/scripts/ssh-publickey-acceptance.nse /usr/share/nmap/scripts/ssh-run.nse /usr/share/nmap/scripts/ssh2-enum-algos.nse /usr/share/nmap/scripts/sshv1.nse 3. Try to call the ssh-* scripts $ nmap -vvv -d -sS -p2200 -sV --version-light -sC --script=ssh-publickey-acceptance,ssh-auth-methods -oA ssh-test localhost Actual results: ``` Starting Nmap 7.70 ( https://nmap.org ) at 2019-10-14 05:23 EDT [...] NSE: Using Lua 5.3. NSE: Arguments from CLI: NSE: module 'libssh2' not found: NSE failed to find nselib/libssh2.lua in search paths. no field package.preload['libssh2'] no file '/usr/local/share/lua/5.3/libssh2.lua' no file '/usr/local/share/lua/5.3/libssh2/init.lua' no file '/usr/local/lib/lua/5.3/libssh2.lua' no file '/usr/local/lib/lua/5.3/libssh2/init.lua' no file './libssh2.lua' no file './libssh2/init.lua' no file '/usr/local/lib/lua/5.3/libssh2.so' no file '/usr/local/lib/lua/5.3/loadall.so' no file './libssh2.so' stack traceback: /usr/bin/../share/nmap/nse_main.lua:293: in function 'stdnse.silent_require' /usr/bin/../share/nmap/nselib/libssh2-utility.lua:14: in main chunk [C]: in function 'require' /usr/bin/../share/nmap/scripts/ssh-auth-methods.nse:3: in function </usr/bin/../share/nmap/scripts/ssh-auth-methods.nse:1> NSE: Failed to load '/usr/bin/../share/nmap/scripts/ssh-auth-methods.nse'. NSE: module 'libssh2' not found: NSE failed to find nselib/libssh2.lua in search paths. no field package.preload['libssh2'] no file '/usr/local/share/lua/5.3/libssh2.lua' no file '/usr/local/share/lua/5.3/libssh2/init.lua' no file '/usr/local/lib/lua/5.3/libssh2.lua' no file '/usr/local/lib/lua/5.3/libssh2/init.lua' no file './libssh2.lua' no file './libssh2/init.lua' no file '/usr/local/lib/lua/5.3/libssh2.so' no file '/usr/local/lib/lua/5.3/loadall.so' no file './libssh2.so' stack traceback: /usr/bin/../share/nmap/nse_main.lua:293: in function 'stdnse.silent_require' /usr/bin/../share/nmap/nselib/libssh2-utility.lua:14: in main chunk [C]: in function 'require' /usr/bin/../share/nmap/scripts/ssh-publickey-acceptance.nse:9: in function </usr/bin/../share/nmap/scripts/ssh-publickey-acceptance.nse:1> ``` Expected results: => The scripts requiring the missing libssh2 module should not be included in the RPM, since they can not be used. Additional info: libssh2-utility requires libssh2, which is omitted in the build. Thus all scripts requiring libssh2-utility will fail. I think the following files can be removed : ssh-auth-methods.nse ssh-brute.nse ssh-publickey-acceptance.nse ssh-run.nse libssh2-utility.lua
Development Management has reviewed and declined this request. You may appeal this decision by reopening this request.