NMAP - Banner Check
Sub-playbook that performs an Nmap scan and compares the results against a regular expression to determine a match. This could be used to look for OpenSSH versions or other OS information found in the banner.
Nmap · 11 tasks · 4 inputs · 3 outputs
Inputs
RemoteIP— Remote IP address in an incident/alert.RemotePort— Remote port number in an incident/alert.Regex— Regular expression to compare against the banner for a match.NMAPOptions— Options to be used for Nmap scan. (We do "--script=banner -p<RemotePort>" by default and recommend using "-Pn" to skip a ping check.)
Outputs
ScanResult— The result of the scan (if done).ScanDone— Whether a scan was actually performed (based on subtypes).NMAP.Scan— NMAP scan data
Commands used
nmap-scan