2015-12-23 03:56:13 +01:00
|
|
|
# ssh-audit
|
2015-12-23 04:52:21 +01:00
|
|
|
**ssh-audit** is a tool for ssh server auditing.
|
|
|
|
|
|
|
|
|
|
## Features
|
|
|
|
|
- grab banner, detect ssh1 protocol and zlib compression;
|
|
|
|
|
- gather key-exchange, host-key, encryption and message authentication code algorithms;
|
|
|
|
|
- output algorithm information (available since, removed/disabled, unsafe/weak/legacy, etc);
|
2015-12-30 12:17:58 +01:00
|
|
|
- historical information from OpenSSH and Dropbear SSH;
|
2015-12-30 16:01:11 +01:00
|
|
|
- no dependencies, compatible with python2 and python3;
|
2015-12-23 04:52:21 +01:00
|
|
|
|
|
|
|
|
## Usage
|
|
|
|
|
```
|
|
|
|
|
usage: ssh-audit.py [-nv] host[:port]
|
|
|
|
|
|
|
|
|
|
-v verbose
|
|
|
|
|
-n disable colors
|
|
|
|
|
```
|
|
|
|
|
Verbose flag will fill each row, i.e, not leave blanks, for easier usage with _batch_ scripts or with manual grepping.
|
|
|
|
|
|
|
|
|
|
### example
|
2016-01-05 17:13:46 +01:00
|
|
|
|
2015-12-23 04:52:21 +01:00
|
|
|
|
|
|
|
|
## ChangeLog
|
2016-03-07 12:01:57 +01:00
|
|
|
### v1.0.20160207
|
|
|
|
|
- use OpenSSH 7.2 banner
|
|
|
|
|
- additional warnings for OpenSSH 7.2
|
|
|
|
|
- fix OpenSSH 7.0 failure messages
|
|
|
|
|
- add rijndael-cbc failure message from OpenSSH 6.7
|
|
|
|
|
|
2016-01-05 13:14:50 +01:00
|
|
|
### v1.0.20160105
|
2016-01-05 17:04:49 +01:00
|
|
|
- multiple additional warnings
|
|
|
|
|
- support for none algorithm
|
2016-01-05 13:14:50 +01:00
|
|
|
- better compression handling
|
|
|
|
|
- ensure reading enough data (fixes few Linux SSH)
|
|
|
|
|
|
2015-12-30 12:17:58 +01:00
|
|
|
### v1.0.20151230
|
|
|
|
|
- Dropbear SSH support
|
|
|
|
|
|
2015-12-23 04:52:21 +01:00
|
|
|
### v1.0.20151223
|
|
|
|
|
- initial version
|
