From 6d57c7c0f7e6ddc05df9545756dc32caa66b10b3 Mon Sep 17 00:00:00 2001 From: Joe Testa Date: Tue, 24 Sep 2024 16:42:53 -0400 Subject: [PATCH] The -p/--port option will now set the default port for multi-host scans (specified with -T/--targets). (#294) --- README.md | 1 + src/ssh_audit/ssh_audit.py | 6 +++--- ssh-audit.1 | 4 ++-- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 469f444..28c576d 100644 --- a/README.md +++ b/README.md @@ -222,6 +222,7 @@ For convenience, a web front-end on top of the command-line tool is available at - Fixed host key tests from only reporting a key type at most once despite multiple hosts supporting it; credit [Daniel Lenski](https://github.com/dlenskiSB). - Fixed DHEat connection rate testing on MacOS X and BSD platforms; credit [Drew Noel](https://github.com/drewmnoel) and [Michael Osipov](https://github.com/michael-o). - Fixed invalid JSON output when a socket error occurs while performing a client audit. + - When scanning multiple targets (using `-T`/`--targets`), the `-p`/`--port` option will now be used as the default port (set to 22 if `-p`/`--port` is not given). Hosts specified in the file can override this default with an explicit port number (i.e.: "host1:1234"). For example, when using `-T targets.txt -p 222`, all hosts in `targets.txt` that do not explicitly include a port number will default to 222; when using `-T targets.txt` (without `-p`), all hosts will use a default of 22. - Added 1 new cipher: `grasshopper-ctr128`. - Added 2 new key exchanges: `mlkem768x25519-sha256`, `sntrup761x25519-sha512`. diff --git a/src/ssh_audit/ssh_audit.py b/src/ssh_audit/ssh_audit.py index 4e5fd49..c7f22a0 100755 --- a/src/ssh_audit/ssh_audit.py +++ b/src/ssh_audit/ssh_audit.py @@ -130,7 +130,7 @@ def usage(uout: OutputBuffer, err: Optional[str] = None) -> None: uout.info(' -P, --policy= run a policy test using the specified policy') uout.info(' --skip-rate-test skip the connection rate test during standard audits\n (used to safely infer whether the DHEat attack\n is viable)') uout.info(' -t, --timeout= timeout (in seconds) for connection and reading\n (default: 5)') - uout.info(' -T, --targets= a file containing a list of target hosts (one\n per line, format HOST[:PORT]). Use --threads\n to control concurrent scans.') + uout.info(' -T, --targets= a file containing a list of target hosts (one\n per line, format HOST[:PORT]). Use -p/--port\n to set the default port for all hosts. Use\n --threads to control concurrent scans.') uout.info(' --threads= number of threads to use when scanning multiple\n targets (-T/--targets) (default: 32)') uout.info(' -v, --verbose verbose output') uout.sep() @@ -1587,10 +1587,10 @@ def main() -> int: if aconf.json: print('[', end='') - # Loop through each target in the list. + # Loop through each target in the list. Entries can specify a port number to use, otherwise the value provided on the command line (--port=N) will be used by default (set to 22 if --port is not used). target_servers = [] for _, target in enumerate(aconf.target_list): - host, port = Utils.parse_host_and_port(target, default_port=22) + host, port = Utils.parse_host_and_port(target, default_port=aconf.port) target_servers.append((host, port)) # A ranked list of return codes. Those with higher indices will take precedence over lower ones. For example, if three servers are scanned, yielding WARNING, GOOD, and UNKNOWN_ERROR, the overall result will be UNKNOWN_ERROR, since its index is the highest. Errors have highest priority, followed by failures, then warnings. diff --git a/ssh-audit.1 b/ssh-audit.1 index 8008cc2..0968c15 100644 --- a/ssh-audit.1 +++ b/ssh-audit.1 @@ -1,4 +1,4 @@ -.TH SSH-AUDIT 1 "April 18, 2024" +.TH SSH-AUDIT 1 "September 24, 2024" .SH NAME \fBssh-audit\fP \- SSH server & client configuration auditor .SH SYNOPSIS @@ -149,7 +149,7 @@ The timeout, in seconds, for creating connections and reading data from the sock .TP .B -T, \-\-targets= .br -A file containing a list of target hosts. Each line must have one host, in the format of HOST[:PORT]. Use --threads to control concurrent scans. +A file containing a list of target hosts. Each line must have one host, in the format of HOST[:PORT]. Use -p/--port to set the default port for all hosts. Use --threads to control concurrent scans. .TP .B \-\-threads=