mirror of https://github.com/jtesta/ssh-audit.git
The -p/--port option will now set the default port for multi-host scans (specified with -T/--targets). (#294)
This commit is contained in:
parent
ea3258151e
commit
6d57c7c0f7
|
@ -222,6 +222,7 @@ For convenience, a web front-end on top of the command-line tool is available at
|
|||
- Fixed host key tests from only reporting a key type at most once despite multiple hosts supporting it; credit [Daniel Lenski](https://github.com/dlenskiSB).
|
||||
- Fixed DHEat connection rate testing on MacOS X and BSD platforms; credit [Drew Noel](https://github.com/drewmnoel) and [Michael Osipov](https://github.com/michael-o).
|
||||
- Fixed invalid JSON output when a socket error occurs while performing a client audit.
|
||||
- When scanning multiple targets (using `-T`/`--targets`), the `-p`/`--port` option will now be used as the default port (set to 22 if `-p`/`--port` is not given). Hosts specified in the file can override this default with an explicit port number (i.e.: "host1:1234"). For example, when using `-T targets.txt -p 222`, all hosts in `targets.txt` that do not explicitly include a port number will default to 222; when using `-T targets.txt` (without `-p`), all hosts will use a default of 22.
|
||||
- Added 1 new cipher: `grasshopper-ctr128`.
|
||||
- Added 2 new key exchanges: `mlkem768x25519-sha256`, `sntrup761x25519-sha512`.
|
||||
|
||||
|
|
|
@ -130,7 +130,7 @@ def usage(uout: OutputBuffer, err: Optional[str] = None) -> None:
|
|||
uout.info(' -P, --policy=<policy.txt> run a policy test using the specified policy')
|
||||
uout.info(' --skip-rate-test skip the connection rate test during standard audits\n (used to safely infer whether the DHEat attack\n is viable)')
|
||||
uout.info(' -t, --timeout=<secs> timeout (in seconds) for connection and reading\n (default: 5)')
|
||||
uout.info(' -T, --targets=<hosts.txt> a file containing a list of target hosts (one\n per line, format HOST[:PORT]). Use --threads\n to control concurrent scans.')
|
||||
uout.info(' -T, --targets=<hosts.txt> a file containing a list of target hosts (one\n per line, format HOST[:PORT]). Use -p/--port\n to set the default port for all hosts. Use\n --threads to control concurrent scans.')
|
||||
uout.info(' --threads=<threads> number of threads to use when scanning multiple\n targets (-T/--targets) (default: 32)')
|
||||
uout.info(' -v, --verbose verbose output')
|
||||
uout.sep()
|
||||
|
@ -1587,10 +1587,10 @@ def main() -> int:
|
|||
if aconf.json:
|
||||
print('[', end='')
|
||||
|
||||
# Loop through each target in the list.
|
||||
# Loop through each target in the list. Entries can specify a port number to use, otherwise the value provided on the command line (--port=N) will be used by default (set to 22 if --port is not used).
|
||||
target_servers = []
|
||||
for _, target in enumerate(aconf.target_list):
|
||||
host, port = Utils.parse_host_and_port(target, default_port=22)
|
||||
host, port = Utils.parse_host_and_port(target, default_port=aconf.port)
|
||||
target_servers.append((host, port))
|
||||
|
||||
# A ranked list of return codes. Those with higher indices will take precedence over lower ones. For example, if three servers are scanned, yielding WARNING, GOOD, and UNKNOWN_ERROR, the overall result will be UNKNOWN_ERROR, since its index is the highest. Errors have highest priority, followed by failures, then warnings.
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
.TH SSH-AUDIT 1 "April 18, 2024"
|
||||
.TH SSH-AUDIT 1 "September 24, 2024"
|
||||
.SH NAME
|
||||
\fBssh-audit\fP \- SSH server & client configuration auditor
|
||||
.SH SYNOPSIS
|
||||
|
@ -149,7 +149,7 @@ The timeout, in seconds, for creating connections and reading data from the sock
|
|||
.TP
|
||||
.B -T, \-\-targets=<hosts.txt>
|
||||
.br
|
||||
A file containing a list of target hosts. Each line must have one host, in the format of HOST[:PORT]. Use --threads to control concurrent scans.
|
||||
A file containing a list of target hosts. Each line must have one host, in the format of HOST[:PORT]. Use -p/--port to set the default port for all hosts. Use --threads to control concurrent scans.
|
||||
|
||||
.TP
|
||||
.B \-\-threads=<threads>
|
||||
|
|
Loading…
Reference in New Issue