mirror of
https://github.com/jtesta/ssh-audit.git
synced 2024-11-21 10:01:41 +01:00
Fixed return value processing and mypy warning in algorithm_lookup(). Updated help listing, man page, and README.
This commit is contained in:
parent
86cb453928
commit
c7ad1828d8
@ -36,7 +36,8 @@ usage: ssh-audit.py [options] <host>
|
||||
-j, --json JSON output
|
||||
-l, --level=<level> minimum output level (info|warn|fail)
|
||||
-L, --list-policies list all the official, built-in policies
|
||||
--lookup=<alg> performs an algorithm lookup (accepts a comma separated list)
|
||||
--lookup=<alg1,alg2,...> looks up an algorithm(s) without
|
||||
connecting to a server
|
||||
-M, --make-policy=<policy.txt> creates a policy based on the target server
|
||||
(i.e.: the target server has the ideal
|
||||
configuration that other servers should
|
||||
@ -87,7 +88,8 @@ $ brew install ssh-audit
|
||||
### v2.2.1-dev (???)
|
||||
- Created new man page (see ssh-audit.1 file).
|
||||
- 1024-bit moduli upgraded from warnings to failures.
|
||||
- Many Python 2 code clean-ups, testing framework improvements, pylint & flake8 fixes, and mypy type comments; credit [Jürgen Gmach](https://github.com/jugmac00)).
|
||||
- Many Python 2 code clean-ups, testing framework improvements, pylint & flake8 fixes, and mypy type comments; credit [Jürgen Gmach](https://github.com/jugmac00).
|
||||
- Added feature to look up algorithms in internal database (see `--lookup`); credit [Adam Russell](https://github.com/thecliguy).
|
||||
- Suppress recommendation of token host key types.
|
||||
- Added check for use-after-free vulnerability in PuTTY v0.73.
|
||||
- Added 5 new host key types: `ssh-rsa1`, `ssh-dss-sha256@ssh.com`, `ssh-gost2001`, `ssh-gost2012-256`, `ssh-gost2012-512`.
|
||||
|
@ -61,6 +61,11 @@ Specify the minimum output level. Default is info.
|
||||
.br
|
||||
List all official, built-in policies for common systems. Their file paths can then be provided using -P/--policy=<path/to/policy.txt>.
|
||||
|
||||
.TP
|
||||
.B \-\-lookup=<alg1,alg2,...>
|
||||
.br
|
||||
Look up the security information of an algorithm(s) in the internal database. Does not connect to a server.
|
||||
|
||||
.TP
|
||||
.B -M, \-\-make-policy=<policy.txt>
|
||||
.br
|
||||
|
@ -79,7 +79,7 @@ def usage(err: Optional[str] = None) -> None:
|
||||
uout.info(' -j, --json JSON output')
|
||||
uout.info(' -l, --level=<level> minimum output level (info|warn|fail)')
|
||||
uout.info(' -L, --list-policies list all the official, built-in policies')
|
||||
uout.info(' --lookup=<alg> performs an algorithm lookup (accepts a comma separated list)')
|
||||
uout.info(' --lookup=<alg1,alg2,...> looks up an algorithm(s) without\n connecting to a server')
|
||||
uout.info(' -M, --make-policy=<policy.txt> creates a policy based on the target server\n (i.e.: the target server has the ideal\n configuration that other servers should\n adhere to)')
|
||||
uout.info(' -n, --no-colors disable colors')
|
||||
uout.info(' -p, --port=<port> port to connect')
|
||||
@ -580,7 +580,7 @@ class AuditConf:
|
||||
aconf.target_file = a
|
||||
elif o in ('-L', '--list-policies'):
|
||||
aconf.list_policies = True
|
||||
elif o in ('--lookup'):
|
||||
elif o == '--lookup':
|
||||
aconf.lookup = a
|
||||
|
||||
if len(args) == 0 and aconf.client_audit is False and aconf.target_file is None and aconf.list_policies is False and aconf.lookup == '':
|
||||
@ -3722,6 +3722,8 @@ def audit(aconf: AuditConf, sshv: Optional[int] = None, print_target: bool = Fal
|
||||
|
||||
|
||||
def algorithm_lookup(alg_names: str) -> int:
|
||||
'''Looks up a comma-separated list of algorithms and outputs their security properties. Returns a PROGRAM_RETVAL_* flag.'''
|
||||
retval = PROGRAM_RETVAL_GOOD
|
||||
alg_types = {
|
||||
'kex': 'key exchange algorithms',
|
||||
'key': 'host-key algorithms',
|
||||
@ -3751,7 +3753,7 @@ def algorithm_lookup(alg_names: str) -> int:
|
||||
for alg_type in alg_types:
|
||||
if len(algorithms_dict[alg_type]) > 0:
|
||||
title = str(alg_types.get(alg_type))
|
||||
retval = output_algorithms(title, adb, alg_type, algorithms_dict[alg_type], unknown_algorithms, False, PROGRAM_RETVAL_GOOD, padding)
|
||||
retval = output_algorithms(title, adb, alg_type, list(algorithms_dict[alg_type]), unknown_algorithms, False, retval, padding)
|
||||
|
||||
algorithms_dict_flattened = [
|
||||
alg_name
|
||||
|
Loading…
Reference in New Issue
Block a user