mirror of
https://github.com/jtesta/ssh-audit.git
synced 2024-11-22 02:21:40 +01:00
Fixed return value processing and mypy warning in algorithm_lookup(). Updated help listing, man page, and README.
This commit is contained in:
parent
86cb453928
commit
c7ad1828d8
@ -36,7 +36,8 @@ usage: ssh-audit.py [options] <host>
|
|||||||
-j, --json JSON output
|
-j, --json JSON output
|
||||||
-l, --level=<level> minimum output level (info|warn|fail)
|
-l, --level=<level> minimum output level (info|warn|fail)
|
||||||
-L, --list-policies list all the official, built-in policies
|
-L, --list-policies list all the official, built-in policies
|
||||||
--lookup=<alg> performs an algorithm lookup (accepts a comma separated list)
|
--lookup=<alg1,alg2,...> looks up an algorithm(s) without
|
||||||
|
connecting to a server
|
||||||
-M, --make-policy=<policy.txt> creates a policy based on the target server
|
-M, --make-policy=<policy.txt> creates a policy based on the target server
|
||||||
(i.e.: the target server has the ideal
|
(i.e.: the target server has the ideal
|
||||||
configuration that other servers should
|
configuration that other servers should
|
||||||
@ -87,7 +88,8 @@ $ brew install ssh-audit
|
|||||||
### v2.2.1-dev (???)
|
### v2.2.1-dev (???)
|
||||||
- Created new man page (see ssh-audit.1 file).
|
- Created new man page (see ssh-audit.1 file).
|
||||||
- 1024-bit moduli upgraded from warnings to failures.
|
- 1024-bit moduli upgraded from warnings to failures.
|
||||||
- Many Python 2 code clean-ups, testing framework improvements, pylint & flake8 fixes, and mypy type comments; credit [Jürgen Gmach](https://github.com/jugmac00)).
|
- Many Python 2 code clean-ups, testing framework improvements, pylint & flake8 fixes, and mypy type comments; credit [Jürgen Gmach](https://github.com/jugmac00).
|
||||||
|
- Added feature to look up algorithms in internal database (see `--lookup`); credit [Adam Russell](https://github.com/thecliguy).
|
||||||
- Suppress recommendation of token host key types.
|
- Suppress recommendation of token host key types.
|
||||||
- Added check for use-after-free vulnerability in PuTTY v0.73.
|
- Added check for use-after-free vulnerability in PuTTY v0.73.
|
||||||
- Added 5 new host key types: `ssh-rsa1`, `ssh-dss-sha256@ssh.com`, `ssh-gost2001`, `ssh-gost2012-256`, `ssh-gost2012-512`.
|
- Added 5 new host key types: `ssh-rsa1`, `ssh-dss-sha256@ssh.com`, `ssh-gost2001`, `ssh-gost2012-256`, `ssh-gost2012-512`.
|
||||||
|
@ -61,6 +61,11 @@ Specify the minimum output level. Default is info.
|
|||||||
.br
|
.br
|
||||||
List all official, built-in policies for common systems. Their file paths can then be provided using -P/--policy=<path/to/policy.txt>.
|
List all official, built-in policies for common systems. Their file paths can then be provided using -P/--policy=<path/to/policy.txt>.
|
||||||
|
|
||||||
|
.TP
|
||||||
|
.B \-\-lookup=<alg1,alg2,...>
|
||||||
|
.br
|
||||||
|
Look up the security information of an algorithm(s) in the internal database. Does not connect to a server.
|
||||||
|
|
||||||
.TP
|
.TP
|
||||||
.B -M, \-\-make-policy=<policy.txt>
|
.B -M, \-\-make-policy=<policy.txt>
|
||||||
.br
|
.br
|
||||||
|
@ -79,7 +79,7 @@ def usage(err: Optional[str] = None) -> None:
|
|||||||
uout.info(' -j, --json JSON output')
|
uout.info(' -j, --json JSON output')
|
||||||
uout.info(' -l, --level=<level> minimum output level (info|warn|fail)')
|
uout.info(' -l, --level=<level> minimum output level (info|warn|fail)')
|
||||||
uout.info(' -L, --list-policies list all the official, built-in policies')
|
uout.info(' -L, --list-policies list all the official, built-in policies')
|
||||||
uout.info(' --lookup=<alg> performs an algorithm lookup (accepts a comma separated list)')
|
uout.info(' --lookup=<alg1,alg2,...> looks up an algorithm(s) without\n connecting to a server')
|
||||||
uout.info(' -M, --make-policy=<policy.txt> creates a policy based on the target server\n (i.e.: the target server has the ideal\n configuration that other servers should\n adhere to)')
|
uout.info(' -M, --make-policy=<policy.txt> creates a policy based on the target server\n (i.e.: the target server has the ideal\n configuration that other servers should\n adhere to)')
|
||||||
uout.info(' -n, --no-colors disable colors')
|
uout.info(' -n, --no-colors disable colors')
|
||||||
uout.info(' -p, --port=<port> port to connect')
|
uout.info(' -p, --port=<port> port to connect')
|
||||||
@ -580,7 +580,7 @@ class AuditConf:
|
|||||||
aconf.target_file = a
|
aconf.target_file = a
|
||||||
elif o in ('-L', '--list-policies'):
|
elif o in ('-L', '--list-policies'):
|
||||||
aconf.list_policies = True
|
aconf.list_policies = True
|
||||||
elif o in ('--lookup'):
|
elif o == '--lookup':
|
||||||
aconf.lookup = a
|
aconf.lookup = a
|
||||||
|
|
||||||
if len(args) == 0 and aconf.client_audit is False and aconf.target_file is None and aconf.list_policies is False and aconf.lookup == '':
|
if len(args) == 0 and aconf.client_audit is False and aconf.target_file is None and aconf.list_policies is False and aconf.lookup == '':
|
||||||
@ -3722,6 +3722,8 @@ def audit(aconf: AuditConf, sshv: Optional[int] = None, print_target: bool = Fal
|
|||||||
|
|
||||||
|
|
||||||
def algorithm_lookup(alg_names: str) -> int:
|
def algorithm_lookup(alg_names: str) -> int:
|
||||||
|
'''Looks up a comma-separated list of algorithms and outputs their security properties. Returns a PROGRAM_RETVAL_* flag.'''
|
||||||
|
retval = PROGRAM_RETVAL_GOOD
|
||||||
alg_types = {
|
alg_types = {
|
||||||
'kex': 'key exchange algorithms',
|
'kex': 'key exchange algorithms',
|
||||||
'key': 'host-key algorithms',
|
'key': 'host-key algorithms',
|
||||||
@ -3751,7 +3753,7 @@ def algorithm_lookup(alg_names: str) -> int:
|
|||||||
for alg_type in alg_types:
|
for alg_type in alg_types:
|
||||||
if len(algorithms_dict[alg_type]) > 0:
|
if len(algorithms_dict[alg_type]) > 0:
|
||||||
title = str(alg_types.get(alg_type))
|
title = str(alg_types.get(alg_type))
|
||||||
retval = output_algorithms(title, adb, alg_type, algorithms_dict[alg_type], unknown_algorithms, False, PROGRAM_RETVAL_GOOD, padding)
|
retval = output_algorithms(title, adb, alg_type, list(algorithms_dict[alg_type]), unknown_algorithms, False, retval, padding)
|
||||||
|
|
||||||
algorithms_dict_flattened = [
|
algorithms_dict_flattened = [
|
||||||
alg_name
|
alg_name
|
||||||
|
Loading…
Reference in New Issue
Block a user