Commit Graph

253 Commits

Author SHA1 Message Date
Andris Raugulis dfb8c302bf Fix pylint reported attribute-defined-outside-init. 2016-10-20 16:46:53 +03:00
Andris Raugulis 4120377c0b Remove unnecessary argument. 2016-10-20 16:41:44 +03:00
Andris Raugulis 5be64a8ad2 Fix pylint reported dangerous-default-value. 2016-10-20 16:31:48 +03:00
Andris Raugulis 67087fb920 Fix pylint reported anomalous-backslash-in-string. 2016-10-20 16:27:11 +03:00
Andris Raugulis fabb4b5bb2 Add static typing and refactor code to pass all mypy checks.
Move Python compatibility types to first lines of code.
Add Python (text/byte) compatibility helper functions.
Check for SSH banner ASCII validity.
2016-10-19 20:47:13 +03:00
Andris Raugulis 8ca6ec591d Handle the case when received data is in wrong encoding (not utf-8). 2016-10-18 09:45:03 +03:00
Andris Raugulis 6b76e68d0d Fix wrongly introduced Python 3 incompatibility. Fixes #14 and #15.
Add static type checks via mypy (optional static type checker),
Add relevant tests, which could trigger the issue.
2016-10-17 20:31:13 +03:00
Andris Raugulis c9d58bb827 Switch to new development version. 2016-10-14 09:14:07 +03:00
Andris Raugulis e60d4ff809 Add kex/pkm payload generation. 2016-10-13 17:53:39 +03:00
Andris Raugulis 93b908f890 Fix error output. 2016-10-13 17:53:01 +03:00
Andris Raugulis f1e8231b67 Make usage's output independent. 2016-10-10 12:42:01 +03:00
Andris Raugulis 84ac5a30ab Decouple AuditConf from Output. 2016-10-07 19:55:31 +03:00
Andris Raugulis 705bedd608 Do not output empty algorithm. 2016-10-06 16:22:09 +03:00
Andris Raugulis 4b456dd01e Return level name, not level itself (make consistent with setter). 2016-10-06 15:18:39 +03:00
Andris Raugulis 301a27ae27 Wrap utils in single class. 2016-10-06 14:36:30 +03:00
Andris Raugulis 76f49d4016 Output unicode not bytes in Python3. 2016-10-06 03:42:43 +03:00
Andris Raugulis ec0b4704e9 Move Kex to SSH2. 2016-10-06 02:59:15 +03:00
Andris Raugulis a193059bc9 Lazy CRC32 initialization. 2016-10-05 14:56:36 +03:00
Andris Raugulis 7959c7448a Fix and update write buffer. Add buffer tests. 2016-10-05 06:06:26 +03:00
Andris Raugulis 262c65b7be Fix version comparison and update tests. 2016-10-05 04:09:50 +03:00
Andris Raugulis 407ddbd7ea Cosmetic whitespace fix. 2016-10-05 03:31:03 +03:00
Andris Raugulis aee949a717 Fix software representation. Add software tests. 2016-10-05 03:27:43 +03:00
Andris Raugulis 489a24c564 Fix banner protocol (1.99) recognition and clean banner comments. Add banner tests. 2016-10-05 03:25:54 +03:00
Andris Raugulis 5269b63e64 Weigh faults to recommend lesser evil. Colorize recommendations. 2016-10-04 11:14:03 +03:00
Andris Raugulis 5de7b913fd Recognize libssh (software, history, compatibility, security, etc). Closes #8. 2016-10-04 10:27:27 +03:00
Andris Raugulis 0c98bc1397 If software is not recognized, output recommendations based on compatibility. 2016-10-03 00:29:28 +03:00
Andris Raugulis f25e6caa2a Implement algorithm recommendations sections. 2016-09-28 17:03:38 +03:00
Andris Raugulis 29a0bb86fa Refactor algorithm pair/set reuse. 2016-09-28 17:01:37 +03:00
Andris Raugulis 1fda7b2a3e Support simple software output (without patch). 2016-09-28 16:58:58 +03:00
Andris Raugulis 7d5f74810b Back to development version. 2016-09-20 12:36:14 +03:00
Andris Raugulis e9b9a457dd Release 1.5.0. 2016-09-20 12:26:14 +03:00
Andris Raugulis 4dcf1c91cd Bump version. 2016-09-17 20:37:48 +03:00
Andris Raugulis 3421c8e294 Output fingerprint (defaults to SHA256 format). 2016-09-17 20:37:03 +03:00
Andris Raugulis 684ea315ec Shorten variables. 2016-09-17 20:24:53 +03:00
Andris Raugulis a70b93862a Output SSH1 host-key algorithm. 2016-09-17 20:21:18 +03:00
Andris Raugulis b16ef4d040 Add fingerprint support. 2016-09-17 20:15:47 +03:00
Andris Raugulis 5bc31ea70c Implement SSH1 support (cipher, auth, compatibility, texts, etc) #6. 2016-09-17 20:15:21 +03:00
Andris Raugulis fce491767c Signed mpint. 2016-09-17 19:23:24 +03:00
Andris Raugulis ddc5ea22f5 Refactor algorithm functions. 2016-09-17 05:38:11 +03:00
Andris Raugulis adba0ea08a Refactor timeframe and compatibility functions. 2016-09-17 00:58:06 +03:00
Andris Raugulis 11ee9ecd05 Fix output compatibility for ssh client. 2016-09-17 00:35:33 +03:00
Andris Raugulis a861fe0c8a Since text could be empty or client-only. 2016-09-17 00:30:04 +03:00
Andris Raugulis f6a6fb98bc Recognize Allegro Software RomSShell. 2016-09-16 16:09:49 +03:00
Andris Raugulis cb19718568 Add SSH1 and SSH2 forcing options. By default, both are allowed. 2016-09-16 14:55:27 +03:00
Andris Raugulis 9030e71892 Initial SSH1 support (packet reading, SMSG_PUBLIC_KEY, CRC32, etc) #6. 2016-09-15 18:00:09 +03:00
Andris Raugulis d6980242ba Pyython 2.6 compatible bit length. 2016-09-15 15:55:27 +03:00
Andris Raugulis 285d7280eb Implement mpint1 read/write. Optimize mpint writing. Test mpint1. 2016-09-15 06:09:08 +03:00
Andris Raugulis 089d7d597c Implement mpint2 read/write and tests. Refactor (Read|Write)Buf. 2016-09-14 16:33:38 +03:00
Andris Raugulis bfa9e6f936 Do not hang when remote host closes connection fast. Fix security output. 2016-09-13 13:17:41 +03:00
Andris Raugulis e3559a76b8 Differentiate between server and client security issues. Ignore client-side. 2016-09-13 13:01:38 +03:00
Andris Raugulis 4479db966a Implement OpenSSH version comparison. 2016-09-13 12:38:05 +03:00
Andris Raugulis 3aaad8b734 Implement specific Dropbear SSH version comparison (e.g., 0.44 vs 0.44test3). 2016-09-12 19:21:57 +03:00
Andris Raugulis e8fd70a541 Fix Software __repr__. 2016-09-09 17:43:25 +03:00
Andris Raugulis b11018bd7d Add other security information. Add remote root exploit for Dropbear SSH. 2016-09-08 20:04:48 +03:00
Andris Raugulis 864b5dae85 Bump version. 2016-09-08 19:01:17 +03:00
Andris Raugulis bdee87c7d3 Do not use padding, when outputting in batch mode. 2016-09-08 19:00:35 +03:00
Andris Raugulis 2747907784 Consistent output for compression. 2016-09-08 18:52:38 +03:00
Andris Raugulis 243e4db74f Create security section. Add CVE for Dropbear SSH. 2016-09-08 18:50:19 +03:00
Andris Raugulis 13d945d8df Fix: Do not hang, while reading banner. 2016-09-08 15:01:57 +03:00
Andris Raugulis dbcc0f2c4f Do not repeat strings, use constants. Also, encapsulate MSG constants. 2016-09-08 14:55:58 +03:00
Andris Raugulis 3f6a8eb7ba Specify order for compatibility output. 2016-09-08 14:10:39 +03:00
Andris Raugulis b8effe1462 Better output for OpenSSH patch-level. 2016-09-08 14:06:36 +03:00
Andris Raugulis 6d402819cb Recognize some Windows SSHd servers. 2016-09-07 19:40:30 +03:00
Andris Raugulis ac64f87327 Extract software (Dropbear, OpenSSH, HP iLO, Cisco) and OS (NetBSD, FreeBSD) from banner. 2016-09-07 19:26:33 +03:00
Andris Raugulis d07d5078cb Do not capture unnecessary regex groups. 2016-09-07 19:22:47 +03:00
Andris Raugulis c68211b8e7 Wait for server banner, before sending client banner (fixes Cisco sshd). 2016-09-07 14:32:40 +03:00
Andris Raugulis 280a37ba20 Protocol is numbers. 2016-09-07 13:00:53 +03:00
Andris Raugulis 2ae93b1934 Reduce multiple protocol prefixed banner. 2016-09-07 12:58:03 +03:00
Andris Raugulis 673b88b2b1 Select the least protocol if banner has double protocol. 2016-09-07 12:22:51 +03:00
Andris Raugulis 19ee986e3d Extract banner and recognize other SSH1 banners (e.g, 1.3-1.5). 2016-09-06 18:55:17 +03:00
Andris Raugulis f7cd4fd954 Better packet parsing error output (e.g., protocol mismatch). 2016-09-06 15:25:29 +03:00
Andris Raugulis 72b0c2e216 Document new arguments. 2016-09-02 18:08:15 +03:00
Andris Raugulis 0a5d66fcde Refactor KexDB. 2016-09-02 17:56:47 +03:00
Andris Raugulis fba6397721 Multiple style fixes (protector, veryhigh). 2016-09-02 17:22:00 +03:00
Andris Raugulis c759e53779 Batch implies Verbose. 2016-09-02 16:32:32 +03:00
Andris Raugulis 34ae7d9bec Fix typos. 2016-09-02 16:31:16 +03:00
Andris Raugulis 5189c341f3 Implement new features: minimum output level and batch output. 2016-09-02 16:25:57 +03:00
Andris Raugulis ef8d727356 Fix compatibility with Python 2.6. Fixes #3. 2016-08-30 15:09:59 +03:00
Andris Raugulis eb7cb4a36a Release v1.0.20160812. 2016-08-12 16:29:51 +03:00
Andris Raugulis d4d8c6a659 Parse pre-banner header. Handle sock read/write errors. 2016-08-12 16:20:32 +03:00
Andris Raugulis 07ca434061 Fix Dropbear SSH version typo. 2016-08-12 04:40:13 +03:00
Andris Raugulis 744aec76fb Finish implementing compatibility feature.
Fix wrong algorithm warning.
Stop on empty packet.
2016-08-12 04:28:46 +03:00
Andris Raugulis 6df21a9891 Implement compatibility checker (based on returned algorithms). 2016-08-11 19:40:10 +03:00
Andris Raugulis 4ba3485664 More output refactor. 2016-08-11 18:47:27 +03:00
Andris Raugulis 96da1af9ef Refactor result output. 2016-08-11 18:45:14 +03:00
Andris Raugulis 2c84824378 Update version number. 2016-08-03 17:35:35 +03:00
Andris Raugulis f82c9825d9 Add new key-exchange algorithms.
Use OpenSSH 7.3 banner.
2016-08-03 17:32:46 +03:00
Andris Raugulis 5af8859d6b Add initial code for Diffie-Hellman key exchange. 2016-04-01 18:37:20 +03:00
Andris Raugulis 926b78889e Add write buffer, implement ssh packet sending. Use shared block size. 2016-04-01 18:30:54 +03:00
Andris Raugulis b8201f2550 Add re-entrant banner retrieval method. 2016-04-01 18:19:18 +03:00
Andris Raugulis 06992d7da6 Refactor ssh connection within class for future improvements. 2016-04-01 17:56:06 +03:00
Andris Raugulis d834074378 Use OpenSSH 7.2 banner.
Add OpenSSH 7.2 warning messages.
Fix OpenSSH 7.0 failure messages.
Add forgotten failure on rijndael-cbc.
Bump version.
2016-03-07 12:58:13 +02:00
Andris Raugulis 6f70e328b2 Add warnings for encryption and MAC.
Add none cipher and MAC.
2016-01-05 18:02:05 +02:00
Andris Raugulis ca9baf80b8 Fail on unsafe elliptic curves. 2016-01-05 17:01:04 +02:00
Andris Raugulis e8fd13e2d8 Add warnings for Kex and Ciphers. 2016-01-05 16:58:42 +02:00
Andris Raugulis 9d4625d9a0 Version bump. 2016-01-05 14:12:03 +02:00
Andris Raugulis 122588cb00 Better compression handling. 2016-01-05 14:10:48 +02:00
Andris Raugulis c485ffb01e Ensure reading enough data. 2016-01-05 14:10:02 +02:00
Andris Raugulis 716b6acaaa Version bump. 2015-12-30 13:09:42 +02:00
Andris Raugulis 92e6aabcc8 Add Dropbear SSH historical information. 2015-12-30 13:07:50 +02:00
Andris Raugulis f15f7dac23 Add support for dropbear sshd:
- send client banner first
- use data read in first chunk (buffer data)
2015-12-29 17:28:08 +02:00
Andris Raugulis 8ac2750cca Remove unused variable. 2015-12-23 06:02:20 +02:00
Andris Raugulis 3fccc44bc7 Import source. 2015-12-23 05:01:24 +02:00