Joe Testa
28a1e23986
Added warnings to all key exchanges that do not provide protection against quantum attacks.
2024-11-25 15:56:51 -05:00
Joe Testa
a01baadfa8
Additional cleanups after merging #304 .
2024-11-22 12:28:02 -05:00
oam7575
45abc3aaf4
Argparse v3 - RC1 ( #304 )
...
* Argparse v3 - RC1
* Argparse v3 - RC1
Argparse v3 RC1 - post feedback
Argparse v3 - RC2
2024-11-22 12:26:20 -05:00
Joe Testa
99c64787d9
Updated description of -m option.
2024-10-16 16:39:11 -04:00
Joe Testa
3fa62c3ac5
Fixed man page parsing error. ( #301 )
2024-10-16 16:23:20 -04:00
Joe Testa
d7fff591fa
Bumped version to v3.4.0-dev.
2024-10-15 18:30:08 -04:00
Joe Testa
84647ecb32
Updated packaging notes.
2024-10-15 18:29:25 -04:00
Joe Testa
772204ce8b
Bumped version to v3.3.0.
2024-10-15 13:28:38 -04:00
Joe Testa
c0133a8d5f
Listing built-in policies will now hide older versions, unless -v is used.
2024-10-11 15:43:09 -04:00
Joe Testa
3220043aaf
Added note regarding hardening instructions.
2024-10-10 16:10:52 -04:00
Joe Testa
40ed92bbe6
Run tests against stable version of Python 3.13.
2024-10-10 16:06:18 -04:00
Joe Testa
720150b471
Issue a warning if an out-dated policy is used.
2024-10-10 15:57:29 -04:00
Joe Testa
d0628f6eb4
Updated ext-info-c and ext-info-s key exchanges to include versions of OpenSSH they were first included in. ( #291 )
2024-10-07 17:41:39 -04:00
Joe Testa
1e060a94c0
Updated built-in server and client policies for Amazon Linux 2023.
2024-10-01 18:15:02 -04:00
Joe Testa
8563c2925b
Updated built-in client policy for Debian 12.
2024-10-01 17:48:49 -04:00
Joe Testa
556306be5e
Updated built-in client policy for Rocky Linux 9.
2024-10-01 17:39:42 -04:00
Joe Testa
7ab6d20454
Updated built-in client policy for Ubuntu 22.04.
2024-10-01 17:32:49 -04:00
Joe Testa
1f1a51d591
Updated Ubuntu 22.04 built-in policy.
2024-10-01 17:06:03 -04:00
Joe Testa
77a63de133
Updated Rocky Linux 9 built-in policy.
2024-10-01 16:21:23 -04:00
Joe Testa
cffa126277
Updated Debian 12 built-in policy. ( #283 )
2024-10-01 15:01:44 -04:00
Joe Testa
dc615cef7f
Fixed DH rate testing on Windows. ( #261 )
2024-09-28 18:39:55 -04:00
Joe Testa
cb6142c609
Ignore mypy errors on colorama import.
2024-09-28 17:43:32 -04:00
Joe Testa
629008e55e
Updated test commands.
2024-09-26 18:34:40 -04:00
Joe Testa
016a5d89f7
Updated Github Actions workflow to use Tox through pip instead of the platform version.
2024-09-26 18:31:21 -04:00
Joe Testa
93b30b4258
Removed version-based CVE information. ( #240 )
2024-09-26 13:15:58 -04:00
Joe Testa
3b8a75e407
Server kex/host key parsing failures no longer output a stack trace unless in debug mode.
2024-09-25 17:34:18 -04:00
Joe Testa
67e11f82b3
Updated --targets description.
2024-09-25 17:12:16 -04:00
Joe Testa
2cd96f1785
Ensure ECDSA and DSS fingerprints are only output in verbose mode. Clean up Docker tests from merge of #286 .
2024-09-25 17:05:17 -04:00
Daniel Lenski
a4b78b752e
Enable HostKeyTest to extract ECDSA and DSA keys ( #286 )
...
Their certificate-embedded counterparts are enabled as well.
As with RSA, it *is* possible for DSA keys to be of variable length (not
just 1024 bits), so I've added `{'variable_key_len': True}` to the relevant
`HOST_KEY_TYPES` entries, although this key-value pair is otherwise unused.
2024-09-25 16:57:03 -04:00
Joe Testa
ac540c8b5f
Created FUNDING.yml.
2024-09-25 16:20:45 -04:00
Joe Testa
e11492b7a3
Updated shields.
2024-09-25 16:07:01 -04:00
Joe Testa
02bc48c574
Bumped supported Python range.
2024-09-25 14:18:41 -04:00
Joe Testa
24d7d46c42
Updated PyPI downloads shield.
2024-09-25 10:05:35 -04:00
Joe Testa
e97bbd9782
Added Python 3.13 support.
2024-09-24 18:20:07 -04:00
Joe Testa
6d57c7c0f7
The -p/--port option will now set the default port for multi-host scans (specified with -T/--targets). ( #294 )
2024-09-24 16:42:53 -04:00
Joe Testa
ea3258151e
Fixed invalid JSON output when a socket error occurs while performing a client audit. ( #295 )
2024-09-24 15:48:14 -04:00
Joe Testa
f9032c8277
Added built-in policy for OpenSSH 9.9.
2024-09-24 15:05:05 -04:00
Joe Testa
d7398baad7
Added two new key exchanges: mlkem768x25519-sha256, sntrup761x25519-sha512.
2024-09-19 17:40:49 -04:00
Joe Testa
4621d52223
Updated unknown algorithm message.
2024-09-19 17:01:37 -04:00
Joe Testa
2a7cb13895
Added grasshopper-ctr128 cipher.
2024-09-18 17:59:45 -04:00
Joe Testa
06ebdbd0fe
Updated README.
2024-08-26 16:46:34 -04:00
Drew Noel
7752023dc2
Switch connect_ex
result checks to use errno
lookups ( #289 )
...
* Switch connect_ex result checks to errno lookups
* Return errno strings, clean up comment
2024-08-26 16:38:44 -04:00
Joe Testa
a6f02ae8e8
Added debugging output for key exchanges.
2024-08-26 16:25:32 -04:00
Joe Testa
9049c8476a
Updated README.
2024-07-06 21:01:19 -04:00
Daniel Lenski
bbbdf71e50
Recognize LANcom LCOS software and support ed448 key extraction ( #277 )
...
* Include raw hostkey bytes in debug output
* Recognize LANcom LCOS software and support extraction of ssh-ed448 key type
LANcom router devices appear to be primarily used in Germany (see [1]
for examples on the public Internet), and they appear to support the
`ssh-ed448` key type which is documented in [2], but which has never
been supported by any as-yet-released version of OpenSSH.
[1] https://www.shodan.io/search?query=ssh+%22ed448%22
[2] https://datatracker.ietf.org/doc/html/rfc8709#name-public-key-format
2024-07-06 20:56:24 -04:00
Joe Testa
92db5f0138
Updated docker tests and README due to merge of PR #281 .
2024-07-05 10:53:00 -04:00
dreizehnutters
bc2a89eb11
fix for https://github.com/jtesta/ssh-audit/issues/280 ( #281 )
...
* fix for https://github.com/jtesta/ssh-audit/issues/280
* changed json format to min. the damage for a change
2024-07-05 10:49:16 -04:00
Joe Testa
ea117b203b
Updated README.
2024-07-05 10:16:06 -04:00
Daniel Lenski
d8f8b7c57c
Make HostKeyTest class reusable ( #278 )
...
Because the `HostKeyTest` class was mutating its static/global
`HOST_KEY_TYPES` dict, this class could not actually be used more than once
in a single thread!
Rather than mutate this dict after parsing each key type
(`HOST_KEY_TYPES[host_key_type]['parsed'] = True`), the `perform_test`
method should simple add the parsed key types to a local `set()`.
2024-07-05 10:11:18 -04:00
Joe Testa
e42961fa9a
Added built-in policy for OpenSSH 9.8.
2024-07-02 21:31:36 -04:00