Commit Graph

106 Commits

Author SHA1 Message Date
Joe Testa
0a6ac5de54 Updated CVE vulnerability flag. 2022-02-21 21:51:35 -05:00
Alexandre ZANNI
1bdf7029b4
add a bunch of openssh CVEs (#126) 2022-02-21 21:41:44 -05:00
Joe Testa
5fbcb1b90f Added 24 new key exchanges: 'ecdh-sha2-1.3.132.0.1', 'ecdh-sha2-1.2.840.10045.3.1.1', 'ecdh-sha2-1.3.132.0.33', 'ecdh-sha2-1.3.132.0.26', 'ecdh-sha2-1.3.132.0.27', 'ecdh-sha2-1.2.840.10045.3.1.7', 'ecdh-sha2-1.3.132.0.16', 'ecdh-sha2-1.3.132.0.34', 'ecdh-sha2-1.3.132.0.36', 'ecdh-sha2-1.3.132.0.37', 'ecdh-sha2-1.3.132.0.35', 'ecdh-sha2-1.3.132.0.38', 'ecdh-sha2-4MHB+NBt3AlaSRQ7MnB4cg==', 'ecdh-sha2-5pPrSUQtIaTjUSt5VZNBjg==', 'ecdh-sha2-VqBg4QRPjxx1EXZdV0GdWQ==', 'ecdh-sha2-zD/b3hu/71952ArpUG4OjQ==', 'ecdh-sha2-qCbG5Cn/jjsZ7nBeR7EnOA==', 'ecdh-sha2-9UzNcgwTlEnSCECZa7V1mw==', 'ecdh-sha2-wiRIU8TKjMZ418sMqlqtvQ==', 'ecdh-sha2-qcFQaMAMGhTziMT0z+Tuzw==', 'ecdh-sha2-m/FtSAmrV4j/Wy6RVUaK7A==', 'ecdh-sha2-D3FefCjYoJ/kfXgAyLddYA==', 'ecdh-sha2-h/SsxnLCtRBh7I9ATyeB3A==', 'ecdh-sha2-mNVwCXAoS1HGmHpLvBC94w=='. 2021-10-20 22:25:20 -04:00
Joe Testa
4ace52a190 Now prints a more user-friendly error message when installed as a Snap package and permission errors are encountered. Updated the Snap build process as well. 2021-10-14 23:56:03 -04:00
tomatohater1337
1f0b3acff2
Complete "target" in the JSON output with the port (#123)
* Complete "target" in JSON output with the port

The JSON output was not showing the port of the target which was scanned. This could be problematic when scanning a host with more than one ssh service running.

* Docker tests completet with the port of the scan target in the JSON output
2021-10-13 23:44:55 -04:00
Joe Testa
9f87acfc74 Bumped version to v2.6.0-dev. 2021-08-27 11:25:27 -04:00
a1346054
597b500eba
Minor cleanups (#116)
* docker_test.sh: fix shellcheck warnings

* docker_test.sh: unify style

No changes in functionality.

* docker_test.sh: whitespace fixes

* stop mixing tabs and spaces
* remove trailing whitespace

* invoke bash using /usr/bin/env

* build_windows_executable.sh: fix variable assignment

* update_windows_man_page.sh: unify style

No changes in functionality.

* whitespace fixes

* stop mixing tabs and spaces
* remove trailing whitespace

* fix spelling

* remove trailing whitespace
2021-08-27 11:19:18 -04:00
Joe Testa
4f2f995b62 Bumped version to v2.5.0. 2021-08-26 15:24:34 -04:00
Joe Testa
e7d320f602 Fixed new pylint warnings. 2021-08-25 13:28:30 -04:00
Joe Testa
682cb66f85 Added OpenSSH v8.6 & v8.7 policies. 2021-08-25 12:30:38 -04:00
Joe Testa
076681a671 Added 3 new key exchanges: gss-gex-sha1-eipGX3TCiQSrx573bT1o1Q==, gss-group1-sha1-eipGX3TCiQSrx573bT1o1Q==, gss-group14-sha1-eipGX3TCiQSrx573bT1o1Q== 2021-07-08 10:18:25 -04:00
Joe Testa
98a1fb0315 Added two new MACs: 'AEAD_AES_128_GCM', and 'AEAD_AES_256_GCM'. 2021-06-28 21:59:41 -04:00
Joe Testa
45da9f20ae Added 'rsa-sha2-512' and 'rsa-sha2-256' to OpenSSH 8.1 (and earlier) policies. 2021-05-31 15:49:56 -04:00
Joe Testa
aa21df29e7 Now handles exceptions during server KEX parsing more gracefully. 2021-05-24 19:50:25 -04:00
Joe Testa
32ed9242af Now prints JSON with indents when is used (useful for debugging). 2021-05-20 19:04:35 -04:00
Joe Testa
07862489c4 Added MD5 fingerprint hashes to verbose output. 2021-05-20 18:03:24 -04:00
Joe Testa
e508a963e7 Added 1 new MAC: hmac-ripemd160-96. 2021-05-20 14:17:37 -04:00
Joe Testa
8e9fe20fac SSH_Socket's constructor now takes an OutputBuffer for verbose & debugging output. 2021-03-02 11:25:37 -05:00
thecliguy
83bd049486
Debug Logging and visibility of SSH Connection errors (#99)
* Debug Logging and visibility of SSH Connection errors

* Updated date in man page
2021-03-02 11:06:40 -05:00
Joe Testa
c483fe1861 Fixed a crash while doing host key tests. 2021-02-26 16:01:30 -05:00
Joe Testa
f96c0501e9 Bumped version number. 2021-02-23 20:39:18 -05:00
Joe Testa
b300ad1252 Refactored IPv4/6 preference logic to fix pylint warnings. 2021-02-23 16:05:01 -05:00
Joe Testa
1bbc3feb57 Added OpenSSH 8.5 built-in policy. Added sntrup761x25519-sha512@openssh.com kex. 2021-02-23 16:02:20 -05:00
thecliguy
8a8c284d9a
Colour no longer disabled on older vers of Windows. If ssh-audit invoked with a manual parameter and the colorama library was not imported then colour output is disabled. (#95) 2021-02-18 14:52:08 -05:00
Joe Testa
1b7cfbec71 Disable color output on Windows 8 and Windows Server 2012. 2021-02-06 11:03:39 -05:00
Joe Testa
ef831d17e0 When -n/--no-colors is used, strip out color from Windows man page. 2021-02-05 21:45:56 -05:00
Joe Testa
36094611ce Fixed unicode errors when printing the man page on Windows. 2021-02-05 20:39:12 -05:00
Joe Testa
11e2e77585 Simplified Windows man page processing. Added Cygwin support to update_windows_man_page.sh. 2021-02-05 16:25:04 -05:00
thecliguy
090b5d760b
Man Page on Windows (#93)
* Man Page on Windows

* Corrected typo in update_windows_man_page.sh

* Check that the 'sed' (stream editor) binary exists
2021-02-05 15:43:50 -05:00
Joe Testa
e0f0956edc Added extra warnings for SSHv1. (#6) 2021-02-02 12:20:37 -05:00
Joe Testa
c49a0fb22f Upgraded SHA-1 key signatures from warnings to failures. Added deprecation warning to ssh-rsa-cert-v00@openssh.com, ssh-rsa-cert-v01@openssh.com, x509v3-sign-rsa, and x509v3-ssh-rsa host key types. 2021-02-01 19:19:46 -05:00
thecliguy
dbe14a075e
Added future deprecation notice of ssh-rsa (#92) 2021-02-01 13:17:46 -05:00
Joe Testa
13d15baa2a Added multi-threaded scanning support. 2021-02-01 13:10:06 -05:00
Joe Testa
bbb81e24ab Streamlined sending of KEXINIT messages. 2021-01-21 11:23:40 -05:00
Joe Testa
60de5e55cb Transformed comment type annotations to variable declaration annotations. 2021-01-21 10:20:48 -05:00
Joe Testa
1ba4c7c7ca Send KEX before reading server's KEX during host key and GEX tests; this prevents deadlock against certain server implementations. 2021-01-20 15:27:38 -05:00
Joe Testa
338ffc5adb Fixed crash when receiving unexpected response during host key test. 2020-11-05 20:29:39 -05:00
Joe Testa
52d1e8f27b Fixed pylint warning. 2020-11-05 20:28:14 -05:00
Joe Testa
0d9881966c Added version check for OpenSSH user enumeration (CVE-2018-15473). (#83) 2020-11-05 20:24:09 -05:00
Joe Testa
5c8dc5105b Bumped version number. 2020-11-05 20:16:35 -05:00
Joe Testa
81ae0eb8f7 Bumped version. 2020-10-28 19:25:11 -04:00
thecliguy
a3e4f9dbaa
Added similar algorithm suggestions to --lookup (#80) 2020-10-28 11:56:12 -04:00
Joe Testa
0cb3127482 Fixed pylint warnings. 2020-10-21 19:36:43 -04:00
Joe Testa
f0db035044 Now prints a graceful error message when policy file is not found. 2020-10-20 23:26:21 -04:00
Joe Testa
1730126af8 Removed 'ssh-rsa-cert-v01@openssh.com' from built-in policies. 2020-10-20 23:19:56 -04:00
Joe Testa
175bd2cf66 Fixed recommendation output function from suppressing some algorithms inappropriately. 2020-10-20 21:34:34 -04:00
Joe Testa
619efc7349 Flag 'ssh-rsa-cert-v01@openssh.com' as unsafe due to SHA-1 hash. 2020-10-20 17:39:34 -04:00
Joe Testa
ec48249deb Now reports policy errors in an easier to read format. (#63) 2020-10-20 16:25:39 -04:00
Joe Testa
ec76dac2fc Suppressed pylint warning. 2020-10-20 16:21:56 -04:00
Joe Testa
240b705d61 OpenSSH-portable patch level 1 now considered equivalent to stock OpenBSD version. 2020-10-20 13:17:32 -04:00
Joe Testa
83d8014a50 Fixed OpenSSH patch version comparison. (#74) 2020-10-19 18:49:52 -04:00
Joe Testa
8fa3a12057 Parse public key sizes for 'rsa-sha2-256-cert-v01@openssh.com' and 'rsa-sha2-512-cert-v01@openssh.com' host key types. Include expected CA key sizes in built-in policies. 2020-10-19 17:42:12 -04:00
Joe Testa
046c866da4 Moved built-in policies from external files to internal database. (#75) 2020-10-19 17:27:37 -04:00
Joe Testa
1a5c0e7fad Split ssh_audit.py into separate files (#47). 2020-10-15 14:34:23 -04:00
Joe Testa
6497213900 Fixed docker tests. 2020-10-11 14:41:58 -04:00
Ganden Schaffner
b15664929f
Improve PyPI packaging (#71)
* Move files for better setup.py packaging

* Update setup.py and configs for src layout

* Run tests on setup.py build

In effect, this tests that the setup.py configuration is correct.

coverage combine and coverage:paths are added to keep the displayed
coverage paths as src/ssh_audit/*.py instead of
.tox/$envname/**/site-packages/ssh_audit/*.py

* Remove unnecessary encoding declarations

Python 3 defaults to UTF-8 encoding.
https://docs.python.org/3/reference/lexical_analysis.html#encoding-declarations

* Remove shebang from colorama type stubs

Shouldn't need to be an executable.
Related: git has this file tracked as chmod -x.
2020-10-11 14:03:02 -04:00