Commit Graph

382 Commits

Author SHA1 Message Date
Ganden Schaffner b15664929f
Improve PyPI packaging (#71)
* Move files for better setup.py packaging

* Update setup.py and configs for src layout

* Run tests on setup.py build

In effect, this tests that the setup.py configuration is correct.

coverage combine and coverage:paths are added to keep the displayed
coverage paths as src/ssh_audit/*.py instead of
.tox/$envname/**/site-packages/ssh_audit/*.py

* Remove unnecessary encoding declarations

Python 3 defaults to UTF-8 encoding.
https://docs.python.org/3/reference/lexical_analysis.html#encoding-declarations

* Remove shebang from colorama type stubs

Shouldn't need to be an executable.
Related: git has this file tracked as chmod -x.
2020-10-11 14:03:02 -04:00
Joe Testa 1b0446344c Deleted deepsource config. (#70) 2020-10-01 20:04:54 -04:00
Jürgen Gmach cd58a6180f
Remove unused variables (#68)
When you get multiple values from unpacking, and you do not need all of
them, there is the convention to assign `_` to the unused ones.

modified:   ssh-audit.py
2020-10-01 19:48:07 -04:00
Joe Testa ca4ebc56f9 Docker images are now pulled from Dockerhub by default. 2020-10-01 19:42:48 -04:00
Joe Testa 2a87860e84 Added 1 new cipher: des-cbc@ssh.com. Bumped version. 2020-09-29 15:03:41 -04:00
Joe Testa 6067da6793 Updated packaging notes and snap build process. 2020-09-29 10:24:36 -04:00
Joe Testa c8a1db33c8 Fixed pylint warnings regarding bad indendation. 2020-09-28 13:56:39 -04:00
Joe Testa 32684ddc84 Removed reference to deleted dev branch. 2020-09-28 13:51:18 -04:00
Joe Testa da4f114b9c Updated Windows build instructions. 2020-09-27 19:32:23 -04:00
Joe Testa dc0a959402 Use brighter colors on Windows for better readability. Disable unicode characters on Windows since the default terminal does not display them properly. 2020-09-27 19:29:29 -04:00
Joe Testa eb1588ddc7 Added release date for v2.3.0. Added link for policy tutorial. 2020-09-27 17:12:10 -04:00
Joe Testa b7d698d743 Added policy for hardened OpenSSH v8.4. 2020-09-27 17:04:43 -04:00
Joe Testa b0c00749a6 Improved formatting of usage examples. Added link to web front-end. 2020-09-27 13:24:37 -04:00
Joe Testa 6e3e8bac74 Added policy audit examples and additional usage examples. 2020-09-27 13:13:38 -04:00
Joe Testa 632adc076a Policy check output now prints port number, if applicable. 2020-09-27 11:48:15 -04:00
Joe Testa 13b065b316 Added CONTRIBUTING.md (#54). 2020-09-26 22:06:49 -04:00
Joe Testa a7581e07dc Added explicit statement regarding fork (#58). 2020-09-26 20:14:29 -04:00
Joe Testa 4cae6aff43 Added 6 new host key types: 'spi-sign-rsa', 'ssh-ed448', 'x509v3-ecdsa-sha2-nistp256', 'x509v3-ecdsa-sha2-nistp384', 'x509v3-ecdsa-sha2-nistp521', 'x509v3-rsa2048-sha256'. Added 5 new key exchanges: 'gss-group14-sha256-', 'gss-group15-sha512-', 'gss-group16-sha512-', 'gss-nistp256-sha256-', 'gss-curve25519-sha256-'. 2020-09-26 19:32:19 -04:00
Joe Testa 3e20f7c622 Fixed optional host key values. 2020-08-12 15:26:18 -04:00
Joe Testa 1123ac718c Send peer a list of supported algorithms after the banner exchange. Fixes not only the weird case of an ssh-audit client hanging against an ssh-audit server, but perhaps some real-world hangs as well. 2020-08-11 20:11:42 -04:00
Joe Testa 6d84cfdc31 Updated program return values for various connection error instances and unknown errors. 2020-08-11 19:45:59 -04:00
Joe Testa c7ad1828d8 Fixed return value processing and mypy warning in algorithm_lookup(). Updated help listing, man page, and README. 2020-08-11 19:28:53 -04:00
thecliguy 86cb453928
Algorithm lookup (#53)
* Adding ssh-audit.py to algorithm_lookup_branch

* Removed the use of an error handler from algorithm_lookup and implemented suggestions made by jugmac00 and jtesta
2020-08-11 19:02:35 -04:00
Joe Testa 0c00b37328 Added .deepsource.toml for DeepSource integration. 2020-07-30 12:08:18 -04:00
Joe Testa 936acfa37d Added more structure to JSON result when policy errors are found. 2020-07-29 12:36:08 -04:00
Joe Testa b5d7f73125 When an unexpected exit code is returned, print more debugging info. 2020-07-29 12:31:24 -04:00
Joe Testa 6a7bed06d7 Added two new key exchanges: 'kexAlgoCurve25519SHA256' and 'Curve25519SHA256'. 2020-07-28 21:17:29 -04:00
Joe Testa 41e69dd6f2 Alphabetized options in usage message and README. 2020-07-16 12:07:02 -04:00
Joe Testa 25faeb4c59 Added new man page. 2020-07-16 11:48:35 -04:00
Joe Testa 8051078524 When a list of targets is provided (-T), skip empty lines. 2020-07-16 10:19:36 -04:00
Joe Testa cf815a6652 Added hardened OpenSSH policies. 2020-07-15 14:35:18 -04:00
Joe Testa 2d4eb7da28 Renamed policies to include 'Hardened' in title. 2020-07-15 14:33:10 -04:00
Joe Testa 68a420ff00 Added policy support for optional host key types, like certificates and smart card-based types. 2020-07-15 14:32:14 -04:00
Joe Testa 17f5eb0b38 Added -L option to list built-in policies. 2020-07-14 19:38:10 -04:00
Joe Testa b95969bbc0 Policy output now more clearly prints the policy version. 2020-07-14 17:38:15 -04:00
Joe Testa 00ce44e728 Added Ubuntu client policies. 2020-07-14 17:18:35 -04:00
Joe Testa 8fb07edafd Added 'client policy' field in policy files to distinguish server from client policies. 2020-07-14 17:14:47 -04:00
Joe Testa b27d768c79 Print client IP in output when doing policy audits. 2020-07-14 14:01:08 -04:00
Joe Testa cb54c2bf33 Moved Windows build instructions to packages directory. 2020-07-14 11:03:35 -04:00
Joe Testa 85f14720cb Added 3 new host keys: ssh-gost2001, ssh-gost2012-256, and ssh-gost2012-512. 2020-07-14 10:43:18 -04:00
Jürgen Gmach 1410894f45
Update description for `targets` argument (#48)
`targets` takes a file containing a list of target hosts, one on each
line.

Added required format, ie HOST:PORT.

modified:   ssh-audit.py
2020-07-14 10:35:54 -04:00
Joe Testa 381ba1a660 Now supports a list of targets with -T (#11). 2020-07-13 18:39:05 -04:00
Joe Testa 8e3f3c6044 Updated PyPI notes. 2020-07-11 12:42:11 -04:00
Joe Testa f80e3f22ce Now returns -1 when an uncaught exception is found. 2020-07-07 16:31:44 -04:00
Joe Testa 49bd2c96a8 Added return values for standard scans. 2020-07-07 15:56:37 -04:00
Joe Testa 103b8fb934 Added official policies for hardened Ubuntu 16.04, 18.04, and 20.04. 2020-07-06 16:16:52 -04:00
Joe Testa 1faa24ad86 Do not accidentally overwrite policies when creating new policy with -M. 2020-07-06 16:15:26 -04:00
Joe Testa adc1007d7d Mark 'gss-group1-sha1-' kex as failure due to 1024-bit modulus. 2020-07-04 09:41:46 -04:00
Jürgen Gmach 8a406dd9d2
Simplify `mypy` config (#45)
Instead of specifying stricter checks one by one, just run `mypy` in
`strict` mode.

modified:   tox.ini
2020-07-04 09:39:43 -04:00
Joe Testa d717f86238 Added check for use-after-free vulnerability in PuTTY v0.73. 2020-07-03 15:07:34 -04:00