ssh-audit

Commit Graph

Author	SHA1	Message	Date
Andris Raugulis	fabb4b5bb2	Add static typing and refactor code to pass all mypy checks. Move Python compatibility types to first lines of code. Add Python (text/byte) compatibility helper functions. Check for SSH banner ASCII validity.	2016-10-19 20:47:13 +03:00
Andris Raugulis	8ca6ec591d	Handle the case when received data is in wrong encoding (not utf-8).	2016-10-18 09:45:03 +03:00
Andris Raugulis	6b76e68d0d	Fix wrongly introduced Python 3 incompatibility. Fixes #14 and #15 . Add static type checks via mypy (optional static type checker), Add relevant tests, which could trigger the issue.	2016-10-17 20:31:13 +03:00
Andris Raugulis	c9d58bb827	Switch to new development version.	2016-10-14 09:14:07 +03:00
Andris Raugulis	e60d4ff809	Add kex/pkm payload generation.	2016-10-13 17:53:39 +03:00
Andris Raugulis	93b908f890	Fix error output.	2016-10-13 17:53:01 +03:00
Andris Raugulis	f1e8231b67	Make usage's output independent.	2016-10-10 12:42:01 +03:00
Andris Raugulis	84ac5a30ab	Decouple AuditConf from Output.	2016-10-07 19:55:31 +03:00
Andris Raugulis	705bedd608	Do not output empty algorithm.	2016-10-06 16:22:09 +03:00
Andris Raugulis	4b456dd01e	Return level name, not level itself (make consistent with setter).	2016-10-06 15:18:39 +03:00
Andris Raugulis	301a27ae27	Wrap utils in single class.	2016-10-06 14:36:30 +03:00
Andris Raugulis	76f49d4016	Output unicode not bytes in Python3.	2016-10-06 03:42:43 +03:00
Andris Raugulis	ec0b4704e9	Move Kex to SSH2.	2016-10-06 02:59:15 +03:00
Andris Raugulis	a193059bc9	Lazy CRC32 initialization.	2016-10-05 14:56:36 +03:00
Andris Raugulis	7959c7448a	Fix and update write buffer. Add buffer tests.	2016-10-05 06:06:26 +03:00
Andris Raugulis	262c65b7be	Fix version comparison and update tests.	2016-10-05 04:09:50 +03:00
Andris Raugulis	407ddbd7ea	Cosmetic whitespace fix.	2016-10-05 03:31:03 +03:00
Andris Raugulis	aee949a717	Fix software representation. Add software tests.	2016-10-05 03:27:43 +03:00
Andris Raugulis	489a24c564	Fix banner protocol (1.99) recognition and clean banner comments. Add banner tests.	2016-10-05 03:25:54 +03:00
Andris Raugulis	5269b63e64	Weigh faults to recommend lesser evil. Colorize recommendations.	2016-10-04 11:14:03 +03:00
Andris Raugulis	5de7b913fd	Recognize libssh (software, history, compatibility, security, etc). Closes #8 .	2016-10-04 10:27:27 +03:00
Andris Raugulis	0c98bc1397	If software is not recognized, output recommendations based on compatibility.	2016-10-03 00:29:28 +03:00
Andris Raugulis	f25e6caa2a	Implement algorithm recommendations sections.	2016-09-28 17:03:38 +03:00
Andris Raugulis	29a0bb86fa	Refactor algorithm pair/set reuse.	2016-09-28 17:01:37 +03:00
Andris Raugulis	1fda7b2a3e	Support simple software output (without patch).	2016-09-28 16:58:58 +03:00
Andris Raugulis	7d5f74810b	Back to development version.	2016-09-20 12:36:14 +03:00
Andris Raugulis	e9b9a457dd	Release 1.5.0.	2016-09-20 12:26:14 +03:00
Andris Raugulis	4dcf1c91cd	Bump version.	2016-09-17 20:37:48 +03:00
Andris Raugulis	3421c8e294	Output fingerprint (defaults to SHA256 format).	2016-09-17 20:37:03 +03:00
Andris Raugulis	684ea315ec	Shorten variables.	2016-09-17 20:24:53 +03:00
Andris Raugulis	a70b93862a	Output SSH1 host-key algorithm.	2016-09-17 20:21:18 +03:00
Andris Raugulis	b16ef4d040	Add fingerprint support.	2016-09-17 20:15:47 +03:00
Andris Raugulis	5bc31ea70c	Implement SSH1 support (cipher, auth, compatibility, texts, etc) #6 .	2016-09-17 20:15:21 +03:00
Andris Raugulis	fce491767c	Signed mpint.	2016-09-17 19:23:24 +03:00
Andris Raugulis	ddc5ea22f5	Refactor algorithm functions.	2016-09-17 05:38:11 +03:00
Andris Raugulis	adba0ea08a	Refactor timeframe and compatibility functions.	2016-09-17 00:58:06 +03:00
Andris Raugulis	11ee9ecd05	Fix output compatibility for ssh client.	2016-09-17 00:35:33 +03:00
Andris Raugulis	a861fe0c8a	Since text could be empty or client-only.	2016-09-17 00:30:04 +03:00
Andris Raugulis	f6a6fb98bc	Recognize Allegro Software RomSShell.	2016-09-16 16:09:49 +03:00
Andris Raugulis	cb19718568	Add SSH1 and SSH2 forcing options. By default, both are allowed.	2016-09-16 14:55:27 +03:00
Andris Raugulis	9030e71892	Initial SSH1 support (packet reading, SMSG_PUBLIC_KEY, CRC32, etc) #6 .	2016-09-15 18:00:09 +03:00
Andris Raugulis	d6980242ba	Pyython 2.6 compatible bit length.	2016-09-15 15:55:27 +03:00
Andris Raugulis	285d7280eb	Implement mpint1 read/write. Optimize mpint writing. Test mpint1.	2016-09-15 06:09:08 +03:00
Andris Raugulis	089d7d597c	Implement mpint2 read/write and tests. Refactor (Read\|Write)Buf.	2016-09-14 16:33:38 +03:00
Andris Raugulis	bfa9e6f936	Do not hang when remote host closes connection fast. Fix security output.	2016-09-13 13:17:41 +03:00
Andris Raugulis	e3559a76b8	Differentiate between server and client security issues. Ignore client-side.	2016-09-13 13:01:38 +03:00
Andris Raugulis	4479db966a	Implement OpenSSH version comparison.	2016-09-13 12:38:05 +03:00
Andris Raugulis	3aaad8b734	Implement specific Dropbear SSH version comparison (e.g., 0.44 vs 0.44test3).	2016-09-12 19:21:57 +03:00
Andris Raugulis	e8fd70a541	Fix Software __repr__.	2016-09-09 17:43:25 +03:00
Andris Raugulis	b11018bd7d	Add other security information. Add remote root exploit for Dropbear SSH.	2016-09-08 20:04:48 +03:00
Andris Raugulis	864b5dae85	Bump version.	2016-09-08 19:01:17 +03:00
Andris Raugulis	bdee87c7d3	Do not use padding, when outputting in batch mode.	2016-09-08 19:00:35 +03:00
Andris Raugulis	2747907784	Consistent output for compression.	2016-09-08 18:52:38 +03:00
Andris Raugulis	243e4db74f	Create security section. Add CVE for Dropbear SSH.	2016-09-08 18:50:19 +03:00
Andris Raugulis	13d945d8df	Fix: Do not hang, while reading banner.	2016-09-08 15:01:57 +03:00
Andris Raugulis	dbcc0f2c4f	Do not repeat strings, use constants. Also, encapsulate MSG constants.	2016-09-08 14:55:58 +03:00
Andris Raugulis	3f6a8eb7ba	Specify order for compatibility output.	2016-09-08 14:10:39 +03:00
Andris Raugulis	b8effe1462	Better output for OpenSSH patch-level.	2016-09-08 14:06:36 +03:00
Andris Raugulis	6d402819cb	Recognize some Windows SSHd servers.	2016-09-07 19:40:30 +03:00
Andris Raugulis	ac64f87327	Extract software (Dropbear, OpenSSH, HP iLO, Cisco) and OS (NetBSD, FreeBSD) from banner.	2016-09-07 19:26:33 +03:00
Andris Raugulis	d07d5078cb	Do not capture unnecessary regex groups.	2016-09-07 19:22:47 +03:00
Andris Raugulis	c68211b8e7	Wait for server banner, before sending client banner (fixes Cisco sshd).	2016-09-07 14:32:40 +03:00
Andris Raugulis	280a37ba20	Protocol is numbers.	2016-09-07 13:00:53 +03:00
Andris Raugulis	2ae93b1934	Reduce multiple protocol prefixed banner.	2016-09-07 12:58:03 +03:00
Andris Raugulis	673b88b2b1	Select the least protocol if banner has double protocol.	2016-09-07 12:22:51 +03:00
Andris Raugulis	19ee986e3d	Extract banner and recognize other SSH1 banners (e.g, 1.3-1.5).	2016-09-06 18:55:17 +03:00
Andris Raugulis	f7cd4fd954	Better packet parsing error output (e.g., protocol mismatch).	2016-09-06 15:25:29 +03:00
Andris Raugulis	72b0c2e216	Document new arguments.	2016-09-02 18:08:15 +03:00
Andris Raugulis	0a5d66fcde	Refactor KexDB.	2016-09-02 17:56:47 +03:00
Andris Raugulis	fba6397721	Multiple style fixes (protector, veryhigh).	2016-09-02 17:22:00 +03:00
Andris Raugulis	c759e53779	Batch implies Verbose.	2016-09-02 16:32:32 +03:00
Andris Raugulis	34ae7d9bec	Fix typos.	2016-09-02 16:31:16 +03:00
Andris Raugulis	5189c341f3	Implement new features: minimum output level and batch output.	2016-09-02 16:25:57 +03:00
Andris Raugulis	ef8d727356	Fix compatibility with Python 2.6. Fixes #3 .	2016-08-30 15:09:59 +03:00
Andris Raugulis	eb7cb4a36a	Release v1.0.20160812.	2016-08-12 16:29:51 +03:00
Andris Raugulis	d4d8c6a659	Parse pre-banner header. Handle sock read/write errors.	2016-08-12 16:20:32 +03:00
Andris Raugulis	07ca434061	Fix Dropbear SSH version typo.	2016-08-12 04:40:13 +03:00
Andris Raugulis	744aec76fb	Finish implementing compatibility feature. Fix wrong algorithm warning. Stop on empty packet.	2016-08-12 04:28:46 +03:00
Andris Raugulis	6df21a9891	Implement compatibility checker (based on returned algorithms).	2016-08-11 19:40:10 +03:00
Andris Raugulis	4ba3485664	More output refactor.	2016-08-11 18:47:27 +03:00
Andris Raugulis	96da1af9ef	Refactor result output.	2016-08-11 18:45:14 +03:00
Andris Raugulis	2c84824378	Update version number.	2016-08-03 17:35:35 +03:00
Andris Raugulis	f82c9825d9	Add new key-exchange algorithms. Use OpenSSH 7.3 banner.	2016-08-03 17:32:46 +03:00
Andris Raugulis	5af8859d6b	Add initial code for Diffie-Hellman key exchange.	2016-04-01 18:37:20 +03:00
Andris Raugulis	926b78889e	Add write buffer, implement ssh packet sending. Use shared block size.	2016-04-01 18:30:54 +03:00
Andris Raugulis	b8201f2550	Add re-entrant banner retrieval method.	2016-04-01 18:19:18 +03:00
Andris Raugulis	06992d7da6	Refactor ssh connection within class for future improvements.	2016-04-01 17:56:06 +03:00
Andris Raugulis	d834074378	Use OpenSSH 7.2 banner. Add OpenSSH 7.2 warning messages. Fix OpenSSH 7.0 failure messages. Add forgotten failure on rijndael-cbc. Bump version.	2016-03-07 12:58:13 +02:00
Andris Raugulis	6f70e328b2	Add warnings for encryption and MAC. Add none cipher and MAC.	2016-01-05 18:02:05 +02:00
Andris Raugulis	ca9baf80b8	Fail on unsafe elliptic curves.	2016-01-05 17:01:04 +02:00
Andris Raugulis	e8fd13e2d8	Add warnings for Kex and Ciphers.	2016-01-05 16:58:42 +02:00
Andris Raugulis	9d4625d9a0	Version bump.	2016-01-05 14:12:03 +02:00
Andris Raugulis	122588cb00	Better compression handling.	2016-01-05 14:10:48 +02:00
Andris Raugulis	c485ffb01e	Ensure reading enough data.	2016-01-05 14:10:02 +02:00
Andris Raugulis	716b6acaaa	Version bump.	2015-12-30 13:09:42 +02:00
Andris Raugulis	92e6aabcc8	Add Dropbear SSH historical information.	2015-12-30 13:07:50 +02:00
Andris Raugulis	f15f7dac23	Add support for dropbear sshd: - send client banner first - use data read in first chunk (buffer data)	2015-12-29 17:28:08 +02:00
Andris Raugulis	8ac2750cca	Remove unused variable.	2015-12-23 06:02:20 +02:00
Andris Raugulis	3fccc44bc7	Import source.	2015-12-23 05:01:24 +02:00

1 2 3 4 5

249 Commits