Joe Testa
92db5f0138
Updated docker tests and README due to merge of PR #281 .
2024-07-05 10:53:00 -04:00
Joe Testa
8190fe59d0
Added implementation for DHEat denial-of-service attack (CVE-2002-20001). ( #211 , #217 )
2024-04-18 13:58:13 -04:00
Joe Testa
d7f8bf3e6d
Updated notes on OpenSSH default key exchanges. ( #258 )
2024-03-19 18:24:22 -04:00
Joe Testa
3d403b1d70
Updated availability of algorithms in Dropbear. ( #257 )
2024-03-19 15:47:09 -04:00
Joe Testa
9fae870260
Added allow_larger_keys flag to custom policies to control whether targets can have larger keys, and added Docker tests to complete work started in PR #242 .
2024-03-19 14:45:19 -04:00
Joe Testa
3c31934ac7
Added tests and other cleanups resulting from merging PR #252 .
2024-03-18 17:48:50 -04:00
Joe Testa
7b3402b207
Added note that sntrup761x25519-sha512@openssh.com is the default OpenSSH kex since version 9.0.
2024-03-15 17:24:21 -04:00
Joe Testa
75dbc03a77
Added 'additional_notes' field to JSON output.
2023-12-19 18:03:07 -05:00
Joe Testa
c259a83782
Added note that when a target is properly configured against the Terrapin vulnerability that unpatched peers may still create vulnerable connections. Updated Ubuntu Server & Client 20.04 & 22.04 policies to include new key exchange markers related to Terrapin counter-measures.
2023-12-19 14:03:28 -05:00
Joe Testa
f8e29674a3
Refined JSON notes output. Fixed Docker & Tox tests.
2023-09-05 16:36:54 -04:00
Joe Testa
38f9c21760
The color of all notes will be printed in green when the related algorithm is rated good.
2023-09-03 19:14:25 -04:00
Joe Testa
199e75f6cd
Refined GEX testing against OpenSSH servers: when the fallback mechanism is suspected of being triggered, perform an additional test to obtain more accurate results.
2023-09-03 16:13:00 -04:00
Joe Testa
7f8d6b4d5b
Fixed built-in policy formatting and filled in missing host key size information.
2023-04-26 15:47:58 -04:00
Joe Testa
263267c5ad
Added support for mixed host key/CA key types (i.e.: RSA host keys signed by ED25519 CAs) ( #120 ).
2023-04-25 09:17:32 -04:00
Joe Testa
4f31304b66
Alphabetized algorithm database.
2023-03-28 12:09:25 -04:00
Joe Testa
dc083de87e
Added recommendations and CVE information to JSON output ( #122 ).
2023-03-24 18:48:36 -04:00
Joe Testa
cc9e4fbc4a
Generic failure/warning messages replaced with more specific reasons. SHA-1 algorithms now cause failures. CBC mode ciphers are now warnings instead of failures.
2023-03-23 21:36:02 -04:00
Joe Testa
413dea60ae
Fixed docker tests affected by previous commit.
2023-03-21 14:58:00 -04:00
Joe Testa
71feaa191e
Add note regarding OpenSSH's 2048-bit GEX fallback, and suppress the related recommendation since the user cannot control it (partly related to #168 ).
2023-03-21 11:44:45 -04:00
Joe Testa
c9dc9a9c10
Now issues a warning when 2048-bit moduli are encountered.
2023-02-06 16:27:30 -05:00
Joe Testa
c6b8dc97e1
Fixed tests.
2022-02-21 21:48:10 -05:00
tomatohater1337
1f0b3acff2
Complete "target" in the JSON output with the port ( #123 )
...
* Complete "target" in JSON output with the port
The JSON output was not showing the port of the target which was scanned. This could be problematic when scanning a host with more than one ssh service running.
* Docker tests completet with the port of the scan target in the JSON output
2021-10-13 23:44:55 -04:00
Joe Testa
07862489c4
Added MD5 fingerprint hashes to verbose output.
2021-05-20 18:03:24 -04:00
Joe Testa
1bbc3feb57
Added OpenSSH 8.5 built-in policy. Added sntrup761x25519-sha512@openssh.com kex.
2021-02-23 16:02:20 -05:00
Joe Testa
e0f0956edc
Added extra warnings for SSHv1. ( #6 )
2021-02-02 12:20:37 -05:00
Joe Testa
c49a0fb22f
Upgraded SHA-1 key signatures from warnings to failures. Added deprecation warning to ssh-rsa-cert-v00@openssh.com, ssh-rsa-cert-v01@openssh.com, x509v3-sign-rsa, and x509v3-ssh-rsa host key types.
2021-02-01 19:19:46 -05:00
Joe Testa
13d15baa2a
Added multi-threaded scanning support.
2021-02-01 13:10:06 -05:00
Joe Testa
0d9881966c
Added version check for OpenSSH user enumeration (CVE-2018-15473). ( #83 )
2020-11-05 20:24:09 -05:00
Joe Testa
175bd2cf66
Fixed recommendation output function from suppressing some algorithms inappropriately.
2020-10-20 21:34:34 -04:00
Joe Testa
ec48249deb
Now reports policy errors in an easier to read format. ( #63 )
2020-10-20 16:25:39 -04:00
Joe Testa
046c866da4
Moved built-in policies from external files to internal database. ( #75 )
2020-10-19 17:27:37 -04:00
Joe Testa
632adc076a
Policy check output now prints port number, if applicable.
2020-09-27 11:48:15 -04:00
Joe Testa
936acfa37d
Added more structure to JSON result when policy errors are found.
2020-07-29 12:36:08 -04:00
Joe Testa
68a420ff00
Added policy support for optional host key types, like certificates and smart card-based types.
2020-07-15 14:32:14 -04:00
Joe Testa
b95969bbc0
Policy output now more clearly prints the policy version.
2020-07-14 17:38:15 -04:00
Joe Testa
d5ef967758
Upgraded 1024-bit modulus warning to failure.
2020-06-30 22:51:13 -04:00
Joe Testa
dd44e2f010
Added policy checks ( #10 ).
2020-06-30 15:53:50 -04:00
Joe Testa
c9a2f2955c
Marked host key type 'ssh-rsa' as weak due to practical SHA-1 collisions.
2020-02-08 23:56:54 -05:00
Joe Testa
0263769243
Added JSON output tests to docker testing suite.
2019-11-08 18:40:32 -05:00
Joe Testa
e62b548677
Updated info on curve25519-sha256 kex.
2019-10-21 11:50:23 -04:00
Joe Testa
fd3a1f7d41
Added client audit functionality. ( #3 )
2019-09-27 18:14:36 -04:00
Joe Testa
7221413567
Added TinySSH test.
2019-08-27 22:28:24 -04:00
Joe Testa
120f898539
Added Dropbear test.
2019-08-26 14:45:31 -04:00
Joe Testa
4ebccb8068
Added OpenSSH v4.0 test.
2019-08-22 16:48:23 -04:00
Joe Testa
4f138d7f82
Added docker testing framework.
2019-08-22 16:04:46 -04:00