Git
/
ssh-audit
mirror of https://github.com/jtesta/ssh-audit.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
252 Commits 1 Branch 15 Tags 5.2 MiB
Commit Graph

168 Commits

Author SHA1 Message Date
Andris Raugulis 9a409e835e Refactor outer functions within classes. 
Use mypy strict optional checks and fix them.
Use better comparison for compatiblity output.
Add initial socket tests.
 2016-11-03 19:10:49 +02:00
Andris Raugulis 6c4b9fcadf Banner should be in printable ASCII, not the whole ASCII space. 2016-11-02 18:25:13 +02:00
Andris Raugulis 5bb0ae0ceb Rework is/to ASCII and implement printable ASCII is/to functions. 
Add Utils tests.
 2016-11-02 18:23:55 +02:00
Andris Raugulis 44c1d4827c Specify error when couldn't get banner. Test for timeout and retry cases. 2016-11-02 13:00:24 +02:00
Andris Raugulis dd3ca9688e Back to development version. 2016-10-26 19:14:03 +03:00
Andris Raugulis e42064b9b9 Release 1.7.0. 2016-10-26 19:02:13 +03:00
Andris Raugulis 66b9e079a8 Implement new options (-4/--ipv4, -6/--ipv6, -p/--port <port>). 
By default both IPv4 and IPv6 is supported and order of precedence depends on OS.
By using -46, IPv4 is prefered, but by using -64, IPv6 is preferd.
For now the old way how to specify port (host:port) has been kept intact.
 2016-10-26 18:33:00 +03:00
Andris Raugulis 4684ff0113 Add linter fixes for tests. 2016-10-25 17:19:08 +03:00
Andris Raugulis aa4eabda66 Do not count coverage for missing import. 2016-10-25 14:04:54 +03:00
Andris Raugulis 4bbb1f4d11 Use safer UTF-8 decoding (with replace) and add related tests. 2016-10-25 13:53:51 +03:00
Andris Raugulis 182467e0e8 Fix typo, which slipped in while adding type system. 2016-10-25 11:52:55 +03:00
Andris Raugulis 385c230376 Add colors support for Microsoft Windows via optional colorama dependency. 2016-10-25 11:50:12 +03:00
Andris Raugulis 5b3b630623 Fix pylint reported issues and disable unnecessary ones. 2016-10-20 20:00:51 +03:00
Andris Raugulis cdfe06e75d Fix type after argument removal. 2016-10-20 17:19:37 +03:00
Andris Raugulis cbe7ad4ac3 Fix pylint reported no-self-use and disable checks in py2/3 compatibility code. 2016-10-20 17:06:23 +03:00
Andris Raugulis dfb8c302bf Fix pylint reported attribute-defined-outside-init. 2016-10-20 16:46:53 +03:00
Andris Raugulis 4120377c0b Remove unnecessary argument. 2016-10-20 16:41:44 +03:00
Andris Raugulis 5be64a8ad2 Fix pylint reported dangerous-default-value. 2016-10-20 16:31:48 +03:00
Andris Raugulis 67087fb920 Fix pylint reported anomalous-backslash-in-string. 2016-10-20 16:27:11 +03:00
Andris Raugulis fabb4b5bb2 Add static typing and refactor code to pass all mypy checks. 
Move Python compatibility types to first lines of code.
Add Python (text/byte) compatibility helper functions.
Check for SSH banner ASCII validity.
 2016-10-19 20:47:13 +03:00
Andris Raugulis 8ca6ec591d Handle the case when received data is in wrong encoding (not utf-8). 2016-10-18 09:45:03 +03:00
Andris Raugulis 6b76e68d0d Fix wrongly introduced Python 3 incompatibility. Fixes #14 and #15. 
Add static type checks via mypy (optional static type checker),
Add relevant tests, which could trigger the issue.
 2016-10-17 20:31:13 +03:00
Andris Raugulis c9d58bb827 Switch to new development version. 2016-10-14 09:14:07 +03:00
Andris Raugulis e60d4ff809 Add kex/pkm payload generation. 2016-10-13 17:53:39 +03:00
Andris Raugulis 93b908f890 Fix error output. 2016-10-13 17:53:01 +03:00
Andris Raugulis f1e8231b67 Make usage's output independent. 2016-10-10 12:42:01 +03:00
Andris Raugulis 84ac5a30ab Decouple AuditConf from Output. 2016-10-07 19:55:31 +03:00
Andris Raugulis 705bedd608 Do not output empty algorithm. 2016-10-06 16:22:09 +03:00
Andris Raugulis 4b456dd01e Return level name, not level itself (make consistent with setter). 2016-10-06 15:18:39 +03:00
Andris Raugulis 301a27ae27 Wrap utils in single class. 2016-10-06 14:36:30 +03:00
Andris Raugulis 76f49d4016 Output unicode not bytes in Python3. 2016-10-06 03:42:43 +03:00
Andris Raugulis ec0b4704e9 Move Kex to SSH2. 2016-10-06 02:59:15 +03:00
Andris Raugulis a193059bc9 Lazy CRC32 initialization. 2016-10-05 14:56:36 +03:00
Andris Raugulis 7959c7448a Fix and update write buffer. Add buffer tests. 2016-10-05 06:06:26 +03:00
Andris Raugulis 262c65b7be Fix version comparison and update tests. 2016-10-05 04:09:50 +03:00
Andris Raugulis 407ddbd7ea Cosmetic whitespace fix. 2016-10-05 03:31:03 +03:00
Andris Raugulis aee949a717 Fix software representation. Add software tests. 2016-10-05 03:27:43 +03:00
Andris Raugulis 489a24c564 Fix banner protocol (1.99) recognition and clean banner comments. Add banner tests. 2016-10-05 03:25:54 +03:00
Andris Raugulis 5269b63e64 Weigh faults to recommend lesser evil. Colorize recommendations. 2016-10-04 11:14:03 +03:00
Andris Raugulis 5de7b913fd Recognize libssh (software, history, compatibility, security, etc). Closes #8. 2016-10-04 10:27:27 +03:00
Andris Raugulis 0c98bc1397 If software is not recognized, output recommendations based on compatibility. 2016-10-03 00:29:28 +03:00
Andris Raugulis f25e6caa2a Implement algorithm recommendations sections. 2016-09-28 17:03:38 +03:00
Andris Raugulis 29a0bb86fa Refactor algorithm pair/set reuse. 2016-09-28 17:01:37 +03:00
Andris Raugulis 1fda7b2a3e Support simple software output (without patch). 2016-09-28 16:58:58 +03:00
Andris Raugulis 7d5f74810b Back to development version. 2016-09-20 12:36:14 +03:00
Andris Raugulis e9b9a457dd Release 1.5.0. 2016-09-20 12:26:14 +03:00
Andris Raugulis 4dcf1c91cd Bump version. 2016-09-17 20:37:48 +03:00
Andris Raugulis 3421c8e294 Output fingerprint (defaults to SHA256 format). 2016-09-17 20:37:03 +03:00
Andris Raugulis 684ea315ec Shorten variables. 2016-09-17 20:24:53 +03:00
Andris Raugulis a70b93862a Output SSH1 host-key algorithm. 2016-09-17 20:21:18 +03:00
Andris Raugulis b16ef4d040 Add fingerprint support. 2016-09-17 20:15:47 +03:00
Andris Raugulis 5bc31ea70c Implement SSH1 support (cipher, auth, compatibility, texts, etc) #6. 2016-09-17 20:15:21 +03:00
Andris Raugulis fce491767c Signed mpint. 2016-09-17 19:23:24 +03:00
Andris Raugulis ddc5ea22f5 Refactor algorithm functions. 2016-09-17 05:38:11 +03:00
Andris Raugulis adba0ea08a Refactor timeframe and compatibility functions. 2016-09-17 00:58:06 +03:00
Andris Raugulis 11ee9ecd05 Fix output compatibility for ssh client. 2016-09-17 00:35:33 +03:00
Andris Raugulis a861fe0c8a Since text could be empty or client-only. 2016-09-17 00:30:04 +03:00
Andris Raugulis f6a6fb98bc Recognize Allegro Software RomSShell. 2016-09-16 16:09:49 +03:00
Andris Raugulis cb19718568 Add SSH1 and SSH2 forcing options. By default, both are allowed. 2016-09-16 14:55:27 +03:00
Andris Raugulis 9030e71892 Initial SSH1 support (packet reading, SMSG_PUBLIC_KEY, CRC32, etc) #6. 2016-09-15 18:00:09 +03:00
Andris Raugulis d6980242ba Pyython 2.6 compatible bit length. 2016-09-15 15:55:27 +03:00
Andris Raugulis 285d7280eb Implement mpint1 read/write. Optimize mpint writing. Test mpint1. 2016-09-15 06:09:08 +03:00
Andris Raugulis 089d7d597c Implement mpint2 read/write and tests. Refactor (Read|Write)Buf. 2016-09-14 16:33:38 +03:00
Andris Raugulis bfa9e6f936 Do not hang when remote host closes connection fast. Fix security output. 2016-09-13 13:17:41 +03:00
Andris Raugulis e3559a76b8 Differentiate between server and client security issues. Ignore client-side. 2016-09-13 13:01:38 +03:00
Andris Raugulis 4479db966a Implement OpenSSH version comparison. 2016-09-13 12:38:05 +03:00
Andris Raugulis 3aaad8b734 Implement specific Dropbear SSH version comparison (e.g., 0.44 vs 0.44test3). 2016-09-12 19:21:57 +03:00
Andris Raugulis e8fd70a541 Fix Software __repr__. 2016-09-09 17:43:25 +03:00
Andris Raugulis b11018bd7d Add other security information. Add remote root exploit for Dropbear SSH. 2016-09-08 20:04:48 +03:00
Andris Raugulis 864b5dae85 Bump version. 2016-09-08 19:01:17 +03:00
Andris Raugulis bdee87c7d3 Do not use padding, when outputting in batch mode. 2016-09-08 19:00:35 +03:00
Andris Raugulis 2747907784 Consistent output for compression. 2016-09-08 18:52:38 +03:00
Andris Raugulis 243e4db74f Create security section. Add CVE for Dropbear SSH. 2016-09-08 18:50:19 +03:00
Andris Raugulis 13d945d8df Fix: Do not hang, while reading banner. 2016-09-08 15:01:57 +03:00
Andris Raugulis dbcc0f2c4f Do not repeat strings, use constants. Also, encapsulate MSG constants. 2016-09-08 14:55:58 +03:00
Andris Raugulis 3f6a8eb7ba Specify order for compatibility output. 2016-09-08 14:10:39 +03:00
Andris Raugulis b8effe1462 Better output for OpenSSH patch-level. 2016-09-08 14:06:36 +03:00
Andris Raugulis 6d402819cb Recognize some Windows SSHd servers. 2016-09-07 19:40:30 +03:00
Andris Raugulis ac64f87327 Extract software (Dropbear, OpenSSH, HP iLO, Cisco) and OS (NetBSD, FreeBSD) from banner. 2016-09-07 19:26:33 +03:00
Andris Raugulis d07d5078cb Do not capture unnecessary regex groups. 2016-09-07 19:22:47 +03:00
Andris Raugulis c68211b8e7 Wait for server banner, before sending client banner (fixes Cisco sshd). 2016-09-07 14:32:40 +03:00
Andris Raugulis 280a37ba20 Protocol is numbers. 2016-09-07 13:00:53 +03:00
Andris Raugulis 2ae93b1934 Reduce multiple protocol prefixed banner. 2016-09-07 12:58:03 +03:00
Andris Raugulis 673b88b2b1 Select the least protocol if banner has double protocol. 2016-09-07 12:22:51 +03:00
Andris Raugulis 19ee986e3d Extract banner and recognize other SSH1 banners (e.g, 1.3-1.5). 2016-09-06 18:55:17 +03:00
Andris Raugulis f7cd4fd954 Better packet parsing error output (e.g., protocol mismatch). 2016-09-06 15:25:29 +03:00
Andris Raugulis 72b0c2e216 Document new arguments. 2016-09-02 18:08:15 +03:00
Andris Raugulis 0a5d66fcde Refactor KexDB. 2016-09-02 17:56:47 +03:00
Andris Raugulis fba6397721 Multiple style fixes (protector, veryhigh). 2016-09-02 17:22:00 +03:00
Andris Raugulis c759e53779 Batch implies Verbose. 2016-09-02 16:32:32 +03:00
Andris Raugulis 34ae7d9bec Fix typos. 2016-09-02 16:31:16 +03:00
Andris Raugulis 5189c341f3 Implement new features: minimum output level and batch output. 2016-09-02 16:25:57 +03:00
Andris Raugulis ef8d727356 Fix compatibility with Python 2.6. Fixes #3. 2016-08-30 15:09:59 +03:00
Andris Raugulis eb7cb4a36a Release v1.0.20160812. 2016-08-12 16:29:51 +03:00
Andris Raugulis d4d8c6a659 Parse pre-banner header. Handle sock read/write errors. 2016-08-12 16:20:32 +03:00
Andris Raugulis 07ca434061 Fix Dropbear SSH version typo. 2016-08-12 04:40:13 +03:00
Andris Raugulis 744aec76fb Finish implementing compatibility feature. 
Fix wrong algorithm warning.
Stop on empty packet.
 2016-08-12 04:28:46 +03:00
Andris Raugulis 6df21a9891 Implement compatibility checker (based on returned algorithms). 2016-08-11 19:40:10 +03:00
Andris Raugulis 4ba3485664 More output refactor. 2016-08-11 18:47:27 +03:00
Andris Raugulis 96da1af9ef Refactor result output. 2016-08-11 18:45:14 +03:00