Commit Graph

  • 732a2156f6 Correction to the saving of comments against non-rsa keys #182 Adam Russell 2023-04-26 21:51:48 +0100
  • 8badbdce1e ensure all required fields added for non-rsa keys Adam Russell 2023-04-26 21:41:52 +0100
  • bdefc14b88 Revised list names because they operates against all keys now not just rsa. Adam Russell 2023-04-26 21:31:14 +0100
  • 5e8b74beb0 Save results on completion of testing a hostkey Adam Russell 2023-04-26 21:18:57 +0100
  • 1eab4ab0e6 Updated README. Joe Testa 2023-04-26 15:49:45 -0400
  • 7f8d6b4d5b Fixed built-in policy formatting and filled in missing host key size information. Joe Testa 2023-04-26 15:47:58 -0400
  • 0a6452ef4f RSA key size comments duplicated for all RSA sig algs Adam Russell 2023-04-26 18:15:17 +0100
  • 4c098b7d12 Windows build script now automatically installs/updates package dependencies. Joe Testa 2023-04-25 20:14:49 -0400
  • 0bfb5d6979 Updated snap base image. Now installing snapcraft tool from snap instead of apt. Joe Testa 2023-04-25 11:54:12 -0400
  • a5f5e0dab2 Updated changelog. Joe Testa 2023-04-25 10:25:06 -0400
  • 05f159a152 Fixed Windows-specific crash when multiple threads are used (#152). Joe Testa 2023-04-25 10:18:45 -0400
  • 263267c5ad Added support for mixed host key/CA key types (i.e.: RSA host keys signed by ED25519 CAs) (#120). Joe Testa 2023-04-25 09:17:32 -0400
  • 4f31304b66 Alphabetized algorithm database. Joe Testa 2023-03-28 12:09:25 -0400
  • 6f05a2c6b5 Updated README. Joe Testa 2023-03-25 14:15:53 -0400
  • 784d412148 Added Repology table. Joe Testa 2023-03-24 19:22:45 -0400
  • dc083de87e Added recommendations and CVE information to JSON output (#122). Joe Testa 2023-03-24 18:48:36 -0400
  • 7d5eb37a0f Updated colorama initialization. Joe Testa 2023-03-24 16:43:38 -0400
  • 5c1c447755 Updated testing descriptions. Joe Testa 2023-03-24 14:12:03 -0400
  • cbb7d43006 Updated base image. Removed all suid & sgid bits from image. Drop root privileges by default. Joe Testa 2023-03-23 23:43:52 -0400
  • cc9e4fbc4a Generic failure/warning messages replaced with more specific reasons. SHA-1 algorithms now cause failures. CBC mode ciphers are now warnings instead of failures. Joe Testa 2023-03-23 21:36:02 -0400
  • 992aa1b961 Added support for kex GSS wildcards (#143). Joe Testa 2023-03-21 22:17:23 -0400
  • 413dea60ae Fixed docker tests affected by previous commit. Joe Testa 2023-03-21 14:58:00 -0400
  • e2a9896397
    Deprecation of ssh-rsa signature algorithm in OpenSSH 8.8 (#171) thecliguy 2023-03-21 18:52:23 +0000
  • e94f034917
    Deprecation of ssh-rsa signature algorithm in OpenSSH 8.8 #171 thecliguy 2023-03-21 18:43:58 +0000
  • 71feaa191e Add note regarding OpenSSH's 2048-bit GEX fallback, and suppress the related recommendation since the user cannot control it (partly related to #168). Joe Testa 2023-03-21 11:44:45 -0400
  • c02ab8f170 Added --accept option to automatically update failed tests. Joe Testa 2023-03-21 11:28:52 -0400
  • cdaee69642 Improved debugging output. Joe Testa 2023-03-21 10:48:58 -0400
  • 2ecdbe0345
    Merge pull request #1 from jtesta/master #160 Phil Miller 2023-03-06 17:51:30 -0500
  • 926f5e5c40
    Merge branch 'jtesta:master' into master Manfred Kaiser 2023-02-19 09:59:43 +0100
  • 7bbf4cdff0 Fix tox tests. Joe Testa 2023-02-06 18:24:03 -0500
  • e4d864c6c1
    usage now respects no color (#162) thecliguy 2023-02-06 23:20:34 +0000
  • 1663e5bdcf Fixed setuptools config file. Joe Testa 2023-02-06 16:57:24 -0500
  • 5ecad8fac9 Bumped copyright year. Joe Testa 2023-02-06 16:49:25 -0500
  • 38ff225ed8 Updated supported Python versions. Joe Testa 2023-02-06 16:48:53 -0500
  • c9dc9a9c10 Now issues a warning when 2048-bit moduli are encountered. Joe Testa 2023-02-06 16:27:30 -0500
  • 2940c397b8
    Removed superfluous parens after 'not' #162 thecliguy 2023-02-04 23:17:59 +0000
  • 3c1b4413db usage now respects no color Adam Russell 2023-02-04 22:43:17 +0000
  • f9e00b6f2d Renamed WARN_CURVES_WEAK to FAIL_CURVES_WEAK. Joe Testa 2023-02-03 17:22:10 -0500
  • 433c7e779d Added 2 new ciphers: 'rijndael-cbc@ssh.com', 'cast128-12-cbc@ssh.com'. Added 21 new host key types: . Joe Testa 2023-02-02 18:57:53 -0500
  • 984ea1eee3 Added the following 9 new host key types: 'dsa2048-sha224@libassh.org', 'dsa2048-sha256@libassh.org', 'dsa3072-sha256@libassh.org', 'ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com', 'eddsa-e382-shake256@libassh.org', 'eddsa-e521-shake256@libassh.org', 'null', 'pgp-sign-dss', 'pgp-sign-rsa'. Added the following 22 new key exchange algorithms: 'diffie-hellman-group-exchange-sha224@ssh.com', 'diffie-hellman-group-exchange-sha384@ssh.com', 'diffie-hellman-group14-sha224@ssh.com', 'diffie-hellman_group17-sha512', 'ecmqv-sha2', 'gss-13.3.132.0.10-sha256-*', 'gss-curve25519-sha256-*', 'gss-curve448-sha512-*', 'gss-gex-sha1-*', 'gss-gex-sha256-*', 'gss-group1-sha1-*', 'gss-group14-sha1-*', 'gss-group14-sha256-*', 'gss-group15-sha512-*', 'gss-group16-sha512-*', 'gss-group17-sha512-*', 'gss-group18-sha512-*', 'gss-nistp256-sha256-*', 'gss-nistp384-sha256-*', 'gss-nistp521-sha512-*', 'm383-sha384@libassh.org', 'm511-sha512@libassh.org'. Added the following 26 new ciphers: '3des-cfb', '3des-ecb', '3des-ofb', 'blowfish-cfb', 'blowfish-ecb', 'blowfish-ofb', 'camellia128-cbc@openssh.org', 'camellia128-ctr@openssh.org', 'camellia192-cbc@openssh.org', 'camellia192-ctr@openssh.org', 'camellia256-cbc@openssh.org', 'camellia256-ctr@openssh.org', 'cast128-cfb', 'cast128-ecb', 'cast128-ofb', 'idea-cfb', 'idea-ecb', 'idea-ofb', 'seed-ctr@ssh.com', 'serpent128-gcm@libassh.org', 'serpent256-gcm@libassh.org', 'twofish-cfb', 'twofish-ecb', 'twofish-ofb', 'twofish128-gcm@libassh.org', 'twofish256-gcm@libassh.org'. Added the following 4 new HMAC algorithms: 'hmac-sha224@ssh.com', 'hmac-sha256-2@ssh.com', 'hmac-sha384@ssh.com', 'hmac-whirlpool'. Joe Testa 2023-02-02 18:30:40 -0500
  • 0b905a7fdd Added Ubuntu Client 22.04 hardening policy. Joe Testa 2023-02-01 19:29:54 -0500
  • 6e9283e643 Removed unused CI configs. Joe Testa 2023-02-01 18:00:41 -0500
  • 32ff04c2cc Added Tox testing for Python 3.11. Fixed flake8 & pylint errors. Joe Testa 2023-02-01 17:56:54 -0500
  • 5ebe7c72bd added target_port to json output with -jj arg mr-pmillz 2023-01-13 22:34:28 -0500
  • 44589d1f97 added cve json edge cases mr-pmillz 2023-01-13 21:42:33 -0500
  • 04d8db1a81 resolves #122 adds cve findings to json output mr-pmillz 2023-01-13 20:35:19 -0500
  • c4c145df3d
    Merge branch 'jtesta:master' into master Manfred Kaiser 2022-10-28 18:05:05 +0200
  • e50ac5c84d
    Gex test usage text (#158) thecliguy 2022-10-27 15:11:05 +0100
  • 29496b43d5
    updated vulnerability database (#157) Manfred Kaiser 2022-10-27 16:10:17 +0200
  • dcad8293a0
    Reformatted Usage Text for --gex-test in ssh_audit.py #158 thecliguy 2022-10-17 21:02:18 +0100
  • 136fb66775
    Reformatted Usage Text for --gex-test in README.md thecliguy 2022-10-17 20:53:30 +0100
  • 90f5598120 added info for CVE-2021-36367 #157 Manfred Kaiser 2022-10-17 17:03:18 +0200
  • 6379f48594 updated vulnerability database Manfred Kaiser 2022-10-17 16:55:05 +0200
  • 01d0e22aae Resolves #156 - add md5 and sha512 fingerprints to output and json #150 Manfred Kaiser 2022-10-17 14:45:57 +0200
  • 4aff9764fd updated versionvulnerabilitydb Manfred Kaiser 2022-10-17 10:52:18 +0200
  • 6c9cd1fccb
    Merge branch 'jtesta:master' into master Manfred Kaiser 2022-10-17 10:27:05 +0200
  • 3300c60aaa Added 'ssh-xmss@openssh.com' and 'ssh-xmss-cert-v01@openssh.com' experimental host keys (#146). Joe Testa 2022-10-14 23:21:09 -0400
  • 78a9475a32 Added hmac-sha1-96@openssh.com MAC. (#148) Joe Testa 2022-10-14 22:56:02 -0400
  • db44a8742f removed unsupported options for pylint in tox.ini Manfred Kaiser 2022-10-11 13:48:42 +0200
  • d30d888e96 remove no-else-raise Manfred Kaiser 2022-10-11 13:45:25 +0200
  • 74fd8bb13d remove unnecessary "else" after "return" Manfred Kaiser 2022-10-11 13:44:28 +0200
  • f2d5a5624f using Python 3 style super() without arguments Manfred Kaiser 2022-10-11 13:38:31 +0200
  • 0ad8a0fc79 ignore pylint's unused import warnings for type hints Manfred Kaiser 2022-10-11 13:33:08 +0200
  • e950e6c502 remove unused imports Manfred Kaiser 2022-10-11 12:32:46 +0200
  • 8d861dcdc6 Removed pytest version pin from Tox. Joe Testa 2022-10-10 21:28:51 -0400
  • c50cc040c2 Upgrade all Tox dependencies before running Tox. Joe Testa 2022-10-10 21:06:03 -0400
  • 93f0692444 Enabled Python 3.10 tests in Tox. Joe Testa 2022-10-10 21:00:05 -0400
  • 6e9945337e Removed CI tests for Python 3.6. Joe Testa 2022-10-10 20:52:46 -0400
  • d429b543d0 Added support for host key 'webauthn-sk-ecdsa-sha2-nistp256@openssh.com' (#149). Joe Testa 2022-10-10 20:51:37 -0400
  • b9520cbc25 Fixed pylint & flake8 warnings and errors. Joe Testa 2022-10-10 20:40:29 -0400
  • 0b8ecf2fb5 Added Ubuntu Server 22.04 LTS hardening policy. Joe Testa 2022-10-10 20:34:28 -0400
  • 9dfaec7b7b Add install instructions for Arch Linux #142 Torstein Krause Johansen 2022-07-15 10:44:52 +0200
  • eb4ae65b0a Usage now includes '-g' and '--gex-test' parameters thecliguy 2022-03-27 16:17:27 +0100
  • 113d1de443 Removed experimental warning tag from sntrup761x25519-sha512@openssh.com. Joe Testa 2022-04-10 12:16:25 -0400
  • 82b1a7c772
    Usage now includes '-g' and '--gex-test' parameters #135 thecliguy 2022-03-27 16:17:27 +0100
  • 4d89f9b30b Updated example. Joe Testa 2022-03-24 10:29:04 -0400
  • 11905ed44a Fixed pylint errors, consolidated error checking for granular GEX tests, renamed functions for better readability. Joe Testa 2022-03-13 20:58:22 -0400
  • 19f192d21f Corrected accidental text update and a minor typo. Adam Russell 2022-02-16 21:13:40 +0000
  • 5ac0ffa8f1 DH GEX Modulus Size Testing Adam Russell 2022-02-16 21:01:22 +0000
  • 5abe09075e Updated example. #134 Joe Testa 2022-03-24 10:29:04 -0400
  • d59cabe484 Fixed pylint errors, consolidated error checking for granular GEX tests, renamed functions for better readability. Joe Testa 2022-03-13 20:58:22 -0400
  • 0a6ac5de54 Updated CVE vulnerability flag. Joe Testa 2022-02-21 21:51:35 -0500
  • c6b8dc97e1 Fixed tests. Joe Testa 2022-02-21 21:48:10 -0500
  • 1bdf7029b4
    add a bunch of openssh CVEs (#126) Alexandre ZANNI 2022-02-22 03:41:44 +0100
  • 2563d670f4 Corrected accidental text update and a minor typo. #131 Adam Russell 2022-02-16 21:13:40 +0000
  • 5cc39a3f04 DH GEX Modulus Size Testing Adam Russell 2022-02-16 21:01:22 +0000
  • 7b92297ff4 Output recommendations in JSON. #125 Laurent Etiemble 2021-10-16 12:31:35 +0200
  • 188ed9ce84 add a bunch of openssh CVEs #126 noraj 2021-10-30 18:00:05 +0200
  • 5fbcb1b90f Added 24 new key exchanges: 'ecdh-sha2-1.3.132.0.1', 'ecdh-sha2-1.2.840.10045.3.1.1', 'ecdh-sha2-1.3.132.0.33', 'ecdh-sha2-1.3.132.0.26', 'ecdh-sha2-1.3.132.0.27', 'ecdh-sha2-1.2.840.10045.3.1.7', 'ecdh-sha2-1.3.132.0.16', 'ecdh-sha2-1.3.132.0.34', 'ecdh-sha2-1.3.132.0.36', 'ecdh-sha2-1.3.132.0.37', 'ecdh-sha2-1.3.132.0.35', 'ecdh-sha2-1.3.132.0.38', 'ecdh-sha2-4MHB+NBt3AlaSRQ7MnB4cg==', 'ecdh-sha2-5pPrSUQtIaTjUSt5VZNBjg==', 'ecdh-sha2-VqBg4QRPjxx1EXZdV0GdWQ==', 'ecdh-sha2-zD/b3hu/71952ArpUG4OjQ==', 'ecdh-sha2-qCbG5Cn/jjsZ7nBeR7EnOA==', 'ecdh-sha2-9UzNcgwTlEnSCECZa7V1mw==', 'ecdh-sha2-wiRIU8TKjMZ418sMqlqtvQ==', 'ecdh-sha2-qcFQaMAMGhTziMT0z+Tuzw==', 'ecdh-sha2-m/FtSAmrV4j/Wy6RVUaK7A==', 'ecdh-sha2-D3FefCjYoJ/kfXgAyLddYA==', 'ecdh-sha2-h/SsxnLCtRBh7I9ATyeB3A==', 'ecdh-sha2-mNVwCXAoS1HGmHpLvBC94w=='. Joe Testa 2021-10-20 22:25:20 -0400
  • b04acc3737 Updated README. Joe Testa 2021-10-15 00:19:04 -0400
  • 4ace52a190 Now prints a more user-friendly error message when installed as a Snap package and permission errors are encountered. Updated the Snap build process as well. Joe Testa 2021-10-14 23:56:03 -0400
  • 22a9559a82 Now supports Python 3.10. Joe Testa 2021-10-14 00:01:23 -0400
  • 57e6c0246d Updated pylint disable list. Joe Testa 2021-10-13 23:55:49 -0400
  • 80a718a5af Fixed broken Python 3.10 config. Joe Testa 2021-10-13 23:46:50 -0400
  • 1f0b3acff2
    Complete "target" in the JSON output with the port (#123) tomatohater1337 2021-10-14 05:44:55 +0200
  • 6c39b210ae Docker tests completet with the port of the scan target in the JSON output #123 csaudit 2021-10-08 09:54:32 +0200
  • 0df3f6aed3
    Complete "target" in JSON output with the port tomatohater1337 2021-10-08 09:02:02 +0200
  • cdc379d6df Added Python 3.10 to Github Actions testing. Joe Testa 2021-10-07 11:06:32 -0400
  • 9f87acfc74 Bumped version to v2.6.0-dev. Joe Testa 2021-08-27 11:25:27 -0400
  • 597b500eba
    Minor cleanups (#116) a1346054 2021-08-27 15:19:18 +0000