mirror of
https://github.com/jtesta/ssh-audit.git
synced 2024-11-22 02:21:40 +01:00
SSH server & client auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc) .
test | ||
.gitignore | ||
README.md | ||
ssh-audit.py |
ssh-audit
ssh-audit is a tool for ssh server auditing.
Features
- grab banner, detect ssh1 protocol and zlib compression;
- gather key-exchange, host-key, encryption and message authentication code algorithms;
- output algorithm information (available since, removed/disabled, unsafe/weak/legacy, etc);
- analyze SSH version compatibility based on algorithm information;
- historical information from OpenSSH and Dropbear SSH;
- no dependencies, compatible with python2 and python3;
Usage
usage: ssh-audit.py [-bnv] [-l <level>] <host[:port]>
-b, --batch batch output
-n, --no-colors disable colors
-v, --verbose verbose output
-l, --level=<level> minimum output level (info|warn|fail)
- batch flag
-b
will output sections without header and without empty lines (implies verbose flag). - verbose flag
-v
will prefix each line with section type and algorithm name.
example
ChangeLog
v1.0.20160902
- implement batch output option
- implement minimum output level option
- fix compatibility with Python 2.6
v1.0.20160812
- implement SSH version compatibility feature
- fix wrong mac algorithm warning
- fix Dropbear SSH version typo
- parse pre-banner header
- better errors handling
v1.0.20160803
- use OpenSSH 7.3 banner
- add new key-exchange algorithms
v1.0.20160207
- use OpenSSH 7.2 banner
- additional warnings for OpenSSH 7.2
- fix OpenSSH 7.0 failure messages
- add rijndael-cbc failure message from OpenSSH 6.7
v1.0.20160105
- multiple additional warnings
- support for none algorithm
- better compression handling
- ensure reading enough data (fixes few Linux SSH)
v1.0.20151230
- Dropbear SSH support
v1.0.20151223
- initial version