ssh-audit/ssh-audit.py

956 lines
31 KiB
Python
Raw Normal View History

2015-12-23 04:01:24 +01:00
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""
The MIT License (MIT)
2016-08-03 16:35:35 +02:00
Copyright (C) 2016 Andris Raugulis (moo@arthepsy.eu)
2015-12-23 04:01:24 +01:00
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
"""
from __future__ import print_function
import os, io, sys, socket, struct, random, errno, getopt, re
2015-12-23 04:01:24 +01:00
VERSION = 'v1.0.20160902'
SSH_BANNER = 'SSH-2.0-OpenSSH_7.3'
2015-12-23 04:01:24 +01:00
def usage(err=None):
2015-12-23 04:01:24 +01:00
p = os.path.basename(sys.argv[0])
out.batch = False
out.minlevel = 'info'
out.head('# {0} {1}, moo@arthepsy.eu'.format(p, VERSION))
if err is not None:
out.fail('\n' + err)
out.info('\nusage: {0} [-bnv] [-l <level>] <host[:port]>\n'.format(p))
out.info(' -h, --help print this help')
2016-09-02 17:08:15 +02:00
out.info(' -b, --batch batch output')
out.info(' -n, --no-colors disable colors')
out.info(' -v, --verbose verbose output')
out.info(' -l, --level=<level> minimum output level (info|warn|fail)')
out.sep()
2015-12-23 04:01:24 +01:00
sys.exit(1)
2015-12-23 04:01:24 +01:00
class Output(object):
LEVELS = ['info', 'warn', 'fail']
COLORS = {'head': 36, 'good': 32, 'warn': 33, 'fail': 31}
def __init__(self):
self.batch = False
self.colors = True
self.verbose = False
self.__minlevel = 0
@property
def minlevel(self):
return self.__minlevel
@minlevel.setter
def minlevel(self, name):
self.__minlevel = self.getlevel(name)
def getlevel(self, name):
cname = 'info' if name == 'good' else name
if cname not in self.LEVELS:
return sys.maxsize
return self.LEVELS.index(cname)
2015-12-23 04:01:24 +01:00
def sep(self):
if not self.batch:
print()
2015-12-23 04:01:24 +01:00
def _colorized(self, color):
return lambda x: print(u'{0}{1}\033[0m'.format(color, x))
2015-12-23 04:01:24 +01:00
def __getattr__(self, name):
if name == 'head' and self.batch:
return lambda x: None
if not self.getlevel(name) >= self.minlevel:
return lambda x: None
if self.colors and os.name == 'posix' and name in self.COLORS:
color = u'\033[0;{0}m'.format(self.COLORS[name])
2015-12-23 04:01:24 +01:00
return self._colorized(color)
else:
return lambda x: print(u'{0}'.format(x))
class OutputBuffer(list):
def __enter__(self):
self.__buf = io.StringIO()
self.__stdout = sys.stdout
sys.stdout = self.__buf
return self
def flush(self):
for line in self:
print(line)
def __exit__(self, *args):
self.extend(self.__buf.getvalue().splitlines())
sys.stdout = self.__stdout
2015-12-23 04:01:24 +01:00
2015-12-23 04:01:24 +01:00
class KexParty(object):
encryption = []
mac = []
compression = []
languages = []
2015-12-23 04:01:24 +01:00
class Kex(object):
cookie = None
kex_algorithms = []
key_algorithms = []
server = KexParty()
client = KexParty()
follows = False
unused = 0
@classmethod
def parse(cls, payload):
kex = cls()
buf = ReadBuf(payload)
2016-01-05 13:10:02 +01:00
kex.cookie = buf.read(16)
kex.kex_algorithms = buf.read_list()
kex.key_algorithms = buf.read_list()
kex.client.encryption = buf.read_list()
kex.server.encryption = buf.read_list()
kex.client.mac = buf.read_list()
kex.server.mac = buf.read_list()
kex.client.compression = buf.read_list()
kex.server.compression = buf.read_list()
kex.client.languages = buf.read_list()
kex.server.languages = buf.read_list()
kex.follows = buf.read_bool()
kex.unused = buf.read_int()
2015-12-23 04:01:24 +01:00
return kex
class ReadBuf(object):
def __init__(self, data=None):
super(ReadBuf, self).__init__()
self._buf = io.BytesIO(data) if data else io.BytesIO()
self._len = len(data) if data else 0
@property
def unread_len(self):
return self._len - self._buf.tell()
2016-01-05 13:10:02 +01:00
def read(self, size):
return self._buf.read(size)
def read_line(self):
return self._buf.readline().rstrip().decode('utf-8')
def read_int(self):
2016-01-05 13:10:02 +01:00
return struct.unpack('>I', self.read(4))[0]
def read_bool(self):
2016-01-05 13:10:02 +01:00
return struct.unpack('b', self.read(1))[0] != 0
def read_list(self):
list_size = self.read_int()
2016-01-05 13:10:02 +01:00
return self.read(list_size).decode().split(',')
2015-12-23 04:01:24 +01:00
class WriteBuf(object):
def __init__(self, data=None):
super(WriteBuf, self).__init__()
self._wbuf = io.BytesIO(data) if data else io.BytesIO()
def write(self, data):
self._wbuf.write(data)
def write_byte(self, v):
self.write(struct.pack('>B', v))
def write_bool(self, v):
self.write_byte(1 if v else 0)
def write_int(self, v):
self.write(struct.pack('>I', v))
def write_string(self, v):
if not isinstance(v, bytes):
v = bytes(bytearray(v, 'utf-8'))
n = len(v)
self.write(struct.pack('>I', n))
self.write(v)
def write_list(self, v):
self.write_string(','.join(v))
def write_mpint(self, v):
length = v.bit_length() // 8 + 1
data = [(v >> i * 8) & 0xff for i in reversed(range(length))]
data = bytes(bytearray(data))
self.write_string(data)
class SSH(object):
class Protocol(object):
MSG_KEXINIT = 20
MSG_NEWKEYS = 21
MSG_KEXDH_INIT = 30
MSG_KEXDH_REPLY = 32
class Product(object):
OpenSSH = 'OpenSSH'
DropbearSSH = 'Dropbear SSH'
class Software(object):
def __init__(self, vendor, product, version, patch, os):
self.__vendor = vendor
self.__product = product
self.__version = version
self.__patch = patch
self.__os = os
@property
def vendor(self):
return self.__vendor
@property
def product(self):
return self.__product
@property
def version(self):
return self.__version
@property
def patch(self):
return self.__patch
@property
def os(self):
return self.__os
def version_between(self, vfrom, vtill):
if vfrom and vfrom > self.version:
return False
if vtill and vtill < self.version:
return False
return True
def __str__(self):
out = '{0} '.format(self.vendor) if self.vendor else ''
out += self.product
if self.version:
out += ' {0}'.format(self.version)
2016-09-08 13:06:36 +02:00
patch = self.patch
if self.product == SSH.Product.OpenSSH:
2016-09-08 13:06:36 +02:00
mx = re.match('^(p\d)(.*)$', self.patch)
if mx is not None:
out += mx.group(1)
patch = mx.group(2).strip()
if patch:
out += ' ({0})'.format(self.patch)
if self.os:
out += ' running on {0}'.format(self.os)
return out
def __repr__(self):
out = 'vendor={0} '.format(self.vendor) if self.vendor else ''
if self.product:
out += ', product={0}'.format(self.software)
if self.version:
out += ', version={0}'.format(self.version)
if self.patch:
out += ', patch={0}'.format(self.patch)
if self.os:
out += ', os={0}'.format(self.os)
return '<{0}({1})>'.format(self.__class__.__name__, out)
@staticmethod
def _fix_patch(patch):
return re.sub(r'^[-_\.]+', '', patch)
@staticmethod
def _fix_date(d):
if d is not None and len(d) == 8:
return '{0}-{1}-{2}'.format(d[:4], d[4:6], d[6:8])
else:
return None
@classmethod
def _extract_os(cls, c):
if c is None:
return None
mx = re.match(r'^NetBSD(?:_Secure_Shell)?(?:[\s-]+(\d{8})(.*))?$', c)
if mx:
d = cls._fix_date(mx.group(1))
return 'NetBSD' if d is None else 'NetBSD ({0})'.format(d)
mx = re.match(r'^FreeBSD(?:\slocalisations)?[\s-]+(\d{8})(.*)$', c)
if not mx:
mx = re.match(r'^[^@]+@FreeBSD\.org[\s-]+(\d{8})(.*)$', c)
if mx:
d = cls._fix_date(mx.group(1))
return 'FreeBSD' if d is None else 'FreeBSD ({0})'.format(d)
2016-09-07 18:40:30 +02:00
w = ['RemotelyAnywhere', 'DesktopAuthority', 'RemoteSupportManager']
for win_soft in w:
mx = re.match(r'^in ' + win_soft + ' ([\d\.]+\d)$', c)
if mx:
ver = mx.group(1)
return 'Microsoft Windows ({0} {1})'.format(win_soft, ver)
generic = ['NetBSD', 'FreeBSD']
for g in generic:
if c.startswith(g) or c.endswith(g):
return g
return None
@classmethod
def parse(cls, banner):
software = str(banner.software)
mx = re.match(r'^dropbear_(\d+.\d+)(.*)', software)
if mx:
patch = cls._fix_patch(mx.group(2))
v, p = 'Matt Johnston', SSH.Product.DropbearSSH
v = None
return cls(v, p, mx.group(1), patch, None)
mx = re.match(r'^OpenSSH[_\.-]+([\d\.]+\d+)(.*)', software)
if mx:
patch = cls._fix_patch(mx.group(2))
v, p = 'OpenBSD', SSH.Product.OpenSSH
v = None
os = cls._extract_os(banner.comments)
return cls(v, p, mx.group(1), patch, os)
mx = re.match(r'^mpSSH_([\d\.]+\d+)', software)
if mx:
v, p = 'HP', 'iLO (Integrated Lights-Out) sshd'
return cls(v, p, mx.group(1), None, None)
mx = re.match(r'^Cisco-([\d\.]+\d+)', software)
if mx:
v, p = 'Cisco', 'IOS/PIX sshd'
return cls(v, p, mx.group(1), None, None)
return None
class Banner(object):
_RXP, _RXR = r'SSH-\d\.\s*?\d+', r'(-([^\s]*)(?:\s+(.*))?)?'
RX_PROTOCOL = re.compile(_RXP.replace('\d', '(\d)'))
RX_BANNER = re.compile(r'^({0}(?:(?:-{0})*)){1}$'.format(_RXP, _RXR))
def __init__(self, protocol, software, comments):
self.__protocol = protocol
self.__software = software
self.__comments = comments
@property
def protocol(self):
return self.__protocol
@property
def software(self):
return self.__software
@property
def comments(self):
return self.__comments
def __str__(self):
out = 'SSH-{0}.{1}'.format(self.protocol[0], self.protocol[1])
if self.software is not None:
out += '-{0}'.format(self.software)
if self.comments:
out += ' {0}'.format(self.comments)
return out
def __repr__(self):
p = '{0}.{1}'.format(self.protocol[0], self.protocol[1])
out = 'protocol={0}'.format(p)
if self.software:
out += ', software={0}'.format(self.software)
if self.comments:
out += ', comments={0}'.format(self.comments)
return '<{0}({1})>'.format(self.__class__.__name__, out)
@classmethod
def parse(cls, banner):
mx = cls.RX_BANNER.match(banner)
if mx is None:
return None
protocol = min(re.findall(cls.RX_PROTOCOL, mx.group(1)))
2016-09-07 12:00:53 +02:00
protocol = (int(protocol[0]), int(protocol[1]))
software = (mx.group(3) or '').strip() or None
if software is None and (mx.group(2) or '').startswith('-'):
software = ''
comments = (mx.group(4) or '').strip() or None
return cls(protocol, software, comments)
class Security(object):
CVE = {
'Dropbear SSH': [
['0.44', '2015.71', 'CVE-2016-3116', 5.5, 'bypass command restrictions via xauth command injection.'],
['0.28', '2013.58', 'CVE-2013-4434', 5.0, 'discover valid usernames through different time delays.'],
['0.28', '2013.58', 'CVE-2013-4421', 5.0, 'cause DoS (memory consumption) via a compressed packet.'],
['0.52', '2011.54', 'CVE-2012-0920', 7.1, 'execute arbitrary code or bypass command restrictions.'],
['0.40', '0.48.1', 'CVE-2007-1099', 7.5, 'conduct a MitM attack (no warning for hostkey mismatch).'],
['0.28', '0.47', 'CVE-2006-1206', 7.5, 'cause DoS (slot exhaustion) via large number of connections.'],
['0.39', '0.47', 'CVE-2006-0225', 4.6, 'execute arbitrary commands via scp with crafted filenames.'],
['0.28', '0.46', 'CVE-2005-4178', 6.5, 'execute arbitrary code via buffer overflow vulnerability.'],
['0.28', '0.42', 'CVE-2004-2486', 7.5, 'execute arbitrary code via DSS verification code.'],
]
}
class Socket(ReadBuf, WriteBuf):
SM_BANNER_SENT = 1
def __init__(self, host, port, cto=3.0, rto=5.0):
self.__block_size = 8
self.__state = 0
self.__header = []
self.__banner = None
super(SSH.Socket, self).__init__()
try:
self.__sock = socket.create_connection((host, port), cto)
self.__sock.settimeout(rto)
except Exception as e:
out.fail('[fail] {0}'.format(e))
sys.exit(1)
def __enter__(self):
return self
def get_banner(self):
rto = self.__sock.gettimeout()
self.__sock.settimeout(0.7)
s, e = self.recv()
self.__sock.settimeout(rto)
if s < 0:
return self.__banner, self.__header
if self.__state < self.SM_BANNER_SENT:
self.send_banner()
while self.__banner is None:
if not s > 0:
s, e = self.recv()
if s < 0:
break
while self.__banner is None and self.unread_len > 0:
line = self.read_line()
if len(line.strip()) == 0:
continue
if self.__banner is None:
self.__banner = SSH.Banner.parse(line)
if self.__banner is not None:
continue
self.__header.append(line)
return self.__banner, self.__header
def recv(self, size=2048):
try:
data = self.__sock.recv(size)
except socket.timeout as e:
r = 0 if e.strerror == 'timed out' else -1
return (r, e)
except socket.error as e:
r = 0 if e.errno in (errno.EAGAIN, errno.EWOULDBLOCK) else -1
return (r, e)
if len(data) == 0:
return (-1, None)
pos = self._buf.tell()
self._buf.seek(0, 2)
self._buf.write(data)
self._len += len(data)
self._buf.seek(pos, 0)
return (len(data), None)
def send(self, data):
try:
self.__sock.send(data)
return (0, None)
except socket.error as e:
return (-1, e)
self.__sock.send(data)
def send_banner(self, banner=SSH_BANNER):
self.send(banner.encode() + b'\r\n')
if self.__state < self.SM_BANNER_SENT:
self.__state = self.SM_BANNER_SENT
def read_packet(self):
while self.unread_len < self.__block_size:
s, e = self.recv()
if s < 0:
if e is None:
e = self.read(self.unread_len).strip()
return -1, e
header = self.read(self.__block_size)
if len(header) == 0:
out.fail('[exception] empty ssh packet (no data)')
sys.exit(1)
packet_size = struct.unpack('>I', header[:4])[0]
rest = header[4:]
lrest = len(rest)
padding = ord(rest[0:1])
packet_type = ord(rest[1:2])
if (packet_size - lrest) % self.__block_size != 0:
out.fail('[exception] invalid ssh packet (block size)')
sys.exit(1)
rlen = packet_size - lrest
while self.unread_len < rlen:
s, e = self.recv()
if s < 0:
if e is None:
e = (header + self.read(self.unread_len)).strip()
return -1, e
buf = self.read(rlen)
packet = rest[2:] + buf[0:packet_size - lrest]
payload = packet[0:packet_size - padding]
return packet_type, payload
def send_packet(self):
payload = self._wbuf.getvalue()
self._wbuf.truncate(0)
self._wbuf.seek(0)
padding = -(len(payload) + 5) % 8
if padding < 4:
padding += 8
plen = len(payload) + padding + 1
pad_bytes = b'\x00' * padding
data = struct.pack('>Ib', plen, padding) + payload + pad_bytes
return self.send(data)
def __del__(self):
self.__cleanup()
def __exit__(self, ex_type, ex_value, tb):
self.__cleanup()
def __cleanup(self):
try:
self.__sock.shutdown(socket.SHUT_RDWR)
self.__sock.close()
except:
pass
2015-12-23 04:01:24 +01:00
class KexDH(object):
def __init__(self, alg, g, p):
self.__alg = alg
self.__g = g
self.__p = p
self.__q = (self.__p - 1) // 2
self.__x = None
def send_init(self, s):
r = random.SystemRandom()
self.__x = r.randrange(2, self.__q)
self.__e = pow(self.__g, self.__x, self.__p)
s.write_byte(SSH.Protocol.MSG_KEXDH_INIT)
s.write_mpint(self.__e)
s.send_packet()
class KexGroup1(KexDH):
def __init__(self):
# rfc2409: second oakley group
p = int('ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67'
'cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6d'
'f25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff'
'5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece65381'
'ffffffffffffffff', 16)
super(KexGroup1, self).__init__('sha1', 2, p)
class KexGroup14(KexDH):
def __init__(self):
# rfc3526: 2048-bit modp group
p = int('ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67'
'cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6d'
'f25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff'
'5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3d'
'c2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3'
'ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08'
'ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c5'
'5df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa0510'
'15728e5a8aacaa68ffffffffffffffff', 16)
super(KexGroup14, self).__init__('sha1', 2, p)
2016-09-02 16:56:47 +02:00
class KexDB(object):
WARN_OPENSSH72_LEGACY = 'disabled (in client) since OpenSSH 7.2, legacy algorithm'
FAIL_OPENSSH70_LEGACY = 'removed since OpenSSH 7.0, legacy algorithm'
FAIL_OPENSSH70_WEAK = 'removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm'
FAIL_OPENSSH70_LOGJAM = 'disabled (in client) since OpenSSH 7.0, logjam attack'
INFO_OPENSSH69_CHACHA = 'default cipher since OpenSSH 6.9.'
FAIL_OPENSSH67_UNSAFE = 'removed (in server) since OpenSSH 6.7, unsafe algorithm'
FAIL_OPENSSH61_REMOVE = 'removed since OpenSSH 6.1, removed from specification'
FAIL_OPENSSH31_REMOVE = 'removed since OpenSSH 3.1'
FAIL_DBEAR67_DISABLED = 'disabled since Dropbear SSH 2015.67'
FAIL_DBEAR53_DISABLED = 'disabled since Dropbear SSH 0.53'
FAIL_PLAINTEXT = 'no encryption/integrity'
WARN_CURVES_WEAK = 'using weak elliptic curves'
WARN_RNDSIG_KEY = 'using weak random number generator could reveal the key'
WARN_MODULUS_SIZE = 'using small 1024-bit modulus'
WARN_MODULUS_CUSTOM = 'using custom size modulus (possibly weak)'
WARN_HASH_WEAK = 'using weak hashing algorithm'
WARN_CIPHER_MODE = 'using weak cipher mode'
WARN_BLOCK_SIZE = 'using small 64-bit block size'
WARN_CIPHER_WEAK = 'using weak cipher'
WARN_ENCRYPT_AND_MAC = 'using encrypt-and-MAC mode'
WARN_TAG_SIZE = 'using small 64-bit tag size'
ALGORITHMS = {
'kex': {
'diffie-hellman-group1-sha1': [['2.3.0,d0.28', '6.6', '6.9'], [FAIL_OPENSSH67_UNSAFE, FAIL_OPENSSH70_LOGJAM], [WARN_MODULUS_SIZE, WARN_HASH_WEAK]],
'diffie-hellman-group14-sha1': [['3.9,d0.53'], [], [WARN_HASH_WEAK]],
'diffie-hellman-group14-sha256': [['7.3,d2016.73']],
'diffie-hellman-group16-sha512': [['7.3,d2016.73']],
'diffie-hellman-group18-sha512': [['7.3']],
'diffie-hellman-group-exchange-sha1': [['2.3.0', '6.6', None], [FAIL_OPENSSH67_UNSAFE], [WARN_HASH_WEAK]],
'diffie-hellman-group-exchange-sha256': [['4.4'], [], [WARN_MODULUS_CUSTOM]],
'ecdh-sha2-nistp256': [['5.7,d2013.62'], [WARN_CURVES_WEAK]],
'ecdh-sha2-nistp384': [['5.7,d2013.62'], [WARN_CURVES_WEAK]],
'ecdh-sha2-nistp521': [['5.7,d2013.62'], [WARN_CURVES_WEAK]],
'curve25519-sha256@libssh.org': [['6.5,d2013.62']],
'kexguess2@matt.ucc.asn.au': [['d2013.57']],
},
'key': {
'rsa-sha2-256': [['7.2']],
'rsa-sha2-512': [['7.2']],
'ssh-ed25519': [['6.5']],
'ssh-ed25519-cert-v01@openssh.com': [['6.5']],
'ssh-rsa': [['2.5.0,d0.28']],
'ssh-dss': [['2.1.0,d0.28', '6.9'], [FAIL_OPENSSH70_WEAK], [WARN_MODULUS_SIZE, WARN_RNDSIG_KEY]],
'ecdsa-sha2-nistp256': [['5.7,d2013.62'], [WARN_CURVES_WEAK], [WARN_RNDSIG_KEY]],
'ecdsa-sha2-nistp384': [['5.7,d2013.62'], [WARN_CURVES_WEAK], [WARN_RNDSIG_KEY]],
'ecdsa-sha2-nistp521': [['5.7,d2013.62'], [WARN_CURVES_WEAK], [WARN_RNDSIG_KEY]],
'ssh-rsa-cert-v00@openssh.com': [['5.4', '6.9'], [FAIL_OPENSSH70_LEGACY], []],
'ssh-dss-cert-v00@openssh.com': [['5.4', '6.9'], [FAIL_OPENSSH70_LEGACY], [WARN_MODULUS_SIZE, WARN_RNDSIG_KEY]],
'ssh-rsa-cert-v01@openssh.com': [['5.6']],
'ssh-dss-cert-v01@openssh.com': [['5.6', '6.9'], [FAIL_OPENSSH70_WEAK], [WARN_MODULUS_SIZE, WARN_RNDSIG_KEY]],
'ecdsa-sha2-nistp256-cert-v01@openssh.com': [['5.7'], [WARN_CURVES_WEAK], [WARN_RNDSIG_KEY]],
'ecdsa-sha2-nistp384-cert-v01@openssh.com': [['5.7'], [WARN_CURVES_WEAK], [WARN_RNDSIG_KEY]],
'ecdsa-sha2-nistp521-cert-v01@openssh.com': [['5.7'], [WARN_CURVES_WEAK], [WARN_RNDSIG_KEY]],
},
'enc': {
'none': [['1.2.2,d2013.56'], [FAIL_PLAINTEXT]],
'3des-cbc': [['1.2.2,d0.28', '6.6', None], [FAIL_OPENSSH67_UNSAFE], [WARN_CIPHER_WEAK, WARN_CIPHER_MODE, WARN_BLOCK_SIZE]],
'3des-ctr': [['d0.52']],
'blowfish-cbc': [['1.2.2,d0.28', '6.6,d0.52', '7.1,d0.52'], [FAIL_OPENSSH67_UNSAFE, FAIL_DBEAR53_DISABLED], [WARN_OPENSSH72_LEGACY, WARN_CIPHER_MODE, WARN_BLOCK_SIZE]],
'twofish-cbc': [['d0.28', 'd2014.66'], [FAIL_DBEAR67_DISABLED], [WARN_CIPHER_MODE]],
'twofish128-cbc': [['d0.47', 'd2014.66'], [FAIL_DBEAR67_DISABLED], [WARN_CIPHER_MODE]],
'twofish256-cbc': [['d0.47', 'd2014.66'], [FAIL_DBEAR67_DISABLED], [WARN_CIPHER_MODE]],
'twofish128-ctr': [['d2015.68']],
'twofish256-ctr': [['d2015.68']],
'cast128-cbc': [['2.1.0', '6.6', '7.1'], [FAIL_OPENSSH67_UNSAFE], [WARN_OPENSSH72_LEGACY, WARN_CIPHER_MODE, WARN_BLOCK_SIZE]],
'arcfour': [['2.1.0', '6.6', '7.1'], [FAIL_OPENSSH67_UNSAFE], [WARN_OPENSSH72_LEGACY, WARN_CIPHER_WEAK]],
'arcfour128': [['4.2', '6.6', '7.1'], [FAIL_OPENSSH67_UNSAFE], [WARN_OPENSSH72_LEGACY, WARN_CIPHER_WEAK]],
'arcfour256': [['4.2', '6.6', '7.1'], [FAIL_OPENSSH67_UNSAFE], [WARN_OPENSSH72_LEGACY, WARN_CIPHER_WEAK]],
'aes128-cbc': [['2.3.0,d0.28', '6.6', None], [FAIL_OPENSSH67_UNSAFE], [WARN_CIPHER_MODE]],
'aes192-cbc': [['2.3.0', '6.6', None], [FAIL_OPENSSH67_UNSAFE], [WARN_CIPHER_MODE]],
'aes256-cbc': [['2.3.0,d0.47', '6.6', None], [FAIL_OPENSSH67_UNSAFE], [WARN_CIPHER_MODE]],
'rijndael128-cbc': [['2.3.0', '3.0.2'], [FAIL_OPENSSH31_REMOVE], [WARN_CIPHER_MODE]],
'rijndael192-cbc': [['2.3.0', '3.0.2'], [FAIL_OPENSSH31_REMOVE], [WARN_CIPHER_MODE]],
'rijndael256-cbc': [['2.3.0', '3.0.2'], [FAIL_OPENSSH31_REMOVE], [WARN_CIPHER_MODE]],
'rijndael-cbc@lysator.liu.se': [['2.3.0', '6.6', '7.1'], [FAIL_OPENSSH67_UNSAFE], [WARN_OPENSSH72_LEGACY, WARN_CIPHER_MODE]],
'aes128-ctr': [['3.7,d0.52']],
'aes192-ctr': [['3.7']],
'aes256-ctr': [['3.7,d0.52']],
'aes128-gcm@openssh.com': [['6.2']],
'aes256-gcm@openssh.com': [['6.2']],
'chacha20-poly1305@openssh.com': [['6.5'], [], [], [INFO_OPENSSH69_CHACHA]],
},
'mac': {
'none': [['d2013.56'], [FAIL_PLAINTEXT]],
'hmac-sha1': [['2.1.0,d0.28'], [], [WARN_ENCRYPT_AND_MAC, WARN_HASH_WEAK]],
'hmac-sha1-96': [['2.5.0,d0.47', '6.6', '7.1'], [FAIL_OPENSSH67_UNSAFE], [WARN_OPENSSH72_LEGACY, WARN_ENCRYPT_AND_MAC, WARN_HASH_WEAK]],
'hmac-sha2-256': [['5.9,d2013.56'], [], [WARN_ENCRYPT_AND_MAC]],
'hmac-sha2-256-96': [['5.9', '6.0'], [FAIL_OPENSSH61_REMOVE], [WARN_ENCRYPT_AND_MAC]],
'hmac-sha2-512': [['5.9,d2013.56'], [], [WARN_ENCRYPT_AND_MAC]],
'hmac-sha2-512-96': [['5.9', '6.0'], [FAIL_OPENSSH61_REMOVE], [WARN_ENCRYPT_AND_MAC]],
'hmac-md5': [['2.1.0,d0.28', '6.6', '7.1'], [FAIL_OPENSSH67_UNSAFE], [WARN_OPENSSH72_LEGACY, WARN_ENCRYPT_AND_MAC, WARN_HASH_WEAK]],
'hmac-md5-96': [['2.5.0', '6.6', '7.1'], [FAIL_OPENSSH67_UNSAFE], [WARN_OPENSSH72_LEGACY, WARN_ENCRYPT_AND_MAC, WARN_HASH_WEAK]],
'hmac-ripemd160': [['2.5.0', '6.6', '7.1'], [FAIL_OPENSSH67_UNSAFE], [WARN_OPENSSH72_LEGACY, WARN_ENCRYPT_AND_MAC]],
'hmac-ripemd160@openssh.com': [['2.1.0', '6.6', '7.1'], [FAIL_OPENSSH67_UNSAFE], [WARN_OPENSSH72_LEGACY, WARN_ENCRYPT_AND_MAC]],
'umac-64@openssh.com': [['4.7'], [], [WARN_ENCRYPT_AND_MAC, WARN_TAG_SIZE]],
'umac-128@openssh.com': [['6.2'], [], [WARN_ENCRYPT_AND_MAC]],
'hmac-sha1-etm@openssh.com': [['6.2'], [], [WARN_HASH_WEAK]],
'hmac-sha1-96-etm@openssh.com': [['6.2', '6.6', None], [FAIL_OPENSSH67_UNSAFE], [WARN_HASH_WEAK]],
'hmac-sha2-256-etm@openssh.com': [['6.2']],
'hmac-sha2-512-etm@openssh.com': [['6.2']],
'hmac-md5-etm@openssh.com': [['6.2', '6.6', '7.1'], [FAIL_OPENSSH67_UNSAFE], [WARN_OPENSSH72_LEGACY, WARN_HASH_WEAK]],
'hmac-md5-96-etm@openssh.com': [['6.2', '6.6', '7.1'], [FAIL_OPENSSH67_UNSAFE], [WARN_OPENSSH72_LEGACY, WARN_HASH_WEAK]],
'hmac-ripemd160-etm@openssh.com': [['6.2', '6.6', '7.1'], [FAIL_OPENSSH67_UNSAFE], [WARN_OPENSSH72_LEGACY]],
'umac-64-etm@openssh.com': [['6.2'], [], [WARN_TAG_SIZE]],
'umac-128-etm@openssh.com': [['6.2']],
}
}
def get_ssh_version(version_desc):
if version_desc.startswith('d'):
return (SSH.Product.DropbearSSH, version_desc[1:])
else:
return (SSH.Product.OpenSSH, version_desc)
def get_alg_timeframe(alg_desc, result={}):
versions = alg_desc[0]
vlen = len(versions)
for i in range(3):
if i > vlen - 1:
if i == 2 and vlen > 1:
cversions = versions[1]
else:
continue
else:
cversions = versions[i]
if cversions is None:
continue
for v in cversions.split(','):
ssh_prefix, ssh_version = get_ssh_version(v)
if ssh_prefix not in result:
result[ssh_prefix] = [None, None, None]
prev, push = result[ssh_prefix][i], False
if prev is None:
push = True
elif i == 0 and prev < ssh_version:
push = True
elif i > 0 and prev > ssh_version:
push = True
if push:
result[ssh_prefix][i] = ssh_version
return result
def get_ssh_timeframe(kex):
alg_timeframe = {}
algs = {'kex': kex.kex_algorithms,
'key': kex.key_algorithms,
'enc': kex.server.encryption,
'mac': kex.server.mac}
for alg_type, alg_list in algs.items():
for alg_name in alg_list:
2016-09-02 16:56:47 +02:00
alg_desc = KexDB.ALGORITHMS[alg_type].get(alg_name)
if alg_desc is None:
continue
alg_timeframe = get_alg_timeframe(alg_desc, alg_timeframe)
return alg_timeframe
2016-09-02 16:56:47 +02:00
def get_alg_since_text(alg_desc):
tv = []
versions = alg_desc[0]
for v in versions[0].split(','):
ssh_prefix, ssh_version = get_ssh_version(v)
tv.append('{0} {1}'.format(ssh_prefix, ssh_version))
return 'available since ' + ', '.join(tv).rstrip(', ')
2015-12-23 04:01:24 +01:00
def output_algorithms(title, alg_type, algorithms, maxlen=0):
with OutputBuffer() as obuf:
for algorithm in algorithms:
output_algorithm(alg_type, algorithm, maxlen)
if len(obuf) > 0:
out.head('# ' + title)
obuf.flush()
out.sep()
2015-12-23 04:01:24 +01:00
2016-08-11 17:47:27 +02:00
def output_algorithm(alg_type, alg_name, alg_max_len=0):
2015-12-23 04:01:24 +01:00
prefix = '(' + alg_type + ') '
if alg_max_len == 0:
alg_max_len = len(alg_name)
padding = '' if out.batch else ' ' * (alg_max_len - len(alg_name))
2015-12-23 04:01:24 +01:00
texts = []
2016-09-02 16:56:47 +02:00
if alg_name in KexDB.ALGORITHMS[alg_type]:
alg_desc = KexDB.ALGORITHMS[alg_type][alg_name]
2015-12-23 04:01:24 +01:00
ldesc = len(alg_desc)
for idx, level in enumerate(['fail', 'warn', 'info']):
if level == 'info':
texts.append((level, get_alg_since_text(alg_desc)))
2015-12-23 04:01:24 +01:00
idx = idx + 1
if ldesc > idx:
for t in alg_desc[idx]:
2015-12-23 04:01:24 +01:00
texts.append((level, t))
if len(texts) == 0:
texts.append(('info', ''))
else:
texts.append(('warn', 'unknown algorithm'))
first = True
for (level, text) in texts:
f = getattr(out, level)
text = '[' + level + '] ' + text
if first:
if first and level == 'info':
f = out.good
f(prefix + alg_name + padding + ' -- ' + text)
2015-12-23 04:01:24 +01:00
first = False
else:
if out.verbose:
f(prefix + alg_name + padding + ' -- ' + text)
else:
f(' ' * len(prefix + alg_name) + padding + ' `- ' + text)
def output_compatibility(kex, client=False):
ssh_timeframe = get_ssh_timeframe(kex)
cp = 2 if client else 1
comp_text = []
for sshd_name in [SSH.Product.OpenSSH, SSH.Product.DropbearSSH]:
if sshd_name not in ssh_timeframe:
continue
v = ssh_timeframe[sshd_name]
if v[cp] is None:
comp_text.append('{0} {1}+'.format(sshd_name, v[0]))
elif v[0] == v[1]:
comp_text.append('{0} {1}'.format(sshd_name, v[0]))
else:
if v[1] < v[0]:
tfmt = '{0} {1}+ (some functionality from {2})'
else:
tfmt = '{0} {1}-{2}'
comp_text.append(tfmt.format(sshd_name, v[0], v[1]))
if len(comp_text) > 0:
out.good('(gen) compatibility: ' + ', '.join(comp_text))
def output_security_cve(software, padlen):
if software is None or software.product not in SSH.Security.CVE:
return
for line in SSH.Security.CVE[software.product]:
vfrom, vtill = line[0:2]
if not software.version_between(vfrom, vtill):
continue
cve, cvss, descr = line[2:5]
padding = '' if out.batch else ' ' * (padlen - len(cve))
out.fail('(cve) {0}{1} -- ({2}) {3}'.format(cve, padding, cvss, descr))
def output_security(banner, padlen):
with OutputBuffer() as obuf:
software = SSH.Software.parse(banner)
output_security_cve(software, padlen)
if len(obuf) > 0:
out.head('# security')
obuf.flush()
out.sep()
def output(banner, header, kex):
with OutputBuffer() as obuf:
if len(header) > 0:
out.info('(gen) header: ' + '\n'.join(header))
if banner is not None:
out.good('(gen) banner: {0}'.format(banner))
if banner.protocol[0] == 1:
out.fail('(gen) protocol SSH1 enabled')
software = SSH.Software.parse(banner)
if software is not None:
out.good('(gen) software: {0}'.format(software))
if kex is not None:
output_compatibility(kex)
compressions = [x for x in kex.server.compression if x != 'none']
if len(compressions) > 0:
cmptxt = 'enabled ({0})'.format(', '.join(compressions))
else:
cmptxt = 'disabled'
2016-09-08 17:52:38 +02:00
out.good('(gen) compression: {0}'.format(cmptxt))
if len(obuf) > 0:
out.head('# general')
obuf.flush()
out.sep()
if kex is not None:
ml = lambda l: max(len(i) for i in l)
maxlen = max(ml(kex.kex_algorithms),
ml(kex.key_algorithms),
ml(kex.server.encryption),
ml(kex.server.mac))
else:
maxlen = 0
output_security(banner, maxlen)
2016-08-11 17:45:14 +02:00
if kex is None:
return
title, alg_type = 'key exchange algorithms', 'kex'
output_algorithms(title, alg_type, kex.kex_algorithms, maxlen)
title, alg_type = 'host-key algorithms', 'key'
output_algorithms(title, alg_type, kex.key_algorithms, maxlen)
title, alg_type = 'encryption algorithms (ciphers)', 'enc'
output_algorithms(title, alg_type, kex.server.encryption, maxlen)
title, alg_type = 'message authentication code algorithms', 'mac'
output_algorithms(title, alg_type, kex.server.mac, maxlen)
2015-12-23 04:01:24 +01:00
def parse_int(v):
try:
return int(v)
except:
return 0
2015-12-23 04:01:24 +01:00
def parse_args():
host, port = None, 22
try:
sopts = 'hbnvl:'
lopts = ['help', 'batch', 'no-colors', 'verbose', 'level=']
opts, args = getopt.getopt(sys.argv[1:], sopts, lopts)
except getopt.GetoptError as err:
usage(str(err))
for o, a in opts:
2016-09-02 15:31:16 +02:00
if o in ('-h', '--help'):
usage()
elif o in ('-b', '--batch'):
out.batch = True
2016-09-02 15:32:32 +02:00
out.verbose = True
elif o in ('-n', '--no-colors'):
out.colors = False
elif o in ('-v', '--verbose'):
out.verbose = True
2016-09-02 15:31:16 +02:00
elif o in ('-l', '--level'):
if a not in ('info', 'warn', 'fail'):
usage('level ' + a + ' is not valid')
out.minlevel = a
if len(args) == 0:
2015-12-23 04:01:24 +01:00
usage()
s = args[0].split(':')
host = s[0].strip()
if len(s) > 1:
port = parse_int(s[1])
if not host or port <= 0:
usage('port {0} is not valid'.format(port))
2015-12-23 04:01:24 +01:00
return host, port
2015-12-23 04:01:24 +01:00
def main():
host, port = parse_args()
s = SSH.Socket(host, port)
err = None
banner, header = s.get_banner()
if banner is None:
err = '[exception] did not receive banner.'
if err is None:
packet_type, payload = s.read_packet()
if packet_type < 0:
err = '[exception] error reading packet ({0})'.format(payload)
elif packet_type != SSH.Protocol.MSG_KEXINIT:
err = '[exception] did not receive MSG_KEXINIT (20), ' + \
'instead received unknown message ({0})'.format(packet_type)
if err:
output(banner, header, None)
out.fail(err)
2015-12-23 04:01:24 +01:00
sys.exit(1)
kex = Kex.parse(payload)
output(banner, header, kex)
2015-12-23 04:01:24 +01:00
2015-12-23 04:01:24 +01:00
if __name__ == '__main__':
out = Output()
main()