mirror of
https://github.com/jtesta/ssh-audit.git
synced 2025-10-31 17:41:02 +01:00
Updated README.
This commit is contained in:
Joe Testa
15
README.md
15
README.md
@@ -5,10 +5,11 @@
|
|||||||
[](https://codecov.io/gh/arthepsy/ssh-audit)
|
[](https://codecov.io/gh/arthepsy/ssh-audit)
|
||||||
[](https://sq.evolutiongaming.com/dashboard?id=arthepsy-github%3Assh-audit%3Adevelop)
|
[](https://sq.evolutiongaming.com/dashboard?id=arthepsy-github%3Assh-audit%3Adevelop)
|
||||||
-->
|
-->
|
||||||
**ssh-audit** is a tool for ssh server & client auditing.
|
**ssh-audit** is a tool for ssh server & client configuration auditing.
|
||||||
|
|
||||||
## Features
|
## Features
|
||||||
- SSH1 and SSH2 protocol server support;
|
- SSH1 and SSH2 protocol server support;
|
||||||
|
- analyze SSH client configuration;
|
||||||
- grab banner, recognize device or software and operating system, detect compression;
|
- grab banner, recognize device or software and operating system, detect compression;
|
||||||
- gather key-exchange, host-key, encryption and message authentication code algorithms;
|
- gather key-exchange, host-key, encryption and message authentication code algorithms;
|
||||||
- output algorithm information (available since, removed/disabled, unsafe/weak/legacy, etc);
|
- output algorithm information (available since, removed/disabled, unsafe/weak/legacy, etc);
|
||||||
@@ -17,11 +18,10 @@
|
|||||||
- analyze SSH version compatibility based on algorithm information;
|
- analyze SSH version compatibility based on algorithm information;
|
||||||
- historical information from OpenSSH, Dropbear SSH and libssh;
|
- historical information from OpenSSH, Dropbear SSH and libssh;
|
||||||
- no dependencies
|
- no dependencies
|
||||||
- analyze SSH client configuration;
|
|
||||||
|
|
||||||
## Usage
|
## Usage
|
||||||
```
|
```
|
||||||
usage: ssh-audit.py [-1246pbnvlt] <host>
|
usage: ssh-audit.py [-1246pbcnvlt] <host>
|
||||||
|
|
||||||
-1, --ssh1 force ssh version 1 only
|
-1, --ssh1 force ssh version 1 only
|
||||||
-2, --ssh2 force ssh version 2 only
|
-2, --ssh2 force ssh version 2 only
|
||||||
@@ -41,14 +41,17 @@ usage: ssh-audit.py [-1246pbnvlt] <host>
|
|||||||
* batch flag `-b` will output sections without header and without empty lines (implies verbose flag).
|
* batch flag `-b` will output sections without header and without empty lines (implies verbose flag).
|
||||||
* verbose flag `-v` will prefix each line with section type and algorithm name.
|
* verbose flag `-v` will prefix each line with section type and algorithm name.
|
||||||
|
|
||||||
### Example
|
### Server Audit Example
|
||||||
|
|
||||||
|
|
||||||
|
### Client Audit Example
|
||||||
|
TODO
|
||||||
|
|
||||||
## ChangeLog
|
## ChangeLog
|
||||||
### v2.1.0 (???)
|
### v2.1.0 (???)
|
||||||
- Added client software auditing functionality (see -c / --client-audit option).
|
- Added client software auditing functionality (see `-c` / `--client-audit` option).
|
||||||
- Fixed crash while scanning Solaris Sun_SSH.
|
- Fixed crash while scanning Solaris Sun_SSH.
|
||||||
- Added 5 new key exchanges: `gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==`, `diffie-hellman-group15-sha256`, `ecdh-sha2-1.3.132.0.10`, `curve448-sha512`.
|
- Added 4 new key exchanges: `gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==`, `diffie-hellman-group15-sha256`, `ecdh-sha2-1.3.132.0.10`, `curve448-sha512`.
|
||||||
- Added 1 new host key type: `ecdsa-sha2-1.3.132.0.10`.
|
- Added 1 new host key type: `ecdsa-sha2-1.3.132.0.10`.
|
||||||
- Added 2 new MACs: `hmac-sha2-256-96-etm@openssh.com`, `hmac-sha2-512-96-etm@openssh.com`.
|
- Added 2 new MACs: `hmac-sha2-256-96-etm@openssh.com`, `hmac-sha2-512-96-etm@openssh.com`.
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user