mirror of
https://github.com/jtesta/ssh-audit.git
synced 2024-12-22 22:15:22 +01:00
Converted tab indents to spaces.
This commit is contained in:
parent
246a41d46f
commit
22ac41bfb8
89
ssh-audit.py
89
ssh-audit.py
@ -44,9 +44,6 @@ import sys
|
|||||||
VERSION = 'v2.2.1-dev'
|
VERSION = 'v2.2.1-dev'
|
||||||
SSH_HEADER = 'SSH-{0}-OpenSSH_8.0' # SSH software to impersonate
|
SSH_HEADER = 'SSH-{0}-OpenSSH_8.0' # SSH software to impersonate
|
||||||
|
|
||||||
if sys.version_info.major < 3:
|
|
||||||
print("\n!!!! NOTE: Python 2 is being considered for deprecation. If you have a good reason to need continued Python 2 support, please e-mail jtesta@positronsecurity.com with your rationale.\n\n")
|
|
||||||
|
|
||||||
if sys.version_info >= (3,): # pragma: nocover
|
if sys.version_info >= (3,): # pragma: nocover
|
||||||
StringIO, BytesIO = io.StringIO, io.BytesIO
|
StringIO, BytesIO = io.StringIO, io.BytesIO
|
||||||
text_type = str
|
text_type = str
|
||||||
@ -429,7 +426,6 @@ class SSH2(object): # pylint: disable=too-few-public-methods
|
|||||||
'rsa-sha2-256-cert-v01@openssh.com': [['7.8']],
|
'rsa-sha2-256-cert-v01@openssh.com': [['7.8']],
|
||||||
'rsa-sha2-512-cert-v01@openssh.com': [['7.8']],
|
'rsa-sha2-512-cert-v01@openssh.com': [['7.8']],
|
||||||
'ssh-rsa-sha256@ssh.com': [[]],
|
'ssh-rsa-sha256@ssh.com': [[]],
|
||||||
'ecdsa-sha2-1.3.132.0.10': [[], [], [WARN_RNDSIG_KEY]], # ECDSA over secp256k1 (i.e.: the Bitcoin curve)
|
|
||||||
'sk-ecdsa-sha2-nistp256-cert-v01@openssh.com': [['8.2'], [WARN_CURVES_WEAK], [WARN_RNDSIG_KEY]],
|
'sk-ecdsa-sha2-nistp256-cert-v01@openssh.com': [['8.2'], [WARN_CURVES_WEAK], [WARN_RNDSIG_KEY]],
|
||||||
'sk-ecdsa-sha2-nistp256@openssh.com': [['8.2'], [WARN_CURVES_WEAK], [WARN_RNDSIG_KEY]],
|
'sk-ecdsa-sha2-nistp256@openssh.com': [['8.2'], [WARN_CURVES_WEAK], [WARN_RNDSIG_KEY]],
|
||||||
'sk-ssh-ed25519-cert-v01@openssh.com': [['8.2']],
|
'sk-ssh-ed25519-cert-v01@openssh.com': [['8.2']],
|
||||||
@ -1646,18 +1642,14 @@ class SSH(object): # pylint: disable=too-few-public-methods
|
|||||||
for_srv, for_cli = pos < 2, pos > 1
|
for_srv, for_cli = pos < 2, pos > 1
|
||||||
for v in (versions or '').split(','):
|
for v in (versions or '').split(','):
|
||||||
ssh_prod, ssh_ver, is_cli = SSH.Algorithm.get_ssh_version(v)
|
ssh_prod, ssh_ver, is_cli = SSH.Algorithm.get_ssh_version(v)
|
||||||
if (not ssh_ver or
|
if (not ssh_ver or (is_cli and for_srv) or (not is_cli and for_cli and ssh_prod in ssh_versions)):
|
||||||
(is_cli and for_srv) or
|
|
||||||
(not is_cli and for_cli and ssh_prod in ssh_versions)):
|
|
||||||
continue
|
continue
|
||||||
ssh_versions[ssh_prod] = ssh_ver
|
ssh_versions[ssh_prod] = ssh_ver
|
||||||
for ssh_product, ssh_version in ssh_versions.items():
|
for ssh_product, ssh_version in ssh_versions.items():
|
||||||
if ssh_product not in self.__storage:
|
if ssh_product not in self.__storage:
|
||||||
self.__storage[ssh_product] = [None] * 4
|
self.__storage[ssh_product] = [None] * 4
|
||||||
prev = self[ssh_product][pos]
|
prev = self[ssh_product][pos]
|
||||||
if (prev is None or
|
if (prev is None or (prev < ssh_version and pos % 2 == 0) or (prev > ssh_version and pos % 2 == 1)):
|
||||||
(prev < ssh_version and pos % 2 == 0) or
|
|
||||||
(prev > ssh_version and pos % 2 == 1)):
|
|
||||||
self.__storage[ssh_product][pos] = ssh_version
|
self.__storage[ssh_product][pos] = ssh_version
|
||||||
|
|
||||||
def update(self, versions, for_server=None):
|
def update(self, versions, for_server=None):
|
||||||
@ -2330,7 +2322,7 @@ class SSH(object): # pylint: disable=too-few-public-methods
|
|||||||
if s is not None:
|
if s is not None:
|
||||||
s.shutdown(socket.SHUT_RDWR)
|
s.shutdown(socket.SHUT_RDWR)
|
||||||
s.close() # pragma: nocover
|
s.close() # pragma: nocover
|
||||||
except: # pylint: disable=bare-except
|
except Exception: # pylint: disable=bare-except
|
||||||
pass
|
pass
|
||||||
|
|
||||||
def __del__(self):
|
def __del__(self):
|
||||||
@ -2534,11 +2526,7 @@ class KexGroup1(KexDH): # pragma: nocover
|
|||||||
def __init__(self):
|
def __init__(self):
|
||||||
# type: () -> None
|
# type: () -> None
|
||||||
# rfc2409: second oakley group
|
# rfc2409: second oakley group
|
||||||
p = int('ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67'
|
p = int('ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece65381ffffffffffffffff', 16)
|
||||||
'cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6d'
|
|
||||||
'f25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff'
|
|
||||||
'5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece65381'
|
|
||||||
'ffffffffffffffff', 16)
|
|
||||||
super(KexGroup1, self).__init__('KexGroup1', 'sha1', 2, p)
|
super(KexGroup1, self).__init__('KexGroup1', 'sha1', 2, p)
|
||||||
|
|
||||||
|
|
||||||
@ -2546,15 +2534,7 @@ class KexGroup14(KexDH): # pragma: nocover
|
|||||||
def __init__(self, hash_alg):
|
def __init__(self, hash_alg):
|
||||||
# type: () -> None
|
# type: () -> None
|
||||||
# rfc3526: 2048-bit modp group
|
# rfc3526: 2048-bit modp group
|
||||||
p = int('ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67'
|
p = int('ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa051015728e5a8aacaa68ffffffffffffffff', 16)
|
||||||
'cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6d'
|
|
||||||
'f25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff'
|
|
||||||
'5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3d'
|
|
||||||
'c2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3'
|
|
||||||
'ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08'
|
|
||||||
'ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c5'
|
|
||||||
'5df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa0510'
|
|
||||||
'15728e5a8aacaa68ffffffffffffffff', 16)
|
|
||||||
super(KexGroup14, self).__init__('KexGroup14', hash_alg, 2, p)
|
super(KexGroup14, self).__init__('KexGroup14', hash_alg, 2, p)
|
||||||
|
|
||||||
|
|
||||||
@ -2571,65 +2551,14 @@ class KexGroup14_SHA256(KexGroup14):
|
|||||||
class KexGroup16_SHA512(KexDH):
|
class KexGroup16_SHA512(KexDH):
|
||||||
def __init__(self):
|
def __init__(self):
|
||||||
# rfc3526: 4096-bit modp group
|
# rfc3526: 4096-bit modp group
|
||||||
p = int('ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67'
|
p = int('ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa051015728e5a8aaac42dad33170d04507a33a85521abdf1cba64ecfb850458dbef0a8aea71575d060c7db3970f85a6e1e4c7abf5ae8cdb0933d71e8c94e04a25619dcee3d2261ad2ee6bf12ffa06d98a0864d87602733ec86a64521f2b18177b200cbbe117577a615d6c770988c0bad946e208e24fa074e5ab3143db5bfce0fd108e4b82d120a92108011a723c12a787e6d788719a10bdba5b2699c327186af4e23c1a946834b6150bda2583e9ca2ad44ce8dbbbc2db04de8ef92e8efc141fbecaa6287c59474e6bc05d99b2964fa090c3a2233ba186515be7ed1f612970cee2d7afb81bdd762170481cd0069127d5b05aa993b4ea988d8fddc186ffb7dc90a6c08f4df435c934063199ffffffffffffffff', 16)
|
||||||
'cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6d'
|
|
||||||
'f25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff'
|
|
||||||
'5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3d'
|
|
||||||
'c2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3'
|
|
||||||
'ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08'
|
|
||||||
'ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c5'
|
|
||||||
'5df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa0510'
|
|
||||||
'15728e5a8aaac42dad33170d04507a33a85521abdf1cba64ecfb850458db'
|
|
||||||
'ef0a8aea71575d060c7db3970f85a6e1e4c7abf5ae8cdb0933d71e8c94e0'
|
|
||||||
'4a25619dcee3d2261ad2ee6bf12ffa06d98a0864d87602733ec86a64521f'
|
|
||||||
'2b18177b200cbbe117577a615d6c770988c0bad946e208e24fa074e5ab31'
|
|
||||||
'43db5bfce0fd108e4b82d120a92108011a723c12a787e6d788719a10bdba'
|
|
||||||
'5b2699c327186af4e23c1a946834b6150bda2583e9ca2ad44ce8dbbbc2db'
|
|
||||||
'04de8ef92e8efc141fbecaa6287c59474e6bc05d99b2964fa090c3a2233b'
|
|
||||||
'a186515be7ed1f612970cee2d7afb81bdd762170481cd0069127d5b05aa9'
|
|
||||||
'93b4ea988d8fddc186ffb7dc90a6c08f4df435c934063199ffffffffffff'
|
|
||||||
'ffff', 16)
|
|
||||||
super(KexGroup16_SHA512, self).__init__('KexGroup16_SHA512', 'sha512', 2, p)
|
super(KexGroup16_SHA512, self).__init__('KexGroup16_SHA512', 'sha512', 2, p)
|
||||||
|
|
||||||
|
|
||||||
class KexGroup18_SHA512(KexDH):
|
class KexGroup18_SHA512(KexDH):
|
||||||
def __init__(self):
|
def __init__(self):
|
||||||
# rfc3526: 8192-bit modp group
|
# rfc3526: 8192-bit modp group
|
||||||
p = int('ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67'
|
p = int('ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa051015728e5a8aaac42dad33170d04507a33a85521abdf1cba64ecfb850458dbef0a8aea71575d060c7db3970f85a6e1e4c7abf5ae8cdb0933d71e8c94e04a25619dcee3d2261ad2ee6bf12ffa06d98a0864d87602733ec86a64521f2b18177b200cbbe117577a615d6c770988c0bad946e208e24fa074e5ab3143db5bfce0fd108e4b82d120a92108011a723c12a787e6d788719a10bdba5b2699c327186af4e23c1a946834b6150bda2583e9ca2ad44ce8dbbbc2db04de8ef92e8efc141fbecaa6287c59474e6bc05d99b2964fa090c3a2233ba186515be7ed1f612970cee2d7afb81bdd762170481cd0069127d5b05aa993b4ea988d8fddc186ffb7dc90a6c08f4df435c93402849236c3fab4d27c7026c1d4dcb2602646dec9751e763dba37bdf8ff9406ad9e530ee5db382f413001aeb06a53ed9027d831179727b0865a8918da3edbebcf9b14ed44ce6cbaced4bb1bdb7f1447e6cc254b332051512bd7af426fb8f401378cd2bf5983ca01c64b92ecf032ea15d1721d03f482d7ce6e74fef6d55e702f46980c82b5a84031900b1c9e59e7c97fbec7e8f323a97a7e36cc88be0f1d45b7ff585ac54bd407b22b4154aacc8f6d7ebf48e1d814cc5ed20f8037e0a79715eef29be32806a1d58bb7c5da76f550aa3d8a1fbff0eb19ccb1a313d55cda56c9ec2ef29632387fe8d76e3c0468043e8f663f4860ee12bf2d5b0b7474d6e694f91e6dbe115974a3926f12fee5e438777cb6a932df8cd8bec4d073b931ba3bc832b68d9dd300741fa7bf8afc47ed2576f6936ba424663aab639c5ae4f5683423b4742bf1c978238f16cbe39d652de3fdb8befc848ad922222e04a4037c0713eb57a81a23f0c73473fc646cea306b4bcbc8862f8385ddfa9d4b7fa2c087e879683303ed5bdd3a062b3cf5b3a278a66d2a13f83f44f82ddf310ee074ab6a364597e899a0255dc164f31cc50846851df9ab48195ded7ea1b1d510bd7ee74d73faf36bc31ecfa268359046f4eb879f924009438b481c6cd7889a002ed5ee382bc9190da6fc026e479558e4475677e9aa9e3050e2765694dfc81f56e880b96e7160c980dd98edd3dfffffffffffffffff', 16)
|
||||||
'cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6d'
|
|
||||||
'f25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff'
|
|
||||||
'5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3d'
|
|
||||||
'c2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3'
|
|
||||||
'ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08'
|
|
||||||
'ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c5'
|
|
||||||
'5df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa0510'
|
|
||||||
'15728e5a8aaac42dad33170d04507a33a85521abdf1cba64ecfb850458db'
|
|
||||||
'ef0a8aea71575d060c7db3970f85a6e1e4c7abf5ae8cdb0933d71e8c94e0'
|
|
||||||
'4a25619dcee3d2261ad2ee6bf12ffa06d98a0864d87602733ec86a64521f'
|
|
||||||
'2b18177b200cbbe117577a615d6c770988c0bad946e208e24fa074e5ab31'
|
|
||||||
'43db5bfce0fd108e4b82d120a92108011a723c12a787e6d788719a10bdba'
|
|
||||||
'5b2699c327186af4e23c1a946834b6150bda2583e9ca2ad44ce8dbbbc2db'
|
|
||||||
'04de8ef92e8efc141fbecaa6287c59474e6bc05d99b2964fa090c3a2233b'
|
|
||||||
'a186515be7ed1f612970cee2d7afb81bdd762170481cd0069127d5b05aa9'
|
|
||||||
'93b4ea988d8fddc186ffb7dc90a6c08f4df435c93402849236c3fab4d27c'
|
|
||||||
'7026c1d4dcb2602646dec9751e763dba37bdf8ff9406ad9e530ee5db382f'
|
|
||||||
'413001aeb06a53ed9027d831179727b0865a8918da3edbebcf9b14ed44ce'
|
|
||||||
'6cbaced4bb1bdb7f1447e6cc254b332051512bd7af426fb8f401378cd2bf'
|
|
||||||
'5983ca01c64b92ecf032ea15d1721d03f482d7ce6e74fef6d55e702f4698'
|
|
||||||
'0c82b5a84031900b1c9e59e7c97fbec7e8f323a97a7e36cc88be0f1d45b7'
|
|
||||||
'ff585ac54bd407b22b4154aacc8f6d7ebf48e1d814cc5ed20f8037e0a797'
|
|
||||||
'15eef29be32806a1d58bb7c5da76f550aa3d8a1fbff0eb19ccb1a313d55c'
|
|
||||||
'da56c9ec2ef29632387fe8d76e3c0468043e8f663f4860ee12bf2d5b0b74'
|
|
||||||
'74d6e694f91e6dbe115974a3926f12fee5e438777cb6a932df8cd8bec4d0'
|
|
||||||
'73b931ba3bc832b68d9dd300741fa7bf8afc47ed2576f6936ba424663aab'
|
|
||||||
'639c5ae4f5683423b4742bf1c978238f16cbe39d652de3fdb8befc848ad9'
|
|
||||||
'22222e04a4037c0713eb57a81a23f0c73473fc646cea306b4bcbc8862f83'
|
|
||||||
'85ddfa9d4b7fa2c087e879683303ed5bdd3a062b3cf5b3a278a66d2a13f8'
|
|
||||||
'3f44f82ddf310ee074ab6a364597e899a0255dc164f31cc50846851df9ab'
|
|
||||||
'48195ded7ea1b1d510bd7ee74d73faf36bc31ecfa268359046f4eb879f92'
|
|
||||||
'4009438b481c6cd7889a002ed5ee382bc9190da6fc026e479558e4475677'
|
|
||||||
'e9aa9e3050e2765694dfc81f56e880b96e7160c980dd98edd3dfffffffff'
|
|
||||||
'ffffffff', 16)
|
|
||||||
super(KexGroup18_SHA512, self).__init__('KexGroup18_SHA512', 'sha512', 2, p)
|
super(KexGroup18_SHA512, self).__init__('KexGroup18_SHA512', 'sha512', 2, p)
|
||||||
|
|
||||||
|
|
||||||
@ -3197,7 +3126,7 @@ class Utils(object):
|
|||||||
# type: (Any) -> int
|
# type: (Any) -> int
|
||||||
try:
|
try:
|
||||||
return int(v)
|
return int(v)
|
||||||
except: # pylint: disable=bare-except
|
except Exception: # pylint: disable=bare-except
|
||||||
return 0
|
return 0
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
@ -3205,7 +3134,7 @@ class Utils(object):
|
|||||||
# type: (Any) -> float
|
# type: (Any) -> float
|
||||||
try:
|
try:
|
||||||
return float(v)
|
return float(v)
|
||||||
except: # pylint: disable=bare-except
|
except Exception: # pylint: disable=bare-except
|
||||||
return -1.0
|
return -1.0
|
||||||
|
|
||||||
|
|
||||||
|
8
tox.ini
8
tox.ini
@ -137,13 +137,5 @@ max-module-lines = 2500
|
|||||||
|
|
||||||
[flake8]
|
[flake8]
|
||||||
ignore =
|
ignore =
|
||||||
W191, # indentation contains tabs
|
|
||||||
E101, # indentation contains mixed spaces and tabs
|
|
||||||
E241, # multiple spaces after operator; should be kept for tabular data
|
E241, # multiple spaces after operator; should be kept for tabular data
|
||||||
E501, # line too long
|
E501, # line too long
|
||||||
E117, # over-indented
|
|
||||||
E126, # continuation line over-indented for hanging indent
|
|
||||||
E128, # continuation line under-indented for visual indent
|
|
||||||
E722, # do not use bare 'except'
|
|
||||||
F601, # dictionary key 'ecdsa-sha2-1.3.132.0.10' repeated with different values
|
|
||||||
W504, # line break after binary operator; this (or W503) has to stay
|
|
||||||
|
Loading…
Reference in New Issue
Block a user