From 3421c8e2948e6347dcb6006ed75ad96e728e3ab0 Mon Sep 17 00:00:00 2001
From: Andris Raugulis <moo@arthepsy.eu>
Date: Sat, 17 Sep 2016 20:37:03 +0300
Subject: [PATCH] Output fingerprint (defaults to SHA256 format).

---
 ssh-audit.py | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/ssh-audit.py b/ssh-audit.py
index 82cec9a..306eb61 100755
--- a/ssh-audit.py
+++ b/ssh-audit.py
@@ -1233,6 +1233,25 @@ def output_security(banner, padlen):
 		out.sep()
 
 
+def output_fingerprint(kex, pkm, sha256=True, padlen=0):
+	with OutputBuffer() as obuf:
+		fps = []
+		if pkm is not None:
+			name = 'ssh-rsa1'
+			fp = SSH.Fingerprint(pkm.host_key_fingerprint_data)
+			bits = pkm.host_key_bits
+			fps.append((name, fp, bits))
+		for fpp in fps:
+			name, fp, bits = fpp
+			fp = fp.sha256 if sha256 else fp.md5
+			p = '' if out.batch else ' ' * (padlen - len(name))
+			out.good('(fin) {0}{1} -- {2} {3}'.format(name, p, bits, fp))
+	if len(obuf) > 0:
+		out.head('# fingerprints')
+		obuf.flush()
+		out.sep()
+
+
 def output(banner, header, kex=None, pkm=None):
 	sshv = 1 if pkm else 2
 	with OutputBuffer() as obuf:
@@ -1289,6 +1308,7 @@ def output(banner, header, kex=None, pkm=None):
 		output_algorithms(title, adb, atype, kex.server.encryption, maxlen)
 		title, atype = 'message authentication code algorithms', 'mac'
 		output_algorithms(title, adb, atype, kex.server.mac, maxlen)
+	output_fingerprint(kex, pkm, True, maxlen)
 
 
 def parse_int(v):